Lecture Notes in

Computer Science
Edited by G. Goos and J. Hartmanis
92
I I I I
Robin Milner
A Calculus of
Communicating Systems
Springer-Verlag
Berlin Heidelberg New York 1980
Editorial Board
W. Brauer P. Brinch Hansen D. Gries C. Moler G. SeegmiJIler
J..q;toer N. Wirth
Author
Robin Milner
University of Edinburgh
Dept. of Computer Science
James Clerk Maxwell Building
The King's Buildings
Mayfield Road
Edinburgh EH9 3JZ
Great Britain
AMS Subject Classifications (1979): 68-02
CR Subject Classifications (1974): 4.30, 5.20, 5.22, 5.24
ISBN 3-540-10235-3 Springer-Verlag Berlin Heidelberg New York
ISBN 0-38?-10235-3 Springer-Verlag NewYork Heidelberg Berlin
Library of Congress Cat al ogi ng in Publ i cati on Data. Milner, Robin. A cal cul us of
communi cat i ng systems. (Lecture notes in comput er sci ence; 92) Bi bl i ography: p.
Includes index, t. Machi ne theory. 2. Formal languages. I. Title. 11. Series.
CIA26?.M53. 511.3 80-21068
Thi s wor k i s subj ect t o copyri ght. Al l ri ghts are reserved, whet her t he whol e or part
of t he material i s concerned, speci f i cal l y t hose of transl ati on, reprinting, re-use of
illustrations, broadcasti ng, reproduct i on by phot ocopyi ng machi ne or si mi l ar means,
and st orage i n dat a banks. Under 54 of t he German Copyr i ght Law wher e copi es
are made f or ot her t han pri vate use, a f ee i s payabl e t o t he publ i sher, t he amount of
t he f ee t o be det ermi ned by agreement wi t h t he publisher.
by Spri nger-Verl ag Berl i n Hei del berg 1980
Pri nted in Germany
Printing and bi ndi ng: Bel tz Offsetdruck, Hemsbach/Bergstr.
9145/ 3140-543210
work was mainly done during m y six-month appo_ i n - - t , frcm
~ t 1979 to January 1980, at the Ommouter Science deoalb~ent in
Aarhus University, ~ k . Although much of the ground work had been
done previously it was mainly in response to their encouragement (to
make the theory more accessible and related to practice), and to their
informed criticism, that the material reached a scmewhat coherent form.
I an deeply grateful to them and their students for allowing me to
lecture once a week on what was, at first, a loosely connected set of
ideas, and for the welccming enviromnent in which I was able to put
the ideas in order. I also thank Edinburgh University for awarding me
five months sabbatical leave subsequently, which helped me to cc~plete
the task in a reasonable time.
The calculus presented here 9~ew out of work which was inspired
by Dana Scott's theory of computation, though it has since diverged
in some respects. At every stage I have been influenced b y Gordon
Plotkin; even where I cannot trace particular ideas to him I have
been greatly illtmlinated b y our discussions and b y his chance remarks,
and without them the outccme would certainly be less than it is. I
would also like to thank others with whom I have worked: George Milne,
with whom I worked out the Laws of Flow Algebra; Matthew Hennessy, with
whcm the notion of observation equivalence developed; and Tony Hoare,
whose parallel work cn different but strongly related ideas, expressed
in his "Ccamtmicating Sequential Processes", has been a strong stimulus.
Many people have given detailed and helpful criticisms of the manu-
script, and thus improved its final form. In particular I thank Michael
Gordon and David MacQueem, who went through it all in detail in a Seminar
at the Information Sciences Institute, University of California; this
not only exposed same mistakes and obscurities but gave m e more csnfidence
in the parts they didn't criticise.
Finally, I am very thank~=ul to Dorothy McKie and Gina Temple for
their patience and skill in the long and involved task of typing.
O.
!.
2 .
3.
I n t r o d u c t i o n
P u r p o s e - C h a r a c t e r - R e l a t e d ~ r k - E v o l u t i o n - O u t l i n e .
E m p e r i m e n t i n 9 o n N o n d e t e r m i n i s t i c M a c h i n e s
T r a d i t i o n a l e q u i v a l e n c e o f f i n i t e s t a t e a c c e p t o r s - E x p e r ~ t i n g
u p o n a c c e p t o r s - B e h a v i o u r as a t r e e - A l g e b r a o f R S T s -
U n o b s e r v a b l e a c t i c n s .
S [ n c h r o n i z a t i c n
M u t u a l e x p e r i m e n t a t i o n - C o m p o s i t i o n , r e s t r i c t i o n a n d r e l a b e l l i n g -
E x t e n d i n g t h e A l g e b r a o f S T s - A s i n p l e ~ l e : b i n a r y s e m a p h o r e s -
T h e S T E x p a n s i o n T h e o r e m .
A c a s e s t u d y i n s y n c h r o n i z a t i c n a n d p r o o f t e ~ i q u e s
A s c h e d u l i n g p r o b l e m - B u i l d i n g t h e s c h e d u l e r as a P e t r i N e t -
O b s e r v a t i o n e q u i v a l e n c e - P r o v i n g t h e s c h e d u l e r .
4. C a s e s t u d i e s i n value-cc~6~1~dnication
5.
6.
7.
R e v i e w - P a s s i n g v a l u e s - A n exanple:
A n example: Z e r o s e a r c h i n g .
D a t a F l o w - D e r i v a t i o n s -
S y n t a x a n d S e m a n t i c s o f C C S
I n t r o d u c t i o n - S y n t a x - S e m a n t i c s b y d e r i v a t i o n s - D e f i n i n g b e h a v i o u r
i d e n t i f i e r s - S o r t s a n d p r o g r a m s - D i r e c t e q u i v a l e n c e o f b e h a v i o u r
p r o g r a m s - C o n g r u e n c e o f b e h a v i o u r p r o g r a m s - C o n g r u e n c e o f b e h a v i o u r
e x p r e s s i o n s a n d t h e E x p a n s i o n ~ n e o r e m .
C u , , ~ ! ~ c a t i o n T r e e s (CTs) as a m o d e l o f C C S
C T s a n d t h e d y n a m i c o p e r a t i c n s - C'fs a n d t h e s t a t i c o p e r a t i o n s -
C T s d e f i n e d b y r e c u r s i o n - A ~ c a c t i o n s a n d d e r i v a t i o n s o f C T s -
S t r o n g e q u i v a l e n c e o f C T s - E q u a l i t y i n t h e C T m o d e l - S ~ .
C b ~ t i c n ~ _ i i v a l e n c e a n d its p r o p e r t i e s
R e v i e w - O b s e r v a t i o n equi%ralence i n C C S - O b s e r v a t i o n o o n g r u e n c e -
L a w s o f o b s e r v a t i o n c o n g r u e n c e - P r o o f t e d % n i q u e s - P r o o f o f T h e o r ~ n
7.7 - F u r t h e r e x e r c i s e s .
1 9
3 3
4 7
6 5
8 4
9 8
8 .
9 .
i0.
II.
VJ
S o m e p r o o f s a b o u t D a t a S t r u c t u r e s
I n t r o d u c t i o n - R e g i s t e r s a n d m a m o r i e s - C h a i n i n g o p e r a t i o n s -
P u s h d c ~ s a n d q u e u e s .
T r a n s l a t i c n i n t o C C S
D i s c u s s i o n - T h e l a n g u a g e P - S o r t s a n d a u x i l i a r y d e f i n i t i c n s -
T r a n s l a t i o n o f P - A d d i n g p z o c e d u r e s t o P - P r o t e c t i o n o f r e s o u r c e s .
~ t e z m i n a c y a n d C o n f l u e n c e
D i s c u s s i o n - S t r o n g c o n f l u e n c e - ~ i t e g u a r d s a n d t h e u s e o f
c c n f l u e n c e - S t r c n g d e t e r m i n a c y : C o n f l u e n t d e t e z m i n a t e C C S -
P r o o f i n DCCS: t h e s c h e d u l e r a g a i n - a b s e r v a t i c n c o n f l u e n c e a n d
d e t e z m i n a c y .
C o n c l u s i o n
W h a t h a s b e e n a c h i e v e d ? - Is O C S a p r o g r a m m i n g l a n g u a g e ? -
T h e q u e s t i o n o f f a i r n e s s - T h e n o t i o n o f b e h a v i o u r - D i r e c t i o n s
f o r f u r t h e r w o r k .
~ : P r o p e r t i e s o f c c ~ g r u e n c e a n d e q u i v a l e n c e .
111
1 2 6
1 3 8
1 5 8
1 6 6
R e f e r e n c e s 16 9
CHAPTER 0
Introduction
O.i P u ~ s e
These notes present a calculus of concurrent systems. The presentation
is partly infozrflal, and aimed at practice; w e unfold the calculus through
the medium of examples each of which illustrates first its expressive power,
and second the techniques which it offers for verifying properties of a
system.
A useful calculus, of cGmputing systems as of anything else, must have
a high level of articulacy in a full sense of the word implying not only
rid%ness in expression but also flexibility in manipulation. It should b e
possible to describe existing systems, to specify and progr~n new systems,
and to argue mathematically about them, all without leaving the notational
frame%~rk of the calculus.
These are demanding criteria, and it may be impossible to meet them
even for the full range of concurrent syst~ns which are the proper concern
of a ccmputer scientist, let alone for syste~ns in general. But the attempt
n~st be made. W e believe that our calculus succeeds at least to this extent:
the sane notations are used both in defining and in reasoning about systems,
a n d - as our examples will show - it appears to be applicable not only to
prograns (e.g. operating systems or parts of them) but also to data struc-
tures and, at a certain level of abstraction, to hardware systems. For
the latter however, w e do not claim to reach the detailed level at which
the correct functicr/ng of a s y s t ~ depends on timing considerations.
Apart from artioulacy, w e aim at an underlying, theory whose basis is
a small well-knit collection of ideas and which justifies the manipulations
of the calculus. ~nis is as important as generality - perhaps even mere
in~portant. Any theory will b e superseded sooner or latem; during its life,
understanding it and assessing it are only possible and worthwhile if it
is seen as a logical 9~owth frcm rather f e w b a s i c assumptions and concepts.
We take this further in the next section, where w e introduce our chosen
conoeptual basis.
One purpose of these notes is to provide material for a graduate course.
With this in mind (indeed, the notes grew as a graduate course at Aarhus
University in A u t ~ 1979) w e have tried to find a good expository sequence,
a n d h a v e c m i t t e d s c m e p a r t s o f t h e t h e o r y - w h i c h w i l l a p p e a r i n t e c h n i c a l
p u b l i c a t i o n s - i n f a v o u r o f c a s e studies. T h e r e a r e p l e n t y o f e x e r c i s e s ,
a n d a n y o n e w h o b a s e s a c o u r s e o n t h e n o t e s s h o u l d b e a b l e t o t h i n k o f others;
o n e p l e a s a n t f e a t u r e o f c o n c u r r e n t s y s t e m s is t h e w e a l t h a n d v a r i e t y o f
s m a l l b u t n o n - t r i v i a l e~maples' W e c o u l d h a v e i n c l u d e d m a n y m o r e e x a m p l e s
i n t h e text, a n d t h e r e b y g i v e n g r e a t e r e v i d e n c e f o r t h e f a i r l y w i d e
a p p l i c a b i l i t y o f t h e calculus; but, s i n c e o u r m a i n a i m is t o p r e s e n t
i t a s a calculus, i t s e e m e d a g o o d r u l e t h a t e v e r y e x a m p l e p r o g r a m o r
s y s t e ~ s h o u l d b e s u b j e c t e d t o scrne p r o o f o r t o s a m e m a n i p u l a t i o n .
O . 2 C h a r a c t e r
O u r c a l c u l u s i f f o u n d e d o n t w o c e n t r a l ideas. T h e f i r s t is O b s e r v a t i o n ;
w e a i m t o d e s c r i b e a o o n c u r r e n t s y s t e m f u l l y e n o u g h t o d e t e r m i n e e ~ m c t l y
w h a t b e h a v i o u r w i l l b e s e e n o r e x p e r i e n c e d b y a n e x t e r n a l o b s e r v e r . T h u s
t h e a p p r o a c h is t h o ~ o u g h l y e x t e n s i o n a l ; t w o s y s t e m s a r e i n d i s t i n g u i s h a b l e
i f w e c a n n o t t e l l t h e ~ a p a r t w i t h o u t p u l l i n g thegn apart. W e t h e r e f o r e
g i v e a f o m a a l d e f i n i t i o n o f o b s e r v a t i o n e q u i v a l e n c e (in C h a p t e r 7) a n d
i n v e s t i g a t e its properties.
T h i s b y n o m e a D ~ p r e v e n t s u s f r c m s t u d y i n g t h e s t r u c t u r e o f systems.
E v e r y i n t e r e s t i n g c o n c u r r e n t s y s t e m is b u i l t frcrn i n d e p e n d e n t agents w h i c h
c c m m u n i c a t e , a n d s ~ n c h r o n i z e d c o m m u n i c a t i o n is o u r s e c o n d c e n t r a l idea.
W e r e g a r d a cut~t~nication b e t w e e n t w o c o m p o n e n t a g e n t s as a n i n d i v i s i b l e
a c t i o n o f t h e ccr~0osite system, a n d t h e h e a r t o f o u r a l g e b r a o f s y s t e m s
is c o n c u r r e n t c c ~ s i t i o n , a b i n a r y o p e r a t i o n w h i c h c c ~ e s t w o i n d e -
p e n d e n t agents, a l l o w i n g thegn t o coma~anicate. I t is a s e e n t r a l f o r u s
as s e q u e n t i a l ccmioosition is f o r s e q u e n t i a l p r o g r a m m i n g , a n d i n d e e d s u b s u m e s
t h e l a t t e r as a s p e c i a l case. S i n c e f o r u s a p r o g r a m o r s y s t e m d e s c r i p t i o n
is j u s t a tel~n o f t h e calculus, t h e s t r u c t u r e o f t h e p r o g r a m o r s y s t e m
(its intension) i s r e f l e c t e d i n t h e s t r u c t u r e o f t h e term. O u r ~nanipulations
o f t e n c o n s i s t o f t r a n s f o z n d n g a tezm, y i e l d i n g a t e r m w i t h d i f f e r e n t i n t e n -
s i o n b u t i d e n t i c a l b e h a v i o u r (extension). S u c h t r a n s f o z m a t i o n s a z ~ f a n i l i a r
i n s e q u e n t i a l progranmiing, w h e r e t h e e x t e n s i o n m a y j u s t b e a m a t h e m a t i c a l
f u n c t i o n (the " i n p u t / o u t p u t be/qaviour"); f o r c o n c u r r e n t s y s t e m s h o w e v e r ,
i t seer, s c l e a r t h a t f u n c t i o n s a r e i n a d e q u a t e as extensions.
T h e s e t w o c e n t r a l ideas a r e r e a l l y one. F o r w e s u p p o s e t h a t t h e o n l y
w a y t o o b s e r v e a s y s t e m is t o o.xL'municate w i t h it, w h i c h r0akes t h e o b s e r v e r
a n d s y s t e m t o g e t h e r a l a r g e r system. T h e o t h e r s i d e o f t h i s o o i n is
t h a t t o p l a c e t w o ccr~ponents i n ~ c a t i o n ( i . e . t o c c ~ p o s e them)
is j u s t t o l e t t h e m o b s e r v e e a c h other. I f o b s e r v i n g a n d c u t ~ u ~ c a t i n g
a r e t h e s~ne, i t f o l l o w s t h a t o n e c a n n o t O b s e r v e a s y s t e ~ w i t h o u t its
p a r t i c i p a t i o n . T h e a n a l o g y w i t h q u a n t u m p h y s i c s m a y o r m a y n o t b e s u p e r -
ficial, b u t t h e a p p r o a c h is u n i f y i n g a n d a p p e a r s n a t u r a l .
W e c a l l t h e c a l c u l u s C C S (Calculus o f C ~ m . ~ n i c a t i n g Systems). T h e
t e m p s o f C C S s t a n d f o r b e h a v i o u r s (extensions)of s y s t e m s a n d a r e s u b j e c t
t o e q u a t i o n a l laws. T h i s g i v e s us a n a l g e b r a , a n d w e a r e i n a g r e e m e n t
w i t h v a n Erode B o a s a n d J a n s s e n [EHJ] w h o a r g u e t h a t ~ r e g e ' s p r i n c i p l e
o f o c m p o s i t i o n a l i t y o f m e a n i n g r e q u i r e s a n a l g e b r a i c framework. B u t C C S
is s ~ a t m o r e t h a n algebra; f o r e x a m p l e , d e r i v a t i v e s a n d d e r i v a t i o n s
o f t e r m s p l a y a n i n p o r t a n t p a r t in d e s c r i b i n g t h e d y n a m i c s o f b e h a v i o u r s .
T h e v a r i e t y o f s y s t e m s w h i c h c a n b e e x p r e s s e d a n d d i s c u s s e d i n C C S
is i l l u s t r a t e d b y t h e e x a n p l e s i n the text: a n a g e n t f o r s c h e d u l i n g
t a s k p e r f o m a a n c e b y s e v e r a l o t h e r a g e n t s (Chapter 3); 'data flow'
c c ~ p u t a t i o n s a n d a c o n c u r r e n t n%~rerical a l g o r i t h m (Chapter 4); n~mnory
d e v i c e s a n d d a t a s t r u c t u r e s (Chapter 8); s e m a n t i c d e s c r i p t i o n o f a
p a r a l l e l progranlming l a n g u a g e (Chapter 9). I n addition, G. M i l n e [ M l n 33
m o d e l l e d a n d v e r i f i e d a p e r i p h e r a l h a r d w a r e d e v i c e - a c a r d r e a d e r - u s i n g
a n e a r l i e r v e r s i o n o f t h e p r e s e n t ideas.
A f t e r t h e s e remarks, t h e c h a r a c t e r o f t h e c a l c u l u s is b e s t d i s c o v e r e d
b y a q u i c k l o o k t h r o u g h C h a p t e r s 1-4, i g n o r i n g t e d a n i c a l d e t a i l s . O.5
(Outline) m a y a l s o help, b u t t h e n e x t t w o s e c t i o n s a r e n o t e s s e n t i a l f o r
a q u i c k appraisal.
O. 3 R e l a t e d W o r k
A t p r e s e n t , t h e m o s t f u l l y d e v e l o p e d t h e o r y o f c o n c u r r e n c y i s t h a t
o f P e t r i a n d h i s c o l l e a g u e s . (See f o r e x a m p l e C.A. Petri, " I n t r o d u c t i o n
t o G e n e r a l N e t ~ h e o r y " [Pet3, a n d H.J. Genrich, K. L a u t e n b a c h , P.S.
T h i a g a r a j a n , "An O v e r v i e w o f N e t Y~leory" [GLT].) I t is i ~ p o r t a n t t o
c o n t r a s t o u r c a l c u l u s w i t h N e t T h e o r y , i n tez~as o f u n d e r l y i n g concepts.
F o r N e t Theory, a (perhaps the) b a s i c n o t i o n is t h e c o n c u r r e n c ~
r e l a t i o n o v e r t h e p l a c e s (conditions) a n d t r a n s i t i o n s (events) o f a
system; i f t w o e v e n t s ( s a y ) a r e i n t h i s relation, i t i n d i c a t e s t h a t
t h e y a ~ e c a u s a l l y i n d e p e n d e n t a n d m a y o c c u r i n e i t h e r o r d e r o r s i m u l -
taneously. T h i s r e l a t i o n is c o n s p i c u o u s l y a b s e n t i n o u r theory, a t
l e a s t a s a b a s i c n o t i o n . H e n w e o ~ p o s e t w o a g e n t s i t is t h e s y n c h r o n i -
z a t i o n o f t h e i r m u t u a l cc~amlnications w h i c h d e t ~ e s t h e cc~oosite; w e
t r e a t t h e i r i n d e p e n d e n t a c t i o n s as o c c u r r i n g i n a r b i t r a r y o r d e r b u t n o t
s i m u l t a n e o u s l y . T h e r e a s o n is t h a t w e assLlre o f o u r e x t e r n a l o b s e r v e r
t h a t h e c a n m a k e o n l y o n e o b s e r v a t i o n a t a time; this i ~ p l i e s t h a t h e
is b l i n d t o t h e p o s s i b i l i t y t h a t t h e s y s t ~ n c a n s u p p o r t t w o o b s e r v a t i o n s
s i m u l t a n e o u s l y , s o t h i s p o s s i b i l i t y is i r r e l e v a n t t o t h e e x t e n s i o n o f
t h e s y s t e a i n o u r sense. T h i s a s s u m p t i o n is c e r t a i n l y o p e n t o (extensive')
debate, b u t g i v e s o u r c a l c u l u s a s i n p l i c i t y w h i c h w o u l d b e a b s e n t o t h e r -
wise. T o a n s w e r t h e n a t u r a l o b j e c t i o n t h a t i t is u n w i e l d y t o c o n s i d e r a l l
p o s s i b l e s e q u e n c e s (interleavings) o f a s e t o f c a u s a l l y i n d e p e n d e n t events,
w e r e f e r t h e r e a d e r t o o u r c a s e studies, f o r e x a n p l e i n C h a p t e r s 3 a n d 8,
t o s a t i s f y h i m s e l f t h a t o u r m e t h o d s c a n a v o i d t h i s u n w i e l d i n e s s a l m o s t
~Zetely.
C n t h e o t h e r hand, N e t T h e o r y p r o v i d e s m a n y s t r o n g a n a l y t i c techniques;
w e m u s t j u s t i f y t h e p r o p o s a l o f a n o t h e r theory. T h e e m p h a s i s i n o u r c a l c u l u s
is u p o n s y n t h e s i s a n d u p o n extension; a l g e b r a a p p e a r s t o b e a n a t u r a l t o o l
f o r e x p r e s s i n g h o w s y s t e m s a r e built, a n d i n s h o w i n g t h a t a s y s t e m m e e t s its
s p e c i f i c a t i o n w e a r e d e m a n d i n g p r o p e r t i e s o f its e x t e n s i o n . ~ a c t i v i t y
o f p r o g r a m m i n g - m o r e g e n e r a l l y , o f s y s t e m s y n t h e s i s - falls n a t u r a l l y
i n t o CCS, a n d w e b e l i e v e o u r a p p r o a c h t o b e m o r e a r t i c u l a t e i n t h i s r e s p e c t
t h a n N e t Theory, a t lea_st o n p r e s e n t evidence. I t r e m a i n s f o r u s t o
d e v e l o p a n a l y t i c t e c h n i q u e s t o m a t c h t h e s e o f ~Net Theory, w h o s e a c h i e v e -
m e n t s w i l l b e a v a l u a b l e guide.
A s a b r i d g e b e t w e e n N e t T h e o r y a n d p r o g r a m m i n g l a n g u a g e s f o r c o n c u r -
rency, w e s h o u l d m e n t i o n t h e e a r l y w o r k o f K a r p a n d M i l l e r [KM] o n p a r a l l e l
p r o g r a m schemata. T h i s w o r k b e a r s a r e l a t i o n t o N e t T h e o r y i n y i e l d i n g a n
a n a l y s i s o f p r o p e r t i e s o f c o n c u r r e n t systems, s u c h as d e a d l o c k a n d liveness;
i t a l s o e s m e s c l o s e r t o p r o g r a m m i n g (in t h e c c n v e n t i o n a l sense), b e i n g a
g e n e r a l i s a t i c n o f t h e f a m i l i a r n o t i o n o f a s e q u e n t i a l f l o w chart.
I n r e c e n t p r o p o s a l s f o r c o n c u r r e n t p r o g r a m m i n g l a n g u a g e s t h e r e is a
t r e n d t o w a r d s d i r e c t c c r m ~ n i c a t i o n b e t w e e n cc~i0onents o r m o d u l e s , a n d a w a y
f r o m c ~ i ~ u n i c a t i o n t h r o u g h s h a r e d r e g i s t e r s o r variables. E x a m p l e s are:
N. Wirth "MCDUIA: A language for modular multiprogramling", [Wir];
P. Brinch Hansen "Distributed Processes; a concurrent programming ccnoept",
[Bri 2]; C.A.R. Hoare "C~ti~nicating Sequential Processes", [Hoa 3].
Hoare's "monitors" [Hoa 2] gave a discipline for the administration of
shared resources in concurrent programming. These papers have helped
towards understanding the art of concurrent programming. Our calculus
differs frcm all of them in two ways: first, it is not in the accepted
sense an imperative language - there are no commands, only expressions;
second, it has evolved as part of a mathematical study. In the author's
v i ~ it is hard to do mathematics with imperative languages, though one
may add mathematics (or logic) to them to get a proof methodology, as in
the well-known "assertion" method or Hoare's axicmatic method.
One of the main encumbrances to proof in imperative languages is the
presence of a more-or-less global m~mory (the assignable variables). ~his
was recognized by Hoare in "Communicating Sequential Processes"; although
CSP is imperative Hoare avoids one aspect of global m~nory which makes
concarrent programs hard to analyse, by forbidding any member of a set of
concurrent programs to alter the value of a variable mentioned by another
m ~ . This significant step brings CSP quite close to our calculus, the
more so because the treatment of eutmunication is similar and expressed in
similar notation. Indeed, algorithms can often be translated easily from
one to the other, and it is reasonable to hope that a semantics and proof
theory for CSP can b e developed frGm CCS. Hoare, in his paper and more
recently, gives encouraging evidencs for the expressiveness of CSP.
We now turn to two models based on non-synchronized o~t,manication.
One, with strong expressive power, is Hewitt's Actor Systems; a recent
reference is [HAL]. Here the ~ c a t i o n discipline is that each
message sent b y an actor will, after finite time, arrive at its destination
actor ; no structure over waiting messages (e.g. ordering by send-time)
is imposed. This, together with the dynamic creation of actors, yields
an interesting programming method. Hc~ever, it see~ns to the author that
the fluidity of structure in the model, and the need to handle the
collection of waiting messages, poses difficulties for a tractable
extensional theory.
Another non-synchronized model, deliberately less expressive, was
first studied by Kahn and relx)rted b y him and MacQueen [KMQ]. Here the
interc~Li~t.~nication of agents is via unbounded buffers and queues, the
w h o l e b e i n g determinate. P r o b l e m s h a v e a r i s e n i n e x t e n d i n g i t t o n o n -
d e t e r m i n a t e systems, b u t m a n y n o n - t r i v i a l a l g o r i t h m s f i n d t h e i r b e s t
e x p r e s s i o n i n this medit~n, a n d i t is a n e x a m p l e o f a p p l i c a t i v e (i.e.
non-imperative) prograrmling w h i c h y i e l d s t o e x t e n s i o n a l t r e a t m e n t b y
t h e s e m a n t i c t e c h n i q u e s o f Scott. M o r e o v e r , W a d g e [Wad] h a s r e c e n t l y
s h o w n h o w s i m p l e c a l c u l a t i o n s c a n d e m o n s t r a t e the l i v e m e s s o f s u c h
systems.
A l u c i d o c ~ p a r a t i v e a c c o u n t o f t h r e e a p p r o a c h e s - Hewitt, K a h n /
M a c Q u e e n a n d M i l n e r - is g i v e n i n [MQ].
I n C h a p t e r 9 o f t h e s e n o t e s w e s h o w h o w o n e t y p e o f c o n c u r r e n t
l a n g u a g e - w h e r e c c m m m n i c a t i o n is v i a s h a r e d v a r i a b l e s - m a y b e d e r i v e d
f r c ~ o r e x p r e s s e d i n t e r m s o f CCS. This p r o v i d e s s a n e e v i d e n c e t h a t o u r
c a l c u l u s is r i c h i n expression, b u t w e c e r t a i n l y d o n o t c l a i m t o b e a b l e
t o d e r i v e e v e r y l a n g u a g e f o r concurrency.
A r a t h e r d i f f e r e n t s t y l e o f p r e s e n t i n g a c o n c u r r e n t s y s t e m is
exer~olified b y t h e p a t h e x p r e s s i o n s o f C a m p b e l l a n d H a b e r m a n n [CaH].
H e r e t h e a c t i v e p a r t s o f the s y s t e m a r e d e f i n e d s e p a r a t e l y f r o m t h e
c o n s t r a i n t s ( e . g . t h e p a t h expressions) w h i c h d i c t a t e h o w t h e y m u s t
synchronize. M o r e r e c e n t w o r k b y Lauer, S h i e l d s a n d o t h e r s - m a i n l y
a t N e w c a s t l e - shows t h a t t h i s m o d e l i n d e e d y i e l d s t o m a t h e m a t i c a l
analysis. A v e r y d i f f e r e n t e x a m p l e o f this s e p a r a t i o n is t h e e l e g a n t
w o r k o f M a g g i o l o - S c h e t t i n i e t a l [ ~ ] ; h e r e t h e c o n s t r a i n t s a r e
p r e s e n t e d n e g a t i v e l y , b y s t a t i n g w h a t c o n j u n c t i o n s o f s t a t e s (of s e p a r a t e
c c n p o n e n t agents) m a y n o t occur. T h i s a p p r o a c h h a s a n a d v a n t a g e f o r
s y s t e m s w h o s e c r m p o n e n t s a r e l a r g e l y i n d e p e n d e n t (the a u t h o r s c a l l i t
"loose c o u p l i n g " ) , s i n c e t h e n o n l y f e w c o n s t r a i n t s n e e d t o b e e x p r e s s e d .
This s e c t i o n h a s s h o w n t h e s u r p r i s i n g v a r i e t y o f p o s s i b l e t r e a t m e n t s
o f c o n c u r r e n t systems. I t is n o t h i n g like a c c ~ p r e h e n s i v e survey, a n d
t h e a u t h o r is a w a r e t h a t i m p o r t a n t w o r k h a s n o t b e e n m e n t i o n e d , b u t i t
w i l l s e r v e t o p r o v i d e s c ~ e p e r s p e c t i v e o n t h e w o r k p r e s e n t e d here.
O. 4 E v o l u t i o n
%Tuis w o r k e v o l v e d frc~n a n atter~ot t o t r e a t c ~ L ~ n i c a t i o n m a t h e m a t i -
cally. I n M i l n e r : "Processes: a m a t h e m a t i c a l m o d e l o f ~ t i n 9 a g e n t s "
[Mil 11 a m o d e l o f i n t e r a c t i n g agents w a s c o n s t r u c t e d , u s i n g S c o t t ' s
t h e o r y o f dcrm~ms. ~ h i s w a s r e f i n e d a n d g r e w m o r e a l g e b r a i c i n G. M i l n e
a n d Milner: " C o n c u r r e n t P r o o e s s e s a n d t h e i r syntax" E M M 3 . A t this
p o i n t w e p r o p o s e d n o p r o g r a m m i n g language, b u t w e r e a b l e t o p r o v e
p r o p e r t i e s o f d e f i n e d c o n ~ n t b e h a v i o u r s . F o r example, M i l n e i n h i s
Ph.D. T h e s i s "A m a t h e m a t i c a l m o d e l o f c o n c u r r e n t c o m p u t a t i o n " [Mln]
p r o v e d p a r t i a l c o r r e c t n e s s o f a p i e c e o f h a r d w a r e , a card-reader, b u i l t
f r o m f o u r s e p a r a t e c c ~ p o n e n t s as d e t a i l e d i n i t s h a r d w a r e d e s c r i p t i o n .
O u r m o d e l a t t h i s s t a g e d r e w u p o n P l o t k i n ' s a n d Sa~yth's P ~ e r ~
c o n s t r u c t i o n s , [ P I o i, Sa~y]. w h i c h e x t e n d e d S c o t t ' s t h e o r y t o a d m i t
n o n - d e t e n m i n i s m . P a r t o f o u r a l g e b r a is s t u d i e d i n d e p t h i n [ M i l 2].
A t t h i s p o i n t t h e r e w e r e t w o c r u c i a l d e v e l o ~ a e n t s . F i r s t - as w e
h a d h o p e d - o u r b e h a v i o u r d e f i n i t i o n s l o o k e d c o n s i d e r a b l y like programs,
a n d t h e rescm%blance w a s i n c r e a s e d b y m e r e l y i m p r o v i n g notation. T h e
result, e s s e n t i a l l y t h e l a n g u a g e o f CCS, is r e p o r t e d i n [Mii 3] a n d
w a s p a r t l y p ~ t e d b y d i s c u s s i o n s w i t h H o a r e a n d Scott. (For completeness,
t w o o t h e r p a p e r s [Mil 4,5] b y t h e a u t h o r a r e i n c l u d e d i n t h e r e f e r e n c e
list. E a c h g i v e s a s l i g h t l y d i f f e r e n t p e r s p e c t i v e f r o m [Mil 3], a n d
d i f f e r e n t examples. ) T h e s e c o n d d e v e l o l m ~ n t w a s t o r e a l i s e t h a t t h e
r e s u l t i n g l a n g u a g e h a s m a n y i n t e r p r e t a t i o n s ; a n d t h a t t h e P c ~ r ~
m o d e l , a n d v a r i a n t s o f it, m a y n o t b e t h e c o r r e c t ones. A c r i t e r i o n w a s
n e e d e d , t o r e j e c t t h e w r o n g i n t e r p r e t a t i o n s . F o r this p u r p o s e , w e t u r n e d
t o o b s e r v a t i o n e q u i v a l e n c e ; t w o b e h a v i o u r e x p r e s s i o n s s h o u l d h a v e t h e
s a n e i n t e r p r e t a t i o n i n t h e m o d e l i f f i n a l l c o n t e x t s t h e y a r e i n d i s t i n g u i s h -
a b l e b y o b s e r v a t i o n .
I t n o w t u r n s o u t t h a t a d e f i n i t i o n o f o b s e r v a t i o n e q u i v a l e n c e (for
w h i c h a d m i t t e d l y t h e r e a r e a f e w alternatives) d e t e m n i n e s a m o d e l , u p
t o i s c ~ o r p h i s m , a n d m o r e o v e r y i e l d s a l g e b r a i c laws w h i c h a r e o f p r a c t i c a l
u s e i n a r g u i n g a b o u t be2~iriours. W e h a v e s t r o n g h o p e f o r a s e t o f laws
w h i c h a r e i n s o m e s e n s e complete; i n f a c t t h e laws g i v e n i n C h a p t e r s 5
a n d 7 h a v e b e e n s h o w n cc~!olete f o r a s i n p l i f i e d c l a s s o f f i n i t e (ten~inating)
b e h a v i o u r s . I n t h i s case, "complete" m e a n s t h a t i f t w o b e h a v i o u r e x p r e s s i o n s
a r e o b s e r v a t i o n - e q u i v a l e n t i n a l l c o n t e x t s t h e n t h e y m a y b e p r o v e d e q u a l
b y t h e laws; this c o m p l e t e n e s s is s h o w n i n [HM].
0 . 5 O u t l i n e
I n C h a p t e r 1 w e d i s c u s s i n f o r m a l l y t h e i d e a o f e x p e r i m e n t i n g on, o r
o b s e r v i n g , a non-dete2xninistic agent; this leads t o t h e n o t i o n o f
s y n d 0 m o n i s a t i o n t r e e (ST) a s t h e b e h a v i o u r o f a n agent. C h a p t e r 2 d i s -
c t ~ s e s m t u a l e x p e r i m e n t , o r c ~ m L ~ n i c a t i c n , b e t w e e n agents, a n d d e v e l o p s
a n a l g e b r a o f STs. I n C h a p t e r 3 w e d o a s m a l l c a s e - s t u d y (a s c h e d u l i n g
system) a n d p r o v e scxnething a b o u t it, a n t i c i p a t i n g t h e formal d e f i n i t i o n
o f o b s e r v a t i o n e q u i v a l e n c e a n d its p r o p e r t i e s t o b e d e a l t w i t h f u l l y i n
C h a p t e r 7.
C h a p t e r 4 e n r i c h e s o u r cul,udnications - u p t o n o w t h e y h a v e b e e n j u s t
s y n d l r o n i z a t i o n s - t o a l l o w t h e p a s s i n g o f v a l u e s f r c m o n e a g e n t t o another,
a n d i l l u s t r a t e s t h e g r e a t e r e x p r e s s i v e p ~ e r i n t w o m o r e exar~les; c n e is
a k i n t o D a t a Flow, a n d t h e o t h e r is a c o n c u r r e n t a l g o r i t h m f o r f i n d i n g a
zero o f a c o n t i n u o u s function. T h e n o t i o n o f d e r i v a t i v e o f a b e h a v i o u r
is introduced, a n d u s e d i n t h e s e c c n d example.
I n C h a p t e r 5 w e d e f i n e C C S formally, g i v i n g i t s d y n a m i c s i n t e r m s
o f d e r i v a t i o n s (derivative sequences). ~ h i s y i e l d s o u r s t r o n g c o n g r u e n c e
r e l a t i o n , u n d e r w h i c h t w o p r o g r a m s a r e c c n g r u e n t i f f t h e y h a v e e s s e n t i a l l y
t h e s a m e d e r i v a t i o n s , a n d w e e s t a b l i s h s e v e r a l laws o b e y e d b y t h e c o n g r u e n c e .
I n C h a p t e r 6 w e p r e s e n t c ~ m l u n i c a t i c n t r e e s (CTs, a g e n e r a l i s a t i o n o f STs)
as a m o d e l w h i c h o b e y s t h e s e laws; t h i s m o d e l is n o t n e c e s s a r y f o r t h e
f u r t h e r d e v e l o p m e n t , b u t m e a n t as a n a i d t o u n d e r s t a n d i n g .
C h a p t e r 7 is t h e c o r e o f t h e theory; o b s e r v a t i o n e q u i v a l e n c e is
t r e a t e d i n depth, a n d f r o m i t w e g a i n o u r m a i n c o n g r u e n c e relation,
o b s e r v a t i o n congruence, u n d e r w h i c h t w o p r o g r a n s a r e c o n g r u e n t ~iff t h e y
c a n n o t b e d i s t i n g u i s h e d b y o b s e r v a t i o n i n a n y context. H a v i n g d e r i v e d
s c m e p r o p e r t i e s o f t h e congruence, w e u s e t h e m i n C h a p t e r 8 t o p r o v e t h e
c o r r e c t b e h a v i o u r o f t w o f u r t h e r systems, b o t h t o d o w i t h d a t a structures.
I n C h a p t e r s 9 a n d I O w e l o o k a t s a n e d e r i v e d A l g e b r a s . O n e t a k e s t h e
f o r m o f a n i m p e r a t i v e c o n c u r r e n t p r o g r a m m i n g language, w i t h a s s i s t
statements, " c o b e g i n - c o e n d " statements, a n d p r o c e d u r e s . I n e f f e c t , w e
s h o w h o w t o t r a n s l a t e t h i s l a n g u a g e d i r e c t l y i n t o CCS. T h e o t h e r is a
r e s t r i c t i o n o f C C S i n w h i c h d e t e r m i n a c y is guaranteed, a n d w e i n d i c a t e
h o w p r o o f s a b o u t s u c h p r o g r a m s c a n b e s i r ~ l e r t h a n i n the g e n e r a l case.
F i n a l l y , i n C h a p t e r ii w e t r y t o e v a l u a t e w h a t h a s b e e n achieved,
a n d i n d i c a t e d i r e c t i o n s f o r f u t u r e research.
CHAPTER 1
E x p e r i m e n t i n g o n n o n d e t e n n i n i s t i c m a c h i n e s
i o i
T a k e a p a i r
= { a , b , c , d } :
T r a d i t i o n a l e q u i v a l e n c e o f f i n i t e s t a t e a c c e p t o r s
S , T o f n o n d e t e z a d n i s t i c a c c e p t o r s o v e r t h e a l p h a b e t
T
T h e a c c e p t i n g s t a t e s o f S a n d T a r e s 2 a n d t 2 r e s p e c t i v e l y ; i n n o n -
d e t e r m i n i s t i c a c c e p t o r s w e c a n a l w a y s m a k e do, as h e r e , w i t h a s i n g l e 'dead'
a c c e p t i n g state.
A s t a n d a r d ~ t t h a t S a n d T a r e e q u i v a l e n t , m e a n i n g t h a t t h e y
a c c e p t t h e s a m e l a n g u a g e (set o f s t r i n g s ) , r u n ~ as f o l l o w s .
t i) t o r e p r e s e n t t h e l a n g u a g e a c c e p t e d s t a r t i n g f r c m s t a t e s i (resp t i) , w e
g e t a s e t o f e q u a t i o n s f o r S , a n d f o r T :
s O = as I t O = a t 1
s I = b s 2 + cs 3 t I = b t 2
!
S 2 = ~ t I = c t 3
S 3 = ds 0 t 2 =
t 3 = d t 0
+ at~
H e r e as u s u a l + s t a n d s f o r u n i o n o f l a n g u a g e s , e f o r t h e l a n g u a g e
c o n t a i n i n g ~ n l y t h e 6 ~ p t y string, a n d w e c a n t h i n k o f t h e s y m b o l a
f o r a f u n c t i o n o v e r l a n g u a g e s : as = a(s) = {a~; ~ E s} .
N o w b y sinlole s u b s t i t u t i o n w e d e d u c e
s O = a ( b c + cds0) .
B y a p p l y i n g t h e d i s t r i b u t i v e l a w a ( s + s') = as + as' w e d e d u c e
s O = ab~ + a c d s 0
T a k i n g s i (resp
s t a n d i n g
1 0
and w e can go further, using a standard rule for solving such equations known
as Arden' s rule, to get
s O = (acd)*abe .
For T it is even simpler; w e get directly (without using distributivity)
t O = ab~ + acdt 0
and the unique solvability of such equations tells us that s O = t O , so S
and T are equivalent acceptors.
But are they equivalent, in all useful senses?
1.2 Experimentin 9 upon acceptors
Think differently about an acceptor over {a,b,c,d> . It is a black
box, whose behaviour y o u w a n t to investigate b y asking it to accept symbols
one at a time. So each b o x has four buttons, one for each symbol:
S b
a a
i I
w
s O d T b t O
t
There are four atomic e x p e r ~ t s y o u can do, cne for each symbol. Doing an
a-experiment on S (secretly in state s O , b u t you don't know that) con-
sists in trying to press the a-button, with two possible outccmes in general:
(i) Failure - the button is locked;
(ii) Success - the button is unlocked, and goes down (and
secretly a state transiticn occurs).
In fact w e cannot distinguish between S and T , in their initial states,
by any single atcndc experiment; the a-experiment succeeds in each case, and
the other three fail.
After a successful a-experiment on each machine, which m a y y i e l d
a
S b l s 1 ~ d T b
t . t
t
a
# i
d
w e m a y try another atc~tic experiment, in our aim to see if the machines are
equivalent or not. Clearly a b-experiment now succeeds for S and fails
11
for T , though the other three e x p e r ~ t s fail to distinguish the~. A f t e r
trying the b-experiment, then, can w e conclude that S and T are not
equivalent?
No, because S's response to the a-experiment could have been different
(for all w e know) and locked the b-button, w h i l e T's response could have
been different (for all w e know - and it could indeed') a n d unlocked the
b-button. Following this argLm~nt further, w e m a y feel forced to admit that
no finite amount of experiment could prove to us that S and T are, or are
not, equivalent'.
B u t suppose
(i) It is the weather at any mcn~nt w h i c h determines the choice of
transition (in case of ambiguity, e.g. T at t O under an
a-experiment) ;
(ii) The weather has only finitely many states - at least as far
as choice-resolution is concerned ;
(iii) We can control the weather .
For sane machines these assunptions are not so outrageous; for example, one
of two pulses m a y always arrive first w i t h i n a certain temperature range, a n d
outside this range the other m a y always arrive first. (At the boundary of
the range w e have the well-known glitch problem, w h i c h w e shall ignore here.)
Nc~, b y conducting an a-experiment an S and T under all weather con-
ditions (always in their start states, which w e have to assume are recover-
able), w e can find that S's b-button is always unlocked, b u t that T's
b-button is sc~etimes locked, and we can conclude that the machines are not
equivalent.
Is this sense of equivalence, in which S and T are not equivalent,
a meaningful one? W e shall find that w e can m a k e it precise and shall adopt
it - partly because it yields a nice theory, partly because it is a finer
(s~aller) equivalence relation than the standard cne (which w e can always
recover b y introducing the distributive law used in i.i), b u t m o r e for the
following reason. Imagine that the b-buttons on S and T are hidden.
Then in all weathers every successful e x p e r ~ t upon S unlocks same
visible button:
S (with b hidden) is not deadlockable
12
while in sc~e weathers, and after same experiments, all of T's visible
buttons will be lo~ked:
T (with b hidden) is deadlockable.
We wish to think of a nondeterministic choice in such machines as being
resolved irreversibly, at a particular manent, by information flowing into
the system from an unseen source; if a deadlock can thus arise in one machine
but not in another, we do not regard them as behaviourally equivalent.
1.3 Behaviour as a tree
Because we reject the distributive law a(x + y) = ax + ay , we can no
longer take languages (sets of strings) as the behaviours of our machines.
We proceed to an alternative. Frcm now on we will use NIL instead of e
to stand for a behaviour which can do nothing (= admits no experiment) ; we
shall also use Greek letters for our ~ i s - i.e. names of buttons - so you
should consider ~,~,y ,5 as replace~_nts for a,b,c,d in our sinple example.
First, take the transition graph for S and unfold it into a tree with
states as node labels and symbols as arc labels:
B
Because state na~es are present we have lost no information; the state trans-
ition graph can be recovered frcm such a tree. But the experimenter cannot
see the state - he can only see the transitions. This leads us to drop the
node labels, and take the infinite tree
U
as the behaviour of S . a - -
I Definition A label is a n~mber of a given (fixed) label set A .
We are using ~,B,Y,.. to stand for labels. (The use of the word 'label' in
place of 'symbol' will be further motivated later.)
13
I Definition A sort is a subset of A g
W e shall usually use L,M,N, .. to stand for sorts. We shall also often use
the word a~ent in place of 'madline' or 'acceptor', so
'S is an acceptor over the alphabet Z'
becomes
'S is an agent of sort L'
Definition A Rigid Synchronization Tree (RST) of sort L is a rooted,
unordered, finitely b r a n ~ tree each of whose arcs is labelled b y a
member of L .
Thus the tree in the last diagran is an RST of sort {~, B, ~, 8} . (It is also
an RST of any larger sort.)
Why 'rigid'? Because it is the behaviour of a rigid agent - one which
can make no transition except that corresponding to an atomic experiment. We
shall soon meet other transitions.
Why 'synchronizaticn'? Because we shall later see how the oammunication
of two agents can be represented in fozrcing their joint tree frcm their
separate trees. Then the joint tree will not be rigid, in general, since
intercuf, udnication between cc~ponent agents is not observable.
Notice that finite RSTs can be represented as expressions:
B / / ~ is (BNIL + ~NIL)
~ ~ is ~BNIL + ~ N I L
and usually there is more than one natural expression:
(~NIL 7NIL) , or is ~rIn
+ +
(c~LL + BNIL) + yNIL .
Indeed, + is both oactuutative and associative, since w e declared RSTs to
be unordered trees - and NIL is easily seen to be a zero for summation.
To justify these remarks w e nc~ define the algebra of RSTs.
14
i. 4 A l g e b r a o f R S T s
I g n o r i n g s o r t s f o r a m c n ~ n t , w e h a v e a n e l e m e n t a r y a l g e b r a o v e r RSTs,
w h o s e o p e r a t i o n s are:
N I L (nullary operation)
N I L is t h e t r e e ;
+ (binary operation)
+ A is t h e t r e e ~ (identify roots) ~
(unary o p e r a t i o n , f o r e a c h ), ~ A)
T h e y o b e y t h e f o l l c ~ i n g laws, as y o u c a n e a s i l y see:
A s s o c i a t i v i t y x + (y + z) = (x + y) + z
Ccurnutativity x + y = y + x
N u l l i t y x + N I L = x
I n fact, t h e s e laws a r e ccalolete: a n y t r u e e q u a t i c n b e t w e e n R S T e x p r e s s i o n s
c a n b e d e d u c e d f r c m them.
If w e c o n s i d e r sorts, a n d l e t R S T L b e t h e s e t o f R S T s o f s o r t L ,
t h e n N I L is o f s o r t L f o r a n y L :
N I L ~ R S T L .
F u r t h e r , + t a k e s t r e e s o f s o r t L , M r e s p e c t i v e l y t o a t r e e o f s o r t L u M :
+ E R S T L R S T M R S T L u M ,
a n d ~ t a k e s a t r e e o f s o r t L t o a t r e e o f s o r t L u { l } :
W e s h a l l u s u a l l y f o r g e t a b o u t s o r t s f o r t h e p r e s e n t , b u t t h e r e a r e t i m e s
l a t e r w h e n t h e y w i l l b e e s s e n t i a l .
C o n s i d e r n o w s o l v i n g r e c u r s i v e e q u a t i o n s o v e r RSTs. W e w i s h t h e e q u -
a t i o n s f o r o u r a g e n t S o f l.1
s O = ~ s I s I = ~s 2 + y s 3
s 2 = N I L s 3 = 6s 0
t o d e f i n e t h e (infinite) b e h a v i o u r o f S as a n R S T o f s o r t {~,8,Y,8} -
15
This set of equations has a unique, solution for the variables s0 ' " " s 3 ;
you can see this b y the fact that the entire tree can be developed top-down
to any depth:
s O
Exercise i. 1
= = = ... and so on.
Not every set of recursive equations has a unique solution;
consider the simple equation
s = s
which is satisfied by any RST (or anything else, for that matter) .
Again, scrne sets of equatioD~ define no R S T at all. Consider the equation
s = s + ~ N I L ;
a solution w o u l d have to be infinitely branching at the root. Even if w e
allowed infinitely branching RSTs, so that
w o u l d b e a solution, it w o u l d not b e unique since s O + t would also
be a solution for any t . W e defer this problem to Chapter 5.
C a n y o u find a condition on a set of equations
Q
O i O
s O =
s i =
o o o
S n =
(with RST expressions involving s O ,.. ,s n
on the right-hand sides)
which ensures that it possesses a unique solution in RSTs?
(Hint: consider cycles of c-transitions in transition graphs.)
1.5 Unobservable actions
Under the conventional definition, a nondeterministic acceptor m a y
have transitions labelled b y ~ ~ the null string. Consider R , a modi-
fication of our S of i.I (reverting briefly to Rcn~ml alphabet):
R a ~ ~ d ~ ~
1 6
(The loop fomaed by the d-transition is irrelevant to our ccrnparison.)
In the conventional sense, R and S are equivalent. But what does the
c-transition mean, in our more mechanistic interpretation? It means that
R in state r i (i.e. after the a-button has been pressed) may at any time
' and that if a b-experiment is never attesloted move silently to state r I ,
it will do so.
Thus, if we attespt a b-experiment on R , after the successful a-
experiment, there are sc~e weather conditions in which we find the b-
button peamanently locked; if on the other hand we a t t ~ a c-experiment
(after the a-experiment) we shall in all weather conditions find the
c-button eventually unlocked (eventually, because although R may take a
little t ~ to decide on its e-transition, it will do so since no b-
experiment is attespted).
Exercise 1.2 Use this as the basis of an ~ t that no pair of R, S
and T are equivalent. A rigorous basis for the a r ~ t will be given
later.
Let us return to our Greek alphabet, and ask how we should write the
equations specifying R's behaviour. We choose the symbol T in place of
e (to avoid confusion with the null string), and use it as a new unary
operation uponbehaviours.
r0,..,r 3 are:
r 0 = ~r I
r 2 = NIL
We are ass~aing that
The equations dete_~mining the behaviours
r i = 8r 2 + xr~
r 3 = ~r 0
T % A (the fixed label set).
!
r I = yr 3
Definition A Synchronization Tree (ST) of sort L is a rooted, unordered,
finitely branching tree eac~ of whose arcs is labelled by a ~ r of
L u { ~ } .
Thus a rigid ST (an RST) is just an ST with no arcs labelled T ;
the behaviour of an agent which can make no silent transitions.
Since we are taking the unary operation
we can of course deduce the ST-behaviour of R . It is
it is
T over STs to be given by
17
Y
y -
STs are a sinlole and useful notion of behaviour. They are just the
unfoldings of behaviour equations, which in turn follow directly fran
transition graphs. Of course in this way different transition graphs can
yield the sane ST, frcrn which w e can be certain that they are i n d i s ~ s h -
able b y experiment.
Exercise 1.3 Convince yourse1_f that the transition graphs
have the same unfolding.
However, different STs (or transition graphs yielding different STs)
may be indistinguishable by experiment. This is true even for RSTs;
consider the simple pair
each of which adaits a single ~-experiment and then nothing else.
But it is even more true in the case of unobservable actions. Later
w e shall study an equivalence relation, c~servation equivalence, over STs,
which can (for finite STs) be axicmatized by a finite set of equations
added to those given in 1.4 above. To get a foretaste of the equivalence
consider the following exercise.
Exercise 1.4 ExamiD~ each of the following pairs of s ~ p l e STs and try to
decide by infozmal ~ t , as in Exercise 1.2 above, which are observation
equivalent (i.e. indistinguishable b y experiment). You may reasonably
conclude that four pairs are equivalent, or that six pairs are equivalent,
b u t you should also find that the notion of equivalence is not yet precise.
Ehe point of this exercise is that it is not trivial to capture our infozmal
arguments b y a precise notion.
o

H
~

o

H
~

c
~

o
~

v

f

~

O

~
o

Chapter 2
Synchronization
2.1 Mutual experimentation
~he success of an s-experiment enables the machine to proceed (to
offer further experiments); it also allows the observer to proceed (to
attempt further experiments). This suggests an ~bvious symmetry; w e
w o u l d like to represent the observer as a machine, then to represent the
ccmposite observer/machine as a machine, then to understand h o w this
m c h i n e behaves for a new observer.
H o w should two machines interact?
S ~ T 0
W e m u s t say w h i c h experiments offered by S m a y combine w i t h o r (ccraplement)
w h i c h experiments of T to y i e l d an interaction. Rather than set u p a
label correspondence (e.g. a ++~, ~++ n) for each machine ccmbination,
w e introduce a little structure on o u r label set A.
We ass~ne a fixed set A of names. W e use ~, B, y, ... to stand for
names
W e assume a set ~ of co-names, disjoint frc~ A and in bijection
with it; the bijection is (-):
o~(~A) ~ <~(cA)
and w e call ~ the co-name of
w e have ~ = ~.
N C ~ w e assume A = A u
to range over A. W e call l
of
to be our set of labels. W e shall use X
and [ cc~plementary_ labels.
The function (-) is n o w a bijection over A. W e extend it to subsets
A; in particular for any sort L, ~, = {~; X~L}.
W e shall scmetimes need the function
name(a) = name (~) =
~. Using ( ) also for the inverse bijection,
which w e extend to sorts b y defining
20
n a ~ e s (L) = {n~ne(l) ; 16L} .
N O W c o n s i d e r t h e p a i r o f m a c h i n e s
Y
S: {~,S,~}
Y
T h e n a t u r a l candidate, perhaps, for t h e ccr~bined m a c h i n e
p i c t u r e d thus:
/
I
S l i t
m a y b e
or:
ST 1_
\ ........ _/
T h e i n t u i t i o n is t h a t c c ~ o l e m e n t a r y ports, o n e i n e a c h m a c h i n e , a r e
l i n k e d a n d h i d d e n (labels removed), s i n o e t h e s e links r e p r e s e n t m u t u a l
o b s e r v a t i o n , w h i l e o t h e r p o r t s s t i l l s u p p o r t e x t e r n a l o b s e r v a t i o n .
B u t u n d e r this s c h e m e t h e r e a r e t w o d i s a d v a n t a g e s . First, c o n s i d e r
r
R: {8,~}
21
We can form RII[SIIT) and (RIiS)!IT:
1
r [
[
I i
..... j
1
each of sort {~,~} but clearly different. S's offers of 8-experiments
are observed by T in the first case, but by R in the second case. So
II is not associative.
Second, it is useful to allow that S's 8-experiment-offers
(or 8-capabilities as w e shall sometimes call them) may be observed b y
either R or T (that is, each 8-experiment cn S may be done by either
R or T, but not both) ; this makes S into a resource shared by R
and T.
The solution is to factor cc~biD~tion into two separate operations:
one to link ports, the other to hi__~ them. We shall use the %Drd
.composition for the first of these operations, and the second w e shall
call restriction.
2.2 Cc~0osition, restricticn and relabelling
The ccsposite RIS of our two machines R and S may be pictured
i s
i
r.
while for (RIS) IT we get
22
8
~ h a t is, f o r e a c h I, i n foi~r/ng U I V w e l i n k e v e r y p o r t l a b e l l e d
i n U t o e v e r y p o r t l a b e l l e d [ i n V.
E x e r c i s e 2.1 F r c m R 1 (SIT) as a picture, a n d c c n v i n c e y o u r s e l f b y o t h e r
~examples t h a t - o n p i c t u r e s - c o m p o s i t i o n is a n a s s o c i a t i v e a n d cc~sau-
t a t i v e operation.
B e f o r e d e f i n i n g c c ~ p o s i t i c n o f b e h a v i o u r s , let u s l o o k a t t w o o t h e r
o p e r a t i o n s o n p i c t u r e s .
F o r e a c h ~ , w e d e f i n e a p o s t f i x e d r e s t r i c t i o n o p e r a t i o n \5,
w h i c h o n p i c t u r e s j u s t m e a n s "hide t h e p o r t s l a b e l l e d ~ o r ~", i.e.
i t d r o p s t h e l a b e l s
( R J S ) \ ~
I - i
a n d ~ f r c m p i c t u r e s , t h u s r e d u c i n g t h e i r sort.
( = R N S )
((RIS) IT)\8\Y\~
s T ........ i t
\ _ J
23
E x e r c i s e 2.2 W h i c h o f t h e f o l l o w i n g a r e i d e n t i c a l as p i c t u r e s ?
(i) ( ( R I S ) IT)\B\\~ (v) (RI (SlT)\6)\Bky
( i i ) ((RIS)kSIT)ky\: (vi) (RI (SlT)\x)\B\~
( i i i ) ( ( R I S ) \yIT) \B\~ (vii) ((RIT) \6 IS) \B\y
(iv) ((RXyIS) IT)XB\6 (viii) ( ( R I T ) k 6 1 S \ 6 ) \ B \ y
Note: \a b i n d s t i g h t e r t h a n I , s o t h a t U : V ~ m e a n s
uI ( v ~ ) .
B e s i d e s i t s u s e w i t h c c ~ i t i c ~ , t h e r e s t r i c t i o n o p e r a t i o n b y i t s e l f
c o r r e s p o n d s t o a sinple, r a t h e r concrete, a c t i o n : - t h a t o f h i d i n g o r
'internal\sing' c e r t a i n p o r t s o f a m a c h i n e . C o m p a r e t h e r e ~ a r k s o n h i d i n g
t h e b - b u t t o n s o f t w o m a c h i n e s , a t t h e e n d o f 1.2.
N o t e t h a t w e c a n d e f i n e S liT, w h e r e S : L a n d T:M, b y
Sll T = (SIT)\~I...\~ n w h e r e {~l,..O,an} = n a m e s ( L ~ ) .
W e s h a l l h e n c e f o r t h a b a n d o n t h e u s e o f u p p e r c a s e l e t t e r s f o r m a c h i n e s .
T h e r e is a f i n e d i s t i n c t i o n b e t w e e n t h e i d e a s o f (i) a m a c h i n e w h i c h m a y
m o v e t h r o u g h states b u t ~ +_he s a m e m a c h i n e (a p h y s i c a l notion) a n d
(ii) a m a c h i n e - s t a t e pair, i.e. a w a y o f s p e c i f y i n g a b e h a v i o u r w i t h a
d e f i n i t e s t a r t (a m o r e m t h e m a t i c a l n o t i o n , e x e m p l i f i e d b y the n o n n a l
d e f i n i t i o n o f F i n i t e - s t a t e A c c e p t o r as c o n s i s t i n g o f a s t a t e set, a t r a n s i -
t i o n r e l a t i o n , a s e t o f a c c e p t i n g s t a t e s a n d a s t a r t state)o O u r l o w e r
c a s e l e t t e r s c o r r e s p o n d t o t h e l a t t e r i d e a - indeed, t h e y d e n o t e t h e s p e c i -
f i e d b e h a v i o u r s (here as STs), a n d i t is t h e s e w h i c h a r e t h e d c ~ a i n o f o u r
algebra; w e s h a l l s o o n s e e w h a t r l s etc. m e a n as b e h a v i o u r s o
W e a l s o h a v e a n o t h e r u s e f o r u p p e r c a s e letters; w e s a y t h a t S : L + M
(where L , M a r e sorts) i s a r e ! a b e l l i n g f r c m L t o M i f
(i) i t is a b i j e c t i o n ;
(ii) i t r e s p e c t s c c ~ l e m e n t s
( i . e o S(~) = S(~) f o r ~,~eL)o
W e d e f i n e t h e p o s t f i x e d r e l a b e l l i n ~ o p e r a t i o n IS ], o v e r (pictures of)
m a c h i n e s o f s o r t L, a s s i m p l y r e p l a c i n g e a c h l a b e l l e L b y S(1).
T h u s f o r r , t a s a b o v e w e h a v e
~ I t = I
, -
Y
24
a n d S: {fl,y,8,~} { S t y , e , [ } , g i v e n b y
s ( ~ ) = 6 , s ( ~ ) = y , s ( ~ ) = ~ , s ( ~ ) = s
i s a r e l a b e l l i n g ; w e t h e n h a v e
( r I t ) [ s ] =
W e s h a l l u s e c o n v e n i e n t a b b r e v i a t i o n s i n w r i t i n g r e l a b e l l i n g s e x p l i c i t l y .
T h u s
i i / ~ I , . . . , i n / ~ n o r 1 1 1 2 " " " i n / ~ l S 2 " " " ~ n
( w h e r e e l , . O . , a n a r e d i s t i n c t n a n e s , a n d I i , . . . , I n a r e l a b e l s w i t h
d i s t i n c t n a r e s ) s t a n d s f o r t h e r e l a b e l l i n g S : L M g i v e n b y
(i) S ( ~ i ) = I i i f e i ~ L
( i i ) S(~i) = I i i f m i ~ L
( i i i ) S(1) = I i f n a m e ( 1 ) ~ { e l , . . . , a n }
p r o v i d e d t h a t t h e f u n c t i o n s o d e f i n e d i s a r e l a b e l l i n g . S o i n p l a c e o f
( r l t ) [ ~ a b o v e , w e w r i t e
(rlt)[~/8, ~ / 8 ] o r ( r ] ) [ ~ e / 8 ~ ] .
W h e n w e s e e t h e l a w s o f t h e F l o w A l g e b r a (laws f o r t h e C ~ i t i o n ,
R e s t r i c t i o n a n d R e l a b e l l i n g o p e r a t i o n s ) i n T h e o r e m 5 . 5 , w e s h a l l s e e t h a t
r e l a b e l l i n g d i s t r i b u t e s o v e r oc~i0osition, s o t h a t w e h a v e
( r I t ) [ ~ / ~ , ~ / 8 ] = r [ ~ / B , e / 6 ] ] t [ ~ / ~ , c / 8 ]
(as y o u c a n r e a d i l y check) - e v e n t h o u g h i n s t r i c t f o z m a l i t y ~ / B , e / 8
s t a n d s f o r a d i f f e r e n t m e l a b e l l i n g i n e a c h c a s e , b e c a u s e r , t a n d r ] t
p o s s e s s d i f f e r e n t s o r t s .
2 . 3 E x t e m f ~ n @ t h e A l g e b r a o f S y n c h r o n i z a t i o n T r e e s
W e m u s t n o w a d d o u r t h r e e n e w o p e r a t i o n s t o t h e a l g e b r a o f S T s , u s i n g
i n t u i t i o n a b o u t t h e o p e r a t i o n a l m e a n i n g o f t h e s e t r e e s . I n f u t u r e w e
c o n t i n u e t o u s e I t o r a n g e o v e r A, a n d u s e ~,~ t o r a n g e o v e r Au{T}.
25
Cc~oosition I : ST L x ST M STLu M
Consider two STs
t = ~ u =
For their ~ i t e , four actions are possible, tlu
(because t does), so one branch of tlu will b e
/
This branch represents independent action b y one ccrsponent, and similar
branches exist for a 8-experiment o n t and a n m-experiment o n u. None
of these three branches represents interaction between t and u; but
there i s a possible interaction, sinoe u's m-offer ccmpl~ments t's
e-offer. Since this action is internal (not observable) w e use T and
represent it in the composite tree b y a branch
Putting all the branches together yields
admits a n e-experiment
N o w cc~position of t and u has been defined in tezms of cc~position
of their sons; clearly this amounts to a recursive definition of 1
More precisely, since every tree m a y b e written in the fozm
t = ~ ~iti , ~i~Au{~}
l_<i<_m
(with m = O if t = NIL), w e m a y define ~ i t i o n as follws:
Definition If t = [~iti and u = [~ .u., then
i j 3 3
tlu = [~i(tilu) + ~ j ( t l u j) + [_ Y(tilu j)
3 ~i =~ j
26
E x e r c i s e 2 . 3 (Consider o n l y f i n i t e STs).
(i) P r o v e b y ~ d u c t i o n o n the d e p t h o f t t h a t t l N I L = t.
(ii) W o r k o u t t l u f o r t = a / ~ 8 a n d u = I~; c h o o s e s a n e
o t h e r examples.
(iii) P r o v e b y i n d u c t i o n o n t h e stwn o f t h e d e p t h s o f t r e e s t h a t
t l u = u l t a n d t I(ulv) = (tlu) Iv.
W e s h o u l d c r i t i c i z e t w o a s p e c t s (at l e a s ~ ) o f o u r definition.
C o n s i d e r i n g o u r f i r s t e x a m p l e o f S T ~ s i t i o n , i t c a n w e l l b e a r g u e d
t h a t t h e f o r m w e g a v e f o r t l u fails t o r e p r e s e n t t h e p o s s i b l e c o n -
c u r r e n t a c t i v i t y o f t a n d u - f o r example, w e m a y t h i n k t h a t a
g - e x p e r i m e n t o n t c a n b e p e r f o r m e d s ~ t a n e o u s l y w i t h a n W - e x p e r i m e n t
o n u, w h i l e (looking a t y o u r r e s u l t f o r E x e r c i s e 2.3(ii) also) t h e S T
f o r t l u m e r e l y i n d i c a t e s t h a t the t w o e x p e r i m e n t s m a y b e p e r f o r m e d i n
e i t h e r order. Indeed, S T s i n n o w a y r e p r e s e n t t r u e concurrency.
T w o n o t c o m p l e t e l y c o n v i n c i n g d e f e n c e s c a n b e given. First, S T s
a r e simple, a n d t r a c t a b i l i t y i n a m o d e l h a s g r e a t advantages; second,
i n s o f a r as w e w i s h a 'behaviour-object' t o t e l l u s h o w a s y s t e m m a y
a p p e a r t o a n o b s e r v e r w h o is o n l y c a p a b l e o f o n e e x p e r i m e n t a t a time,
w e f i n d i t p o s s i b l e t o i g n o r e t r u e c o n c u r r e n c y . Y o u a r e u r g e d t o
c o n s i d e r this q u e s t i o n i n g r e a t e r depth.
T h e s e c o n d a s p e c t f o r c r i t i c i s ~ is t h e i n t r o d u c t i o n o f T t o r e p r e s e n t
s u c c e s s f u l 'mutual o b s e r v a t i o n s ' . I f w e h a d n o n e e d f o r i t i n d e f i n i n g I,
w e c o u l d l e a v e i t o u t o f o u r t h e o r y a l t o g e t h e r .
A g a i n , t h e r e a r e t w o defences, b u t t h i s t i m e c o n v i n c i n g ones. First,
c o n s i d e r r e p l a c i n g t h e t h i r d t e r m i n t h e r e c u r s i v e d e f i n i t i o n o f t l u -
n a m e l y t h e t e a m [ T ( t i l u j) - b y j u s t [ ( t i I % ) ;
intuitively, a n i n t e r n a l a c t i o n j u s t v a n i s h e s . I t t u r n s o u t t h a t 1
is n o l o n g e r a n a s s o c i a t i v e o p e r a t i o n , w h i c h c o n f l i c t s s t r o n g l y w i t h o u r
a s s u m p t i o n t h a t t h e j o i n t b e h a v i o u r o f t/kree a g e n t s s h o u l d i n n o w a y
d e p e n d u p o n t h e o r d e r i n w h i c h w e w i r e t h e m t o g e t h e r b e f o r e t h e y d o a n y -
thing'
E x e r c i s e 2.4 W i t h this n e w d e f i n i t i o n w o r k o u t t I ( u l v ) a n d (tlu) Iv
f o r t = e , u = a , v = 8 t o j u s t i f y t h e a b o v e assertion.
27
T h e s e c o n d d e f e n c e is t h a t w e m u s t s c ~ e h o w express, i n t h e S T (tlu)\~
w h e n t = a A B , u = I~, t h e p o s s i b i l i t y t h a t c c m a u n i c a t i o n b e t w e e n t
a n d u c a n p r e v e n t a n y B-experiment.
E x e r c i s e 2.5 U n d e r t h e n o n a a l d e f i n i t i o n o f
w o r k o u t t h a t
( t l u ) \ ~ = T ~ B
i n this case.
I, a n d o f \~ (see below) ,
T h i s S T does i n d e e d r e p r e s e n t p o s s i b l e p r e v e n t i o n o f a 8-experiment,
a n d u n l e s s w e l e a v e S T s (and d e r i v e d models) a l t o g e t h e r i t is h a r d t o
s e e h o w s u c h d e a d l o c k p h e ~ c a n h e r e p r e s e n t e d w i t h o u t z.
R e s t r i c t i o n \ ~ : S T L S T L _ { ~ , ~ } (~cA)
W e w i s h t o d e n y a l l ~- a n d m - e x p e r i m e n t s , s o t h a t t\~ is f o r m e d
b y p r u n i n g a w a y a l l b r a n c h e s a n d slAb-branches l a b e l l e d ~ o r e. C o n s i d e r i n g
t =
again, w e s e e t h a t
(tlu) \ ~ =
M o r e formally, f o r t = ~. i t i w e h a v e
D e f i n i t i o n t\~ = ~ - ~i (ti \~)
A n o b v i o u s a l t e r n a t i v e t o t h e r e s t r i c t i o n o p e r a t i o n w o u l d b e t o d e f i n e
\l f o r e a c h m e ~ b e r i o f A b y
t\l u i ~ l ~ i (ti\l) ;
i n o t h e r w o r d s , w e m i g h t c h o o s e t o r e s t r i c t n a ~ e s a n d o o - n a m e s i n d e p e n d e n t l y ,
i n s t e a d o f b o t h a t once. ~ n i s w o u l d , o f course, h a v e a c o r r e s p o n d i n g l y
28
d i f f e r e n t e f f e c t o n pictures. T h e r e a s o n f o r o u r c h o i c e is i n f a c t t o
d o w i t h t h e a l g e b r a o f p i c t u r e s (Flow Algebra) u n d e r I, \e a n d [S];
i t h a s a p a r t i c u l a r l y s i m p l e a l g e b r a i c t h e o r y [~M, M i l 2], w h i c h w e
h a v e n o t f o u n d f o r t h e s u g g e s t e d alternative.
R e ! a b e l l i n ~ IS]: S T L + S T M (S:L M a relabelling)
This o p e r a t i o n is as s i m p l e o n STs as it is o n p i c t u r e s ; i t j u s t
a p p l i e s t h e r e l a b e l l i n g S t o a l l labels i n t h e tree. M o r e formally,
f o r t = _ [ u i t i w e h a v e
1
D e f i n i t i o n t[S] = _~S(~ i)
(ti[S])
1
w h e r e w e n o w a d o p t t h e c o n v e n t i o n t h a t S ( T ) = f o r a n y r e l a b e l l i n g S.
A n i m F ~ r t a n t (though n o t t h e only) u s e o f r e l a b e l l i n g is i n c a s e s
w h e r e w e h a v e s e v e r a l i n s t a n c e s o f a s i n g l e a g e n t r i n a system, b u t
e a c h w i t h d i f f e r e n t labelling, s o t h a t u n d e r e c ~ p o s i t i o n t h e y a r e p r o p e r l y
linked. W e h a v e o n l y t o d e f i n e s e v e r a l ' copies'
r i = r [ S i]
o f t h e g e n e r i c a g e n t r, a n d t h e n c c ~ p o s e t h e r i.
O n e m i g h t h a v e a l l o w e d m o r e g e n e r a l relabellings, u s i n g m a n y - o n e
functions o v e r A (so t h a t d i f f e r e n t l y l a b e l l e d p o r t s c c m e t o b e a r t h e
s a n e label) o r e v e n r e l a t i o n s i n p l a c e o f f u n c t i o n s (so t h a t o n e p o r t
c o u l d 'split' i n t o t w o d i f f e r e n t l y l a b e l l e d ports). S u f f i c e i t t o s a y
t h a t this c r e a t e s p r o b l e m s i n t h e a x i c m a t i z a t i o n o f F l o w A l g e b r a . T h e
p r e s e n t c h o i c e a l l o w s p l e n t y o f scope.
2 . 4 A s i m p l e exar~ole: b i n a r y S ~ n a p h o r e s
A b i n a r y s e m a p h o r e s , o f s o r t {~,~}, m a y b e p i c t u r e d
1[
r -
TO g a i n t h e s~, at : t ~or e ( Di j k s t r a ' s P Op e r a t i o n ) we mus t p e r f o r m a
ext : exi ment ; we r e l e a s e i t ( t he V ope r a t i on) by a ~- e x~r ~me nt .
s = ~ s
1[-
C l e a r l y
29
expresses the appropriate behaviour (a long thin ST'). Imagine a
generic agent p, whose critical section w e represent b y a sequence
<~,8> of atomic actions (experiments upon a resource, say), and whose
non-cri%ical section w e ignore:
p = ~ 6 ~ p .
W e wish to place several instances of p
P i = P[Si] = ~ i 6 i ~ P i (where S i = ~i8i/~6)
in ~ c a t i o n with s, and derive the ocmposite ST. Consider just
two copies of p (i = 1 , 2 ) and form
q = (pllP21S)\~\ ~
which m a y be pictured as shown:
~1 a, 2
p s p
61 62
q
We e a s i l y der i v e an equat i on f o r t he az~posi t e ST q, usi ng t he Expansi on
Theorem - gi ven i n 2.5 - r epeat edl y. You shoul d r ead t h a t s ec t i on wi t h
r ef er ence t o t he expansi on whi ah f ol l ows :
q = (~a 181~pl I ~ 2 6 2 P 2 !~S) \~,\
= T ( ( ~ I s ~ p l i P 2 1 S s ) \ ~ \ ) + T ( ( p ~ I ~ 2 6 2 ~ P 2 i ~ s ) \ ~ \ ~
= re161( (#Pl IP2 I~s) \~\~) + ~ 2 8 2 ((Pll#P2 lSs) \~\~)
= T~161T ( (Pl IP2 Is) \~\~) + T~262~ ( (Pl I P2 Is) \~\# )
= ~e181Tq + T~262T q
SO q is the ST given recursively by
~I ~2
30
a n d e x a c t l y e x p r e s s e s t h e f a c t t h a t t h e c r i t i c a l s e c t i o n s o f Pl a n d
P2 c a n n e v e r o v e r l a p i n time, i.e. a s e q u e n c e like ~I~2BI... is n o t
possible.
I n fact, a n n - b o u n d e d s ~ m a p h o r e (n_> i) c a n b e c o n s t r u c t e d as
s = s l s l . . . I s
n
n t i m e s
t h i s is a n e x a n p l e o f cc~Iocsition w h i c h e f f e c t s n o linkage, b u t w i l l y i e l d
a m u l t i - w a y linkage w i t h ' u s e r ' agents.
T h e 2 - b o u n d e d s e m a p h o r e s 2 ,
B 2
/ /
c~ 3
P B 3 P
w i t h 3 users, c a n b e p i c t u r e d
I I I I
1 1 i
D i a g r a m f o r (piIp21P31S2)\~\~
s 2
(s2's border, a n d its t w o c o l l e c t o r nodes, a r e fictitious; t h e y a r e j u s t
u s e d h e r e t o a v o i d d r a w i n g 12 links i n t h e picture).
E x e r c i s e 2.6 A s p r a c t i c e i n u s i n g t h e E x p a n s i o n T h e o r ~ n , d e v e l o p t h e
e x p r e s s i o n q = (pl[p21P31SlS)\~\~, a n d d r a w p a r t o f t h e S T t o o o n v i n o e
y o u r s e l f t h a t a t m o s t t w o c r i t i c a l s e c t i o n s c a n b e s i m u l t a n e o u s l y active.
C a n y o u e v e n d e r i v e a s e t o f m u t u a l l y r e c u r s i v e b e h a v i o u r e q u a t i o n s , f o r
w h i c h q is t h e s o l u t i o n ? It's a b i t lengthy, b u t possible. T h e
d e v e l o p m e n t is s h o r t e r i f y o u t a k e ~i=~2=~3=~, B1=~2=B3=8; i.e. d e a l
w i t h (plplplsls)\~\~ instead; t h e n t h e S T w i l l n o t d i s t i n g u i s h t h e
c r i t i c a l sections o f e a c h c o p y o f p, b u t y o u s h o u l d b e a b l e t o s h o w
t h a t a t a n y p o i n t i n t i m e t h e e x c e s s o f e ' s o v e r B's p e r f o r m e d
lies i n t h e r a n g e [0,23.
31
2.5 T h e S T ~ p a n s i o n T h e o r e m
W e c o n s i d e r t r e e s e x p r e s s e d i n t h e f o r m
t = [ ~ i t i .
l ~ i ~ n
F o r a s e t {~l,...,ek} = A o f names, w e a b b r e v i a t e
\ ~ 1 \ ~ 2 . . . \ ~ k b y \A.
T h e o r e m 2 . 1 (The E x p a n s i o n Theorem_)
L e t t = (t I I t 2 1 . . . . I t m ) \A, w h e r e e a c h t i is a s ~ n as above.
T h e n t = ~ { ~ ( ( t l l ' " I t " l l " ' I t m ) \ A ) ; l_<i_<m, ~t.'l a stl~mand o f
t i ,
na r ~ (V) ~A}
+ ~{T((tlI...It.' l...It.' l...Itm)\A); 1 < i < j _ < m ,
i 3
It i' a su~Inand o f ti, ~tj' a sun, hand o f tj }
P r o o f Omitted; i t u s e s p r o p e r t i e s o f t h e F l o w o p e r a t i o n s $, \~ a n d
[S], a n d c a n b e d o n e b y i n d u c t i o n o n m.
T h e t h e o r e ~ s t a t e s t h a t e a c h b r a n c h o f t c o r r e s p o n d s e i t h e r t o a n
u n r e s t r i c t e d a c t i o n o f s c ~ e t i , o r to a n i n t e r n a l c c ~ m u n i c a t i o n b e t w e e n
t. a n d t. (i < j). F o r e x a m p l e c o n s i d e r
l 3
( ( a t + ~ t ' ) I ( ~ u + y u ' ) I ( ~ v + ~ v ' ) ) \ ~ \ ~ ;
t h e t h e o r e m g i v e s u s
( u n r e s t r i c t e d actions)
+ ~ ( ( ( ~ t + s t ' ) i ( ~ u + ~ u ' ) I v ' ) \ ~ \ ~ )
+ T ( (tlu ] (~v + yV')) \~\B) ( ~ - c u t ~ , e n i c a t i o n )
+ T ( (t' I (~u + yu') Iv) \~\8) ( 8 - o a l m ~ i c a t i o n )
+ T ( ( (at + St') I u' Iv') \~\8) (y-cc~munication)
32
E x e r c i s e 2.7
C ~ c l e r
D i s ~ o i n e r
A l o t c a n b e d o n e u s i n g c c ~ p o s i t i o n s o f t w o k i n d s o f element:
B y
(i) W r i t e t h e b e h a v i o u r o f
c = e B y c
d = e ( B d + yd)
!
e ~ 8
I I
as a r e s t r i c t e d e c ~ D s i t i o n o f r e l a b e l l i n g s o f c. (The l i t t l e a r r o w s
r e p r e s e n t t h e p o r t a t w h i c h e a c h c o p y o f c o f f e r s its f i r s t e x p e r i -
r~_nt; t h e p r o g r e s s o f t h e s y s t e m c a n b e s i m u l a t e d b y " s w i n g i n g arrows":
t r y it). E x p a n d t h e b e h a v i o u r , t o g e t a r e c u r s i v e d e f i n i t i o n o f a n S T
w h i c h d o e s n ' t i n v o l v e c o m p o s i t i o n , r e s t r i c t i o n o r relabelling.
(ii) D e s i g n a s y s t e m (using c only) t o b e h a v e as t h e S T
s = ~ ( t B t s + tXts).
I S t h i s e q u i v a l e n t t o d?
C H A P T E R 3
A c a s e s t u ~ i n s y n c h r o n i z a t i o n , a n d p r o o f t e d l n i q u e s
3.1 A s c h e d u l i n 9 p r o b l e m
S u p p o s e t h a t a s e t {Pi ; I -<i-<n} o f a g e n t s a l l w i s h t o p e r f o z m
a c e r t a i n t a s k r e p e a t e d l y , a n d w e w i s h t o d e s i g n a s d u e d u l e r t o e n s u r e
t h a t t h e y p e r f o r m i t i n r o t a t i o n ~ s t a r t i n g w i t h P l (~his exan~ple
w a s u s e d i n [Mil 5 ]. )
M o r e p r e c i s e l y , t h e P i a r e t o s t a r t t h e i r p e r f o n u a n c e o f t h e
t a s k i n rotaticn; w e d o n o t ir~0ose t h e r e s t r i c t i o n t h a t t h e i r p e r f o z m -
ances s h o u l d e x c l u d e e a c h o t h e r i n t i m e (this c o u l d b e d o n e u s i n g a
s~ma~hore) b u t w e d o i m p o s e t h e r e s t r i c t i o n t b ~ t e a c h P i s h o u l d b e
p r e v e n t e d f r c m i n i t i a t i n g t h e t a s k t w i o e w i t h o u t ccrapleting h i s f i r s t
initiation. (Pi m a y t r y t h i s u n i n t e n t i o n a l l y , b e c a u s e o f b a d p r o g r a m m i n g
f o r example. )
S u p p o s e t h a t P i r e q u e s t s i n i t i a t i o n a t l a b e l a i ' a n d s i g n a l s
ccnpletion a t 8i (I -< i -< n). ~ h e n o u r s c h e d u l e r S c h o f s o r t A u B ,
w h e r e A = {~. ; l _ < i < n } a n d B = {8. ; 1 < i_<n} , m u s t ir~pose t w o
l 1
c o n s t r a i n t s o n a n y s i g n a l s e q u e n c e e (A u B ~ :
(i) ~ h e n a l l o c c u r r e n c e s o f ~i (l-<i-<n) a r e deleted, i t b e c o m e s
(al~ 2 .... ~ n ) ;
(ii) F o r e a c h i , w h e n a l ! o c c u r r e n c e s o f a j , S j ( j ~ i ) a r e d e l e t e d ,
i t beccr0es
W e c o u l d w r i t e a b e h a v i o u r d e s c r i p t i o n f o r S c h directly, b u t p r e f e r t o b u i l d
i t a s a r i n g o f e l e m e n t a r y i d e n t i c a l czmponents, c a l l e d cyclers.
G e n e r i c c y c l e r c :
34
S c h e d u l e r S c h :
8 2 ~ 3
u s i n g a l s o a ' s t a r t b u t t o n ' ,
S t a r t e r s :
I n b u i l d i n g t h e n e t w e h a v e i n s t a n t i a t e d c b y
I e i = e [ ~ i / ~ ' ~i/B' Y i / Y ' ~ i + 1 / ~ 3 1
f o r 1 < i _< n , w h e r e a d d i t i o n o n s u b s c r i p t s i s m o d u l e n , s o t h a t
I S c h = ( s ' e l ' "'" ' C n ) \ ~ l ' " \ Y n I
W h a t a r e t h e b e h a v i o u r s s a n d
e n a b l e c I a t Y 1 a n d d i e , s o
c ? T h e s t a r t e r i s t h e r e j u s t t o
A S for the c y c l e r , i t a p p e a r s t h a t h e s h o u l d c y c l e e n d l e s s l y a s f o l l o w s :
(i) B e e n a b l e d b y p r e d e c e s s o r a t y ;
(ii) R e c e i v e i n i t i a t i o n r e q u e s t a t ~ ;
(iii) R e c e i v e teITnination s i g n a l a t ~ a n d e n a b l e s u c c e s s o r a t 6 ,
i n e i t h e r o r d e r .
35
S o w e d e f i n e
a n d t h i s d e t e r m i n e s S c h cc~pletely. B u t d o e s it w o r k ? I n f o ~ m a l l y
w e c a n c o n v i n c e o u r s e l v e s t h a t i t does, b y arrow-swinging. M o r e
formally, t h e r e a r e t w o p o s s i b i l i t i e s :
M e t h o d 1 S h o w as d i r e c t l y as p o s s i b l e t h a t c o n s t r a i n t s (i) a n d (ii)
a r e met. F o r t h e f i r s t ccnstraint, t h i s m a y b e e ~ p r e s s e d as a b s o r b i n g
(i.e. permitting) a l l ~ i ccrsaunications, a n d s h o w i n g t h a t t h e r e s u l t
is o b s e r v a t i o n a l l y e q u i v a l e n t t o
(~1;2"" "~n ) ~
L e t u s m a k e t h i s p r e c i s e b y a d o p t i n g t h e c o n v e n t i o n t h a t i f s is a n y
n o n - ~ m p t y l a b e l sequence, t h e n s ~ is t h e b e h a v i o u r g i v e n b y
s = s ( s ~ ) .
T h e n w h a t w e w a n t t o prove, f o r t h e f i r s t constraint, is
- - - - - - L 0
(i) S c h l l ( 8 1 1 .... 18n ~) ~ (~1~2.--~n)
(where ~ is o b s e r v a t i o n a l e q u i v a l e n c e , w h i c h w e d e f i n e f o m a a l l y i n 3.3).
U s i n g t h e n o t a t i o n
{qi ; i ~ I } o r ~ q i
i~I
f o r m u l t i p l e ccn~cxgsition, w e c a n r e w r i t e (i) as
0 ~ --
S C h II F[ 8j ~ (~l'''an) '
l_<j~n
T h e r e q u i r e d e q u i v a l e n c e f o r t h e s e c c n d c c n s t r a i n t is
(~i~i) f o r e a c h i , l _ < i _ < n .
3~x 3~i
M e t h o d 2 W e c a n s p e c i f y t h e b e h a v i o u r o f t h e c o n p l e t e s c h e d u l e r b y a
s i n g l e p a r a m e t e r i z e d b e h a v i o u r e q u a t i o n , i n t h e f o l l o w i n g way. O b s e r v e
t h a t the s c h e d u l e r h a s t o k e e p t w o p i e c e s o f infomaation:
(a) A n i n t e g e r i (l_<i_<n) i n d i c a t i n g w h o s e t u r n i t is
t o i n i t i a t e next.
(b) A s u b s e t X o f [1,n] i n d i c a t i n g w h i c h a g e n t s are
c u r r e n t l y p e r f o r m i n g t h e task.
36
If
p a r a m e t e r v a l u e s i a n d X , t h e n w e c a n s p e c i f y t h e s c h e d u l e r b y
Spec(i,X) = Z ~j S p e e ( i , X - {j})
j ~ x
m
Spec(i,X) = ~i S p e c ( i + l , X u { i } ) +
Spec(i,X) r e p r e s e n t s t h e r e q u i r e d b e h a v i o u r o f t h e s c h e d u l e r f o r
(i e X)
~j S p e c ( i , X - {j}) ( i # X )
j c x
T h e s e e q u a t i o n s s a y t h a t i f P i is n o t p e r f o z m i n g h e c a n initiate, a n d in
a n y c a s e a n y p j ( j e X) c a n s i g n a l cc~oleticn. F o r this m e t h o d w e o n l y
h a v e t o p r o v e o n e o b s e r v a t i o n equivalence:
S c h ~ Spec(i,~)
In 3.4 w e g i v e p a r t o f a p r o o f u s i n g M e t h o d i, w h i c h m a y b e p r e f e r r e d
s i n c e i t d i r e c t l y r e p r e s e n t s t h e c o n s t r a i n t s as specified. M e t h o d 2 is
p o s s i b l e , b u t a little harder.
~
3.1 C a n y o u 'build' t h e c y c l e r d e f i n e d here, u s i n g s i x c o p i e s
II o f t h e c y c l e r c o f E x e r c i s e 2.7? I t is n o t h a r d , b u t t h e s e n s e i n
II w h i c h t h e c c n s t r u c t i o n b e h a v e s like t h e p r e s e n t c y c l e r n e e d s c a r e f u l
I I
U study. T h i s is d e a l t w i t h i n 3.3.
- E x e r c i s e 3.2 B u i l d a s c h e d u l e r w h i c h ini0oses a t h i r d c o n s t r a i n t o n a
s i g n a l s e q u e n c e E (A u B) ~ :
(iii) W h e n a l l o c c u r r e n c e s o f e i (i ~ i < n) are deleted, i t
b e o a n e s ( ~182..- 8n) a
T h i s c o D ~ t r a i n t s a y s t h a t t h e P i m u s t a l s o t e r m i n a t e t h e i r t a s k s
in c y c l i c order.
Note: T h e s e e x e r c i s e s a r e plaiting t o sc~e extent, b u t t h e y m a y h a v e
s a m e s i g n i f i c a n c e f o r b u i l d i n g a s y n c h r o n o u s h a r d w a r e f r o m cc~ponents.
T h i s r e m a i n s t o b e seen.
W e s h a l l n o w d i v e r t t o c c ~ p a r e o u r b e b a v i o u r s w i t h P a t t i Nets,
informally, u s i n g t h e s c h e d u l e r as a n example. R e a d e r s u n f a m i l i a r w i t h
N e t T h e o r y m a y s k i p t h e n e x t section.
37
3.2 B u i l d i n 9 t h e s c h e d u l e r as a P e t r i N e t
W e w i l l u s e P e t r i n e t s i n w h i c h t h e e v e n t s o r t r a n s i t i o n s a r e
l a b e l l e d b y m e m b e r s o f A u {T} . In fact, w e s h a l l j u s t c m i t t h e
T labels.
A n e t c , f o r o u r cycler, is as follows, w h e r e c i r c l e s s t a n d f o r
p l a c e s a n d b a r s f o r t r a n s i t i o n s :
Y
W i t h t h e i n i t i a l m a r k i n g as shown, t h e n e t is c l e a r l y live in t h e u s u a l
sense. B u t i n o u r i n t e r p r e t a t i o n a l - l a h ~ l l e d e v e n t is m e r e l y p o t e n t i a l ;
i t n e e d s c o o p e r a t i o n w i t h a n e v e n t w h i c h b e a r s a c c ~ p l e m e n t a r y label, o r
w i t h a n o b s e r v e r p e r f o r m i n g a ~ - e x p e m i n ~ t .
T h e f l o w o p e r a t i o n s I , \ ~ a n d [S] c a n b e s a t i s f a c t o r i l y d e f i n e d
over a c l a s s o f n e t s (as b ~ g e n s N i e l s e n h a s shown) i n s u c h a w a y a s t o
y i e l d a F l o w A l g e b r a . H e r e , h o w e v e r , i t %will b e e n o u g h t o u s e o n l y IS]
- t h e o b v i o u s r e l a b e l l i n g o p e r a t i o n - a n d t h e d e r i v e d o p e r a t i o n II ; if
n I a n d n 2 are n e t s o f s o r t L a n d M a n d if { e l " ' ' ' ~ k } = n a m e s ( L n M ) ,
t h e n
n III n 2 = (nlIn2)\a i .... \ a k
m a y b e d e s c r i b e d as follc~s:
I d e n t i f y t h e e v e n t l a b e l l e d ~ i (resp ~ i ) i n n I w i t h t h e
e v e n t l a b e l l e d a i (resp e i ) i n n 2 , f o r e a c h i , a n d
t h e n d r o p t h e l a b e l s a l'""" '~k a n d t h e i r ccr~plements.
[Note: T h i s n e e d s m o r e c a r e f u l p h r a s i n g i f w e a l l o w t h a t n I m a y n o t h a v e
a l - e v e n t e v e n t h o u g h ~ e L . A l s o , i n g e n e r a l w e m u s t t a k e c a r e o f t h e
p o s s i b i l i t y t h a t n I - f o r e x a m p l e - m a y h a v e t w o o r m o r e l-events.
38
However, if we start with nets n of sort L having exactly one event
labelled l e L , and confine the use of c ~ p o s i t i o n to pairs n : L , n : M
1 2
for which L and M are disjoint, then all nets built with [S] and II
will have exactly one event for each label in their sort].
To illustrate with cyclers, we have, for c i = c[~i/~,Si/B,yi/7,?i+i/~]:___
Yi ~ ~ ?i+1
and for c I I Ic2 :
Y1
~3
2
Finally w e give the diagram for a scheduler of size 5 cn which
you can play the token game:
39
~ 4
~ 4
~ 3
~ 3
a2
The Petri Net for the scheduler
40
~ o t i c e t h e s l i g h t cheat: c I h a s b e e n g i v e n a d i f f e r e n t i n i t i a l m a r k i n g .
T h i s w o u l d n o t h a v e b e e n n e e d e d if w e h a d i n c l u d e d a p a r t o f t h e n e t f o r
o u r s t a r t button, a n d i n b u i l d i n g t h e n e t w e w o u l d t h e n f i n d t h e n e e d f o r
m o r e t h a n o n e e v e n t l a b e l l e d 71 - w h i c h c o r r e s p o n d s t o t h e s h a r e d p o r t
o f c in t h e p i c t u r e o f Sch, 3.1.
T h e r e is a g r o w i n g b o d y o f t e c h n i q u e s f o r a n a l y s i s o f P e t r i Nets.
F o r e x a n p l e , t h e b e h a v i o u r o f ~ n / k e d G r a F h s i s w e l l la%derstcod [Coil];
a m a r k e d g r a p h is a P e t r i n e t i n w h i c h e a c h p l a c e h a s i n d e g r e e a n d o u t d e g r e e
e q u a l t o I, a n d o u r s c h e d u l e r is i n d e e d a m a r k e d graph. F u r t h e r , m u c h
c a n b e d i s c o v e r e d o f t h e b e h a v i o u r o f a r b i t r a r y n e t s u s i n g t e c h n i q u e s f r c m
L i n e a r A l g e b r a d u e t o K u r t L a u t e n b a c h ( f ~ 9 , Bonn) t o d i s c o v e r I n v a r i a n t s
(properties w h i c h h o l d s f o r a l l a c c e s s i b l e m a r k i n g s , o r t o k e n d i s t r i b u t i o n s ) .
K u r t J e n s e n h a s p o i n t e d o u t t h a t t h e s e t e c h n i q u e s a r e s t r o n g e n o u g h t o t e l l
u s t h a t o u r s c h e d u l e r n e t i n d e e d s a t i s f i e s t h e t w o c o n s t r a i n t s specified.
N e v e r t h e l e s s w e s h a l l t a c k l e t h e p r o o f o f c o r r e c t n e s s o f t h e s c h e d u l e r
b y o u r o w n m e t h o d s , s i n c e w e s h a l l s e e l a t e r t h a t t h e y a p p l y a l s o t o s y s t e m s
w h i c h a r e n o t so r e a d i l y r e p r e s e n t e d as P e t r i N e t s ( e . g . S y s t e m s w h o s e
c c ~ m u n i c a t i o n s t r u c t u r e d o e s n o t r e m a i n fixed).
3.3 O b s e r v a t i o n e q u i v a l e n c e
I t is n o w t i m e t o b e ~ l e t e l y p r e c i s e a b o u t t h e f o r m o f e q u i v a l e n c e
o f agents t h a t ~ w i s h t o adopt. T h e d i s c u s s i o n i n C h a p t e r 1 w a s ~ p r e c i s e ,
d e l i b e r a t e l y so; b u t n o w t h a t w e h a v e a c a s e s t u d y in h a n d w h e r e c o r r e c t n e s s
o f a n a g e n t h a s b e e n e x p r e s s e d as e q u i v a l e n c e b e t w e e n t h e a g e n t a n d its
specification, w e h a v e e n o u g h m o t i v a t i o n t o s t u d y e q u i v a l e n c e seriously.
W e m a y f o r g e t o u r a l g e b r a t e m p o r a r i l y , a n d i m a g i n e s i m p l y t h a t w e
h a v e a s e t P o f a g e n t s (or behaviours) t o g e t h e r w i t h a f a m i l y
{ ~--~ ; ~ A u {z} } o f b i n a r y r e l a t i o n s o v e r P . A is o u r l a b e l set, b u t
w e c a n a l s o f o r g e t t e m p o r a r i l y t h a t A = A U ~ . W e s h a l l c o n s i s t e n t l y u s e X
41
t o r a n g e o v e r A , a n d ~,v t o r a n g e o v e r A u { T } .
P I_~ p, m e a n s "p a d m i t s a k - e x p e r i m e n t , a n d c a n
t r a n s f o r m i n t o p' as a r e s u l t "
p - ~ p' m e a n s "p c a n t r a n s f o r m t o p' u n o b s e r v e d "
S p ! o
W e s h a l l w r i t e p---> , f o r s = ~i" "~n (A u { T } ) * , t o m e a n t h a t
f o r s c m e P o .... 'Pn (n _> O)
~ ~2 ~n = p,
P = P0 - - ~ P l ---~ P 2 . . . . . > P n "
N o w c o n s i d e r t h e result(s) o f p e r f o r m i n g a s e q u e n c e ~ l , . . . , I n o f atcmzic
e x p e r i m e n t s o n p (n ~ 0 ) . T h e r e s u l t m a y b e a n y p' f o r w h i c h
k 0 k i k n
P lIT 12...I T
n > (k i > O) ;
...... p'
t h a t is, a n a r b i t r a r y n u m b e r o f s i l e n t m o v e s m a y o c c u r b e f o r e , a m o n g a n d
a f t e r t h e I . .
1
s
D e f i n i t i o n f o r s ~ A* , d e f i n e t h e r e l a t i o n ~ by: if s = I I " " % n ' t h e n
P s___>p, i f f f o r s c ~ e k 0 ..... k n _ > O
T k 0 1 s T k 1 1 2 . . i n ~ k n
p > p '
s p ,
W e m a y t a l k o f a n s - e x p e r i m e n t (se h*), a n d t h e n p ~ m e a n s
" p a d m i t s a n s-experLme/~t a n d c a n t r a n s f o r m t o p' as a r e s u l t " ; w e m a y
a l s o s a y m o r e b r i e f l y " p can p r o d u c e p' u n d e r s ".
N o t e t h a t f o r t h e e m p t y s e q u e n c e E A * , a n e - e x p e r i m e n t c c n s i s t s o f
lettJ_ng t h e a g e n t p r o c e e d s i l e n t l y as i t w i s h e s , w h i l e o b s e r v i n g n o t h i n g ;
f o r ~.~ h a v e
k
p ~ p' i f f f o r s c m e k > - O p ,,,~, ~ p' .
N o t e a l s o t h e s p e c i a l c a s e p ~ p w h e n k = 0 .
N o w w e c a n s t a t e i n w o r d s w h a t w e s h a l l m e a n b y e q u i v a l e n t agents.
p a n d q a r e e q u i v a l e n t i f f f o r e v e r y s e A *
(i) F o r e v e r y r e s u l t p' o f a n s - e x p e r i m e n t o n p , t h e r e
is a n e q u i v a l e n t r e s u l t q' o f a s - e x p e r i m e n t o n q .
(ii) F o r e v e r y r e s u l t q' o f a n s - e x p e r i m e n t o n q , t h e r e is a n
e q u i v a l e n t r e s u l t p' of a s - e x p e r i m e n t o n p .
42
q h i s a p p e a r s t o b e a c i r c u l a r d e f i n i t i o n (the f o r m a l d e f i n i t i o n w i l l
t a k e c a r e o f t h i s point) b u t n o t e f i r s t t h a t i t i m p l i e s that, for
e a c h s ,
p a d m i t s a n s - e x p e r i m e n t i f f q does.
B u t i t implies m u c h more; f o r example, t h e t w o S T ' s
a d m i t e x a c t l y t h e s a m e s - e x p e r ~ t s , b u t n e i t h e r o f t h e t w o p o s s i b l e
r e s u l t s o f an s - e x p e r i m e n t o n t h e f i r s t t r e e is e q u i v a l e n t t o t h e r e s u l t
o f a n s - e x p e r i m e n t o n the seccnd.
T h e m o t i v a t i o n f o r o u r d e f i n i t i o n is this: w e i m a g i n e s w i t c h i n g p
on, p e r f o m T / n g an e x p e r ~ t , a n d s w i t c h i n g i t o f f again. F o r q t o b e
equivalent, it m u s t b e p o s s i b l e t o s w i t c h q on, d o t h e s a n e e x p e r ~ t ,
a n d s w i t c h i t o f f i n a s t a t e e q u i v a l e n t t o t h e s t a t e i n w h i c h p w a s
s w i t c h e d o f f (and t h e same, i n t e r c h a n g i n g p a n d q ).
O u r f o m n a l d e f i n i t i o n is i n terms o f a d e c r e a s i n g s e q u e n c e
~0' ~ i . . . . . = k . . . . o f (finer a n d finer) e q u i v a l e n c e relations:
D e f i n i t i o n (Observation equivalence) P ~0 q is always true;
P ~ k + i q
i f f V S e A*
S p , s q , p , q ,
( i ) i f p => t h e n f o r s c m e q', q ~ a n d ~ k ;
s q,
(ii) if q ~ t h e n f o r same p', p ~ p' a n d P' ~ k q' ;
p m q i f f V k - > O . P ~ k q ( i . e . ~ = ~ = k )
k
E x e r c i s e 3.3 (a) P r o v e t h a t e a c h ~ k is a n e q u i v a l e n c e relation, b y
i n d u c t i o n o n k . (b) P r o v e b y i n d u c t i o n t h a t ~ k + l c_ ~ k ' i.e.
t h a t p ~ k + l q inilies p ~ q "
43
T h i s e q u i v a l e n c e r e l a t i o n h a s m a n y i n t e r e s t i n g p r o p e r t i e s , w h i c h
w e n e e d n o t e x m n i n e u n t i l C h a p t e r 7 - e x c e p t o n e o r two.
First, i t is n o t n e c e s s a r i l y t r u e t h a t ~ i t s e l f s a t i s f i e s t h e
r e c u r r e n c e r e l a t i o n d e f i n i n g ~ k + l i n t e r m s o f ~ k ' t h a t is, t h e p r o p e r t y
p ~ q iff V s e A* (*)
s p~
(i) if p = > t h e n 3 q ' . q S > q , & p , ~ q ,
~ > q, s > p, p,
(ii) i f q t h e n 3 p ' . p & ~ q '
(which is a formal v e r s i o n O f o u r v e r b a l r e c u r s i v e d e f i n i t i o n o f e q u i v a l e n c e
g i v e n e a r l i e r i n t h i s section). I t i s t r u e if p a n d q a r e f i n i t e STs,
b u t n o t in general. H o w e v e r , o u r d e f i n i t i o n h a s n i o e r p r o p e r t i e s t h a n
o n e w h i c h s a t i s f i e s (*).
F o r STs, o u r b i n a r y r e l a t i o n s )'> a n d T . a r e obvious;
t _ ~ I t' (resp. t T > t') i f f t h a s a b r a n c h It' (resp. T t ' ) . I n t h i s
c a s e w e s h a l l call t' a l-son ( r e s p . - s o n ) o f t .
~ c i s e 3.4 P r o v e t h a t t ~ T t f o r STs. (You n e e d a s i m p l e veiny
~[ i n d u c t i v e p r o o f t h a t t ~ k ~Z t).
L e t u s c o n s i d e r o n e e x a n p l e o f e q u i v a l e n t STs:
t
T o c h e c k e q u i v a l e n c e , i.e. t ~ u f o r a l l k , w e m u s t p r o v e t h e i n d u c t i v e
step: t ~ u i m p l i e s t ~ k + l U . N o w f o r e v e r y s ~ c, t a n d u p r o d u c e
i d e n t i c a l t r e e s u n d e r s ; ~ l d e r e , t p r o d u c e s o n l y t a n d u c n l y u ,
a n d t ~ k u b y induction.
44
D e f i n i t i o n I f P s p, (o e A*) t h e n p' is a n s - d e r i v a t i v e o f p.
(Note t h a t
r e p h r a s e t h e d e f i n i t i o n o f Z k + l in t e ~ o f
" P ~k+l q iff, f o r a l l s ( A * ,
p a n d q h a v e t h e s a m e
u p t o ~ k equivalence. "
p is always a n s - d e r i v a t i v e o f itself). W e c a n t h u s
~ k :
s - d e r i v a t i v e s
E x e r c i s e 3.5 R e - e x a m i n e E x e r c i s e 1.4, a n d v e r i f y p r e c i s e l y w h i c h p a i r s a r e
o b s e r v a t i o n equivalent. Y o u s h o u l d f i n d e x a c t l y f o u r pairs.
E x e r c i s e 3.6 (Deadlock) P r o v e t h a t if p ~ q t h e n t h e f o l l o w i n g s t a t e m e n t
is t r u e o f b o t h o r o f neither, f o r g i v e n 11,. .. ,ln,ln+ 1 :
"It is p o s s i b l e t o d o a 11 . .. I n e x p e r i m e n t a n d
r e a c h a s t a t e w h e r e a k n + i - e x p e r i m e n t is i m p o s s i b l e "
O n e p r o p e r t y o f agents is n o t r e s p e c t e d b y o u r equivalence. It is
p o s s i b l e f o r p a n d q t o b e e q u i v a l e n t e v e n t h o u g h p p o s s e s s e s a n
i n f i n i t e s i l e n t cc~mputation
P J-~ Pl - ~ P2 - ~ . . . . P k ~ P k + l ~-~ "'"
{diver~enoe) w h i l e q c a n n o t d i v e r g e in t h i s way. T h e e q u i v a l e n c e c a n
b e r e f i n e d t o e x c l u d e t h i s p o s s i b i l i t y . S e e t h e r e m a r k s i n 7.3.
3.4 P r o v i n g t h e s c h e d u l e r
I t is ~ s o m e t o u s e t h e d i r e c t d e f i n i t i o n o f ~ ; w e s h a l l i n s t e a d
u s e a f e w o f i t s k e y p r o p e r t i e s , ~ h i c h a r e d e r i v e d f o m a a l l y i n C h a p t e r 7.
W e b e g i n b y l i s t i n g them, s o t h a t C h a p t e r 7 n e e d n o t b e r e a d first.
(~ 1 ) t ~ Tt (see E x e r c i s e 3.4)
N o W w e c a n s e e t h a t ~ is n o t a c c n g r u e n c e relation; t h a t is, r e p l a c i n g
t b y t' (when t ~ t ') in u t o g e t u' does n o t e n s u r e u ~ u ' . F o r
exanlole , N I L ~ T N I L , b u t ~ N I L + N I L ~ ~ N I L + T N I L
4 5
I Exe_r_cise 3 . 7 V e r i f y t h i s f a c t .
S o i n g e n e r a l t ~ t' d o e s n o t i m p l y
o t h e r o p e r a t i o n s d o p r e s e r v e =
t + u ~ t' + u .
(~ 2) t ~ t' i m p l i e s ~ ) p t ~ ut' (.see b e l o w f o r
t l u ~ t ' l u a n d u l t ~ u ' I t
t \ ~ ~ t ' \ ~
t [ S ] = t ' [ S ]
B u t a l l o u r
F o r t u n a t e l y , t o o , w h e n w e a p p l y a g u a r d p t o e q u i v a l e n t S T s t,t' w e
g e t n o t c n l y p t ~ t ' , b u t u t ~ pt' , w h e r e ~ i s a s t r Q n g e r r e l a t i o n t h a n
w h i c h i s p r e s e r v e d b y a l l o u r o p e r a t i c n s .
(~ 3) ~ i s a oongrue.nce r e l a t i c n , a n d
t c t' i n p l i e s t ~ t'
B e y o n d t h e s e , w e n e e d o n e m o r e p r o p e r t y ~ i c h m a y l o o k a l i t t l e s u r p r i s i n g ;
w e l e a v e i t s d i s c u s s i o n t o C h a p t e r 7 .
(~ 4) t + T t c T t
A p a r t f r a n t h i s , t h e p r o o f b e l o w w i l l u s e o n l y r a t h e r n a t u r a l p r o p e r t i e s o f
o u r o p e r a t i o n s , i n c l u d i n g t h e E x p a n s i o n ~ h e o r e m , a l l j u s t i f i e d b y Q h a p t e r 5.
~ t r e a t o n l y t h e f i r s t c o n s t r a i n t , n a m e l y
I I B n ) ~ - . . ~ n )~ (I) S ~ h [ I ( ~ i " ' " '~ ( % "
De f i n e t h e l e f t hand s i d e t o be Sch' . We s h a l l a c t u a l l y show t h a t Sch'
s a t i s f i e s t h e d e f i n i n g e q u a t i o n o f (~i o . . ~ n )~ , n a m e l y
S c h ' ~ ~ l " " ~ n S c h ' . (2)
f r c ~ w h i c h (i) f o l l o w s , b y g e n e r a l p r i n c i p l e s w h i c h w e s h a l l n o t t r e a t h e r e
(but s e e E x e r c i s e 7.7).
W e m a y w r i t e Sch' a s
SCh' = (s f e l l ... I C'n ) \ 7 1 " ' ' \ Y n (3)
( u s i n g g e n e r a l p r o p e r t i e s o f I a n d \ e ), w h e r e
C'l = (ci I B~m)\~il (4)
r e p r e s e n t s t h e i t h c y c l e r w i t h ~ i p e ~ n i t t e d . N o w w e s h a l l d i s c o v e r
46
b e l o w t h a t
w C - - - -
c , ' ( 5 )
Ci Yi~iYi+l l
s o ~ c a n u s e t h e s e e x p r e s s i c n s i n t e r c h a n g a b l y , b y (~ 3), t o a s s i s t o u r
e x p a n s i o n o f Sch', w h i c h r u n s as follows:
s c h l c ( ? : [ N I L I Y I ~ I ? 2 c ; I . . . . t ~ n % ? l C n , ) \ 1 . . . \ n
C - - - -
(the s t a r t b u t t c n h a s worked)
c ~ h ~ 2 " . ~ n < N ~ L i c ~ i c ~ I IT c l ) \ h " \ ~ n
(leaving c' t o b e reenabled)
1
. . . . . ! ! Q .
C ~ : ~ 1 T c ~ 2 . . . . T~nT (NIL i slY2CliC2 [. i c ~ ) \ y l , . X Y n
= ~1~2 . . . % Sch' as required, b y (~ 1) a n d (~ 2).
L e t us n o w s h o w (5) , f o r i = 1 say.
c ~ = ( Y 1 c ~ 1 ( 6 1 Y 2 c I + Y 2 8 1 C l ) I B 1 ~ ) \ 6 1
= h h ( ~ 2 c ~ + i 2 c~) b y ~ s i o n .
B u t
I c - , b y (= I) a n d (~ 2), s o
Y2 T c I ~ Y2Cl
~ 7 2 c , + i 2 ci' c ~ 7 2 c ~ + -y2ci, ~ (_- 3)
C ~ 7 2 C ~ b y ( = 4),
a n d b y s u b s t i t u t i n g in t h e e x p a n s i o n o f c~
I C - - - -
' as required.
c I Y l ~ l Y 2 C l
w e g e t b y (~ i), (~ 2)
W e l e a v e t h e v e r i f i c a t i o n o f t h e s e c o n d c o n s t r a i n t o n t h e s c h e d u l e r as a n
e x e r c i s e i n C h a p t e r 8. It is n o t hard, b u t u s e s a s l i g h t l y m o r e g e n e r a l
p r o p e r t y t h a n (-- 4).
C H A P T E R 4
C a s e s t u d i e s i n v a l u e - c c m m m / c a t i o n
4.1 R e v i e w
S o far, w e h a v e s e e n h o w b e b a v i o u r s (STs) m a y b e b u i l t u s i n g s i x
k i n d s o f operation, t o g e t h e r w i t h t h e a l l - i n p o r t a n t u s e o f recursion.
T h e o p e r a t i o n s f a l l i n t o t w o classes:
(i) D y n a m i c o p e r a t i o n s (Chapter i)
I n a c t i o n N I L
S u ~ n a t i o n +
Axztion ~ c A u {T}
T h e d y n a m i c q p e r a t i o n s b u i l d n o n d e t e r m i n i s t i c s e q u e n t i a l b e h a v i o u r s .
(2) S t a t i c o p e r a t i o n s (Chapter 2)
Cc~mposition I
R e s t r i c t i o n \~ (~ ~ A)
R e l a b e l l i n g IS]
T h e s t a t i c o p e r a t i o n s e s t a b l i s h a f i x e d l i n k a g e s t r u c t u r e a m o n g
c o n c u r r e n t l y a c t i v e b e h a v i o u r s .
T h e e x a m p l e s g i ~ _ n w e r e s t a t i c c o m b i n a t i o n s o f s e q u e n t i a l b e h a v i o u r s ,
y i e l d i n g s y s t e m s w i t h f i x e d l i n k a g e structure. B u t d y n a m i c a l l y - e v o l v i n g
s t r u c t u r e s c a n b e g a i n e d b y d e f i n i n g r e c u r s i v e b e h a v i o u r s i n v o l v i n g
composition. T h e p o s s i b i l i t i e s a r e q u i t e rich; w e g i v e a n example, n o t
f o r i t s u s e f u l n e s s (whid~ i s doubtful) b u t t o i l l u s t r a t e t h e p o w e r o f OCS.
First, l e t u s d e f i n e a n o p e r a t i o n ~ahich h a s w i d e application. I f
x : L, y : M a n d L n M = ~, w i t h ~ e L a n d ~ E M , t h e cJlainimz 7 o p e r a t i o n
*-~ is g i v e n b y
x " ~ y = (x[~/B] I y [ 6 / ~ ] ) \ 6
w h e r e ~ { ~ ( L u M ) . I n pictures:
(See 8.3 f o r a p r o o f t h a t f-~ is a s s o c i a t i v e ; t h i s e v e n h o l d s if L n M ~ . )
48
N o w c o n s i d e r i n p a r t i c u l a r p:{~,8,y} a n d q:{~} g i v e n b y
p = a ~ y ( P ~ P ) , q = ~ q
a n d c o n s i d e r t h e f o l l o w i n g derivation:
2
~_~_> pf-~ p, " , p , ~ p-~, q
4
c~y > p..-., p,--, p r ~ p , ~ p,"~ p,"~ p r , p~-, q
.etc .....
A f t e r n u's, 2 n - I 7 ' s (and n o more) c a n h a v e occurred.
E x e r c i s e 4 . 1 (For fun). D e s c r i b e t h e b e h a v i o u r o f p ~ q a b i t m o r e
p r e c i s e l y - e.g. h o w m a n y y ' s m u s t h a v e o c c u r r e d a f t e r n ~ ' s ?
E x e r c i s e 4.2 B u i l d a c o u n t e r o f s o r t {i ,6 ,~}
w h i c h (i) C a n a l w a y s b e i n c r e m e n t e d b y a n 1-experJ/nent;
(ii) C a n b e d e c r e m e n t e d b y a f - e x p e r i m e n t if non-zero;
(iii) C a n a d m i t a ~ - e x p e r i m e n t o n l y w h e n i t is zero.
Hint: i n s t a t e n, i t w i l l b e s G m e t h i n g like a c h a i n o f
a b o u t n cells. I n c r e m e n t i n g m u s t i n c r e a s e t h e c e l l - c o u n t
b y one; d ~ t i n g m u s t d e c r e a s e t h e c e l l - c o u n t b y o n e b y
c a u s i n g o n e c e l l t o d i e - i.e. b e c a m e NIL. Y o u m y n e e d a
d o u b l y l i n k e d dnain, b u i l t b y a s u i t a b l y g e n e r a l i s e d c h a i n i n g
operator, a n d l o o k i n g l i k e
"0: 0:
B u t o u r c a l c u l u s s o f a r h a s a n irmportant r e s t r i c t i o n w h i c h m a k e s
i t i n a d e q u a t e f o r p r o g r a m m i n g ; a l l ccm,I~mication is p u r e s y n d q r o n i z a t i o n ,
a n d n o d a t a - v a l u e s a r e p a s s e d f r a m o n e a g e n t t o a n o t h e r . T r u e , w e c o u l d
i n p r i n c i p l e ' r e a d ' t h e c o n t e n t s o f t h e c o u n t e r o f E x e r c i s e 4 . 2 by. s e e i n g
h o w m a n y d e c r e m e n t s (6) a r e n e e d e d b e f o r e a ~ (test f o r zero) is o f f e r r e d .
T n i s w o u l d b e ~ c m e , t o s a y t h e least, a n d f o r t h e c o u n t e r as s p e c i f i e d
i t w o u l d d e s t r o y t h e c o u n t s t o r e d i n it:
49
So w e n o w proceed to a generalisation of the algebra. In doing
so w e are forced to abandon our ST interpretation. W h a t takes its
place m u s t w a i t till Chapters 5 a n d 6; meanwhile the reader m u s t
realise that - for example - the equality symbol between o u r m o r e
general behaviour expressions is n o t explained in this chapter.
4.2 Pass in~ values
Consider the simple behaviour
% _
P = ~ 8 ~ p S ~ p ~ 8
It's no more than the cycler of Exercise 2.7, ?
b u t if w e think of positive labels (e,8) as accepting input pulses,
and negative labels (~) as giving output pulses, then p beccmes
a behaviour w h i c h "gi~_s an output whenever it has received two inputs"
(the inputs being demanded in a particular order).
Suppose that an input at ~ consists of m o r e than a pulse; it is
a value (an integer, say). qhat is, attempting an a-experiment o n p
consists of offerrin9 a v a l u e to p at s . W e m a y then wish to represent
p ' s behaviour as
p = e x . - - -
where x is a variable (supposed to become bound to the value received
in an s-experiment), and - - - is sc~e behaviour expression _dependent
upon x , i.e. containing x as a free variable. W e say that the variable
x is bound b y a, a n d its sco~e is - - - .
(This is very f~niliar to anyone who knows the l-calculus; the difference
here is that any positive label e m a y b i n d a variable, w h i l e in the
l-calculus there is only one binder - the symbol "I".)
W e can go further, in our aim to transfo~n p into a behaviour whose
output values depend o n its input values, and w r i t e
p = ~x.Sy. - - -
Here 8 binds the variable y . Note that the scope of x is B y . - - - ,
w h i l e the scope o f y is just - - - . (It w o u l d b e stupid to w r i t e a x . S x . - - -
since then any occurence o f x in - - - w o u l d refer to the value bound b y
to x ; the value bound b y a to x is inaccessible.)
50
S u p p o s e w e w a n t t h e s ~ n o f x a n d y t o b e o u t p u t a t ~ .
T h a t is, i n g e n e r a l f o r n e g a t i v e labels, a t t e s p t i n g a ~-experi1nemt
o n p c c ~ s i s t s o f ~ d i n ~ a v a l u e f r a m p a t ~ . T h u s n e g a t i v e
labels d o n o t b i n d v a r i a b l e s - i n s t e a d t h e y q u a l i f y v a l u e e x p r e s s i o n s
(which m a y c o n t a i n v a r i a b l e s ) . S O w e w r i t e
p = ~x. 8y.~ (x+y) .p
i t is n o w p r o p e r t o t a l k o f a n " ~ v - e x p e r i m e n t " r a t h e r t h a n a n
" ~ - e x p ~ _ r ~ t " , w h e r e v is t h e v a l u e s u b m i t t e d b y t h e c ~ s e r v e r , a n d
s i m i l a r l y o f a "~ v - e x p e r i m e n t " w h e r e v is t h e v a l u e r e c e i v e d b y t h e
l
observer. So, g e n e r a l i s i n g t h e r e l a t i o n - - ~ o f 3.3, w e s a y
X_~V p, ,,p I v - e x p e r ~ t , a n d c a n
p m e a n s a d m i t s a
t r a n s f o z m t o p' as result".
(Note t h e d i f f e r e n t sense, a c c o r d i n g t o t h e s i g n o f I .)
A s a g e n e r a l r u l e then, w e c a n s t a t e
~ x . B e V ~ B{v/x}
w h e r e v is a n y value, B i s a b e h a v i o u r e x p r e s s i o n , a n d
t h e r e s u l t o f r e p l a c i n g a l l u n b o u n d o c c u r r e n c e s o f x i n
A n d s i m i l a r l y (more sin!sly)
~ v . B ~ V ; B
f o r t h e 2 a r t i c u l a r v a l u e v o
o n p :
p = ~ x . B y . ~ (x+y) .p
~ 3 ~ By.~(3+y) .p
84
~ (3+4) .p
~ 7 ~ p
B { v / x } m e a n s
B b y v.
S o t h e f o l l o w i n g d e r i v a t i o n is p o s s i b l e
(See 4.4 f o r m o r e a b o u t derivations.)
N o w w e h a v e h a r d l y a n y t h i n g m o r e t o a d d t o o u r l a n g u a g e b e f o r e f i n d i n g
t h a t i t c a n b e u s e d c o n v e n i e n t l y f o r p r o g r a n m i n g . A s f o r its i n t e r -
p r e t a t i o n , w e c a n i n t r o d u c e a g e n e r a l i s e d f o n a o f S T w h i c h w e c a l l
Cxa~,t~nication T r e e s (C~), b u t f o r t h e p r e s e n t w e w i s h t o r e l y o n i n t u i t i v e
u n d e r s t a n d i n g .
51
W e s h a l l u s u a l l y b e h a n d i n g e x p r e s s i o n s o f t h e f o ~ m
[ ~ i x i . B i + [ ~ j E j . B i + [ T . B ~
i j k
! I t
w h e r e Bi,Bj, ~ a r e b e h a v i o u r expressions, t h e x i a r e v a r i a b l e s ,
a n d t h e E a r e v a l u e expressions. A s f o r e x p r e s s i o n s i n v o l v i n g
3
c c ~ p o s i t i o n (I) a n d t h e o t h e r o p e r a t i o n s , i t w i l l b e e n o u g h t o l o o k
a t a s i m p l e e x a m p l e a n d t h e n g i v e a g e n e r a l i s e d E x p a n s i o n T h e o r e m (2.5).
C o n s i d e r
B = (~x.B I + BY.B2) i ~ v . B 3
W e e x p e c t a s ~ n o f 4 temas, o n e i n v o l v i n g ~ :
B = ~ x . ( B I I ~ v . B 3) + 8 y . ( H 2 1 ~ v . B 3)
+ ~ v . ( ( e x . B 1 + S y . B 2) I B 3) + Y - ( H I { v / x } I H 3)
N o t e t h a t t h e "label" d o e s n o t b i n d a v a r i a b l e o r q u a l i f y a v a l u e
e x p r e s s i o n . W e s h a l l a l s o reselcve t h e r i g h t t o u s e o t h e r l a b e l s i n
this s i m p l e w a y w h e n t h e y o n l y r e p r e s e n t synchronization. I n f a c t w e
s h a l l a l l o w a p o s i t i v e l a b e l t o b i n d a t u p l e x = X l , . . . , x n o f (distinct)
variables, a n d a n e g a t i v e label, t o q u a l i f y a t u p l e E = El,... ,E n o f
v a l u e expressions; t h e n f o r p u r e s y n c h r o n i z a t i o n w e j u s t u s e O - t u p l e s .
W e s h a l l u s e t h e t e r m g u a r d to ccr~prise t h e p r e f i x e s ~ , 6 ~ a n d T,
a n d u s e g t o s t a n d for a guard. D i j k s t r a [Dij] i n v e n t e d t h e n o t i o n
o f guard, t o s t a n d f o r s a m e c o n d i t i o n t o b e m e t b e f o r e t h e e x e c u t i o n o f
a p r o g r a m part. I t is n a t u r a l to a d a p t it t o t h e c a s e w h e r e t h e c o n d i t i o n
is t h e a c c e p t a n c e o f a n o f f e r r e d c ~ L u n i c a t i o n , as H o a r e [ H o a 3] h a s
a l s o d o n e i n h i s CSP. W e t h e n f i n d t h a t t h e a n a l o g u e o f D i j k s t r a ' s
g u a r d e d c c n ~ a n d s i s p r o v i d e d b y st~mation; w e r e f e r t o a n e x p r e s s i o n
Egk. ~ as a s u m o f 9~ards, a n d c a l l e a c h g k ' ~ a s ~ n a n d o f t h e
e x p r e s s i o n . W e d e n o t e t h e n a n ~ o f g ' s label b y name(g).
E x p a n s i o n T h e o r e m (stated a n d p r o v e d as T h e o r e m 5.8).
L e t B = (Bll...IBm) k A , w h e r e e a c h B i is a s ~ n o f guards. T h e n
B = [{g.((BIO...IBII...IBm)\A) ; g . B l a s u m m a n d o f Bi, name(g)% A }
+ ~ { T . ( ( B I I . . . I B ~ { ~ / ~ } I . . . I B ~ I . . . I B m ) A); ~.B'.l a simTnand o f
i ~ j }
Hi, e E . B 3 a s u m m a n d o f B 3 ,
p r o v i d e d that, i n t h e f i r s t tena, n o f r e e v a r i a b l e i n B k ( k ~ i) is b o u n d
b y g .
52
T h e m e a n i n g o f t h e T h e o r e m is t h a t a l l u n r e s t r i c t e d a c t i o n s a n d a l l
i n t e r n a l c~,~Lunications i n B m a y occur.
N o t e t h a t o u r l a n g u a g e c o n t a i n s t w o d i s t i n c t k i n d s o f e x p r e s s i o n -
v a l u e e x p r e s s i o n s a n d b e h a v i o u r e x p r e s s i o n s . C o n s i d e r ~ E . B ; E is
t h e f i r s t kind, B t h e second. W e a l l o w t h e f o l l o w i n g s i m p l e b u t
i m p o r t a n t c o n s t r u c t s i n o u r language:
(i) C o n d i t i o n a l b e h a v i o u r e x p r e s s i o n s .
i f E t h e n B 1 e l s e B 2
w h e r e E is b o o l e a n - v a l u e d . C o n s i d e r f o r e x a m p l e
e x . ( i f x - > O t h e n ~ x . B e l s e {x.B)
(ii) P a r a n e t e r i s e d b e h a v i o u r d e f i n i t i o n s . F o r example:
a(y) = a x . ( i f x - > y t h e n ~ x . a ( y ) e l s e { x a(y))
(iii) L o c a l v a r i a b l e d e c l a r a t i o n s . W e s h a l l a l l o w c o n s t r u c t s l i k e
l e t x = 6 a n d y = l O i n B
a n d
B w h e r e x = 6 a n d y = i 0 .
T h e y m e a n e x a c t l y t h e s a m e - namely, t h e s a m e as s u b s t i t u t i n g
6 f o r x a n d i 0 f o r y t h r o u g h o u t B.
W e h o p e t h a t t h e l a n g u a g e is s i m p l e e n o u g h t o b e u n d e r s t o c ~ intuitively,
w i t h o u t f o n m a l syntax. E x a c t f o ~ a t i o n c o m e s later'
4 . 3 A n e x a m p l e - D a t a F l o w
W e w i l l n o w s h o w h o w t o b u i l d a n d v e r i f y a s i m p l e s y s t e m w h i c h b e a r s
a s t r o n g r e l a t i o n t o t h e D a t a F l o w S c h e m a t a o f D e n n i s e t a l [DFL] o
T h e t a s k i s t o b u i l d a n e t w h i c h w i l l c c m p u t e 2 x f o r a r b i t r a r y n o n - n e g a t i v e
i n t e g e r x , g i v e n c o m p o n e n t s f o r c c ~ p u t i n g m o r e p r i m i t i v e f u n c t i o n s a n d
p r e d i c a t e s , a n d s a m e s t a n d a r d g a t i n g a n d s w i t c h i n g ~ x m l 0 o ~ t s . T h a t is,
w e w a n t a n e t w h o s e b e h a v i o u r is o b s e r v a t i o n e q u i v a l e n t t o
a = i x . o 2 x. a (i)
(We s h a l l o f t e n u s e ~ f o r input, o f o r o u t p u t ) . First, w e d e f i n e s a m e
s t a n d a r d c c m ~ n e n t s .
53
(i) U n a r y f u n c t i c ~ a g e n t
F o r a r b i t r a r y u n a r y f u n c t i o n f , w e d e f i n e t h e a g e n t
D O f = i x . o ( f ( x ) ) . ( D O f) ~ D O f /
0
w e s h a l l o n l y u s e s i n p l e f's ; w e a r e a c t u a l l y t r y i n g t o b u i l d
t h e b e h a ~ o ~
~ b ~ p
w h e r e b e x p (x) 2 x = , as y o u c a n s e e b y oanloaring (I) a n d (2).
(ii) U n a r y p r e d i c a t e a g e n t
F o r a r b i t r a r y u n a r y p r e d i c a t e p , w e d e f i n e
A S K p = ~x. i_~f p(x) t h e n olx. (ASKp) 4
~2x. (ASK p) ol o2
e l s e
N o t e t h a t t h e v a l u e x is p a s s e d u n c h a n g e d o u t o f o n e o f t h e
o u t p u t ports.
(iii) A ~ a t e 4~ I
C ~ T E = ~ x . o x . y . G A T E ~ G ~ /
% ~ e g a t e t r a n s m i t s a v a l u e u n c h a n g e d , b u t n ~ s t
b e r e - ~ e d a t y t o repeat.
T R I G = i x . y . o x . T R I G y ~ T ~ G /
O
L i k e a g a t e , b u t m u s t b e t r i g g e r e d (or t r i g g e r sc~neone
else') a f t e r r e c e i p t a n d b e f o r e t r a n s m i s s i o n .
(v) A s o u r c e
F o r a r b i t r a r y c o n s t a n t v a l u e v , a ~ e n t s o u r c e o f v ' s
i s g i v e n b y
D O v = ~ . o v . ( D O v )
O
W e u s e D O , b e c a u s e t h e u n a r y f u n c t i o n a g e n t is e a s i l y
g e n e r a l i s e d t o n - a r y f u n c t i o n agents, a n d c o n s t a n t s a r e
j u s t o - a z y functions.
(2)
54
(vi) A s i n k
S I N K = Ix.SINK ~ S ' I N K y
F o r d i s c a r d i n g u r ~ a n t e d values.
1
(vii) A s w i t c h t
Y 1 ~ - ~ T I ~ y
S W I T C H = Ix. (YI.OlX.SWITCH + Y2.o2x.SWITCH) 2
o/ 0 2
A g e n e r a l i s a t i o n o f a trigger;
t r i g g e r i n g Yi s e l e c t s o u t p u t p o r t o i "
T h i s is a l l w e n e e d f o r o u r example; it is n o t a c c ~ p l e t e (or n e c e s s a r i l y
best) set, a n d i t w o u l d b e i n t e r e s t i n g t o d e s i g n a g o o d s e t o f c c ~ p o n e n t s
w h i c h c o u l d b e s h o w n a d e q u a t e f o r a w i d e c l a s s o f d a t a - f l o w computations.
W e w o u l d l i k e t o f a c t o r o u r d e s i g n i n t o a c o n t r o l p a r t a n d a
c o n t r o l l e d part. F o r t h e c o n t r o l part, i t w i l l b e c o n v e n i e n t to b u i l d
a n a g e n t o b s e r v a t i o n - e q u i v a l e n t t o
x t i m e s
C O N T R O L = ix:y. .y.'~.CONTROL (3)
i.e. f o r i n p u t x i t w i l l a d m i t x y - e x p e r i m e n t s f o l l o w e d b y a 6-experinent,
a n d r e t u r n t o its o r i g i n a l 'state'. W e s h o w t h e n e t f o r r e a l i s i n g CONTROL;
i t c a n b e s h o w n b y E x p a n s i o n t o s a t i s f y a n e q u a t i o n like (3) w i t h m a n y
i n t e r v e n i n g w's, a n d t h i s is o b s e r v a t i o n e q u i v a l e n t t o C C N T R O L , as w e s h a l l
s e e i n C h a p t e r 7.
55
Y
6
C O N T R O L
!
!
!
b
i
I
# #
I
i
I
!
I
t
I
\ i
\ i
\
: I
t
\
\
\
%
%
#
!
I
I
I
|
|
I
I
I
!
O n e c a n c h e c k f o r t h e r i g h t b ~ h a v i o u r i n f o z m a l l y , b y " a r r o w - s w i n g i n g " .
N o t e t h a t t h e i n i t i a l s t a t e is r e s t o r e d , a n d t h a t i f e i t h e r t r i g g e r is
r e p l a c e d b y a g a t e t h e n 'overtaking' c a n occur, y i e l d i n g t h e w r o n g
b e h a v i o u r .
56
The oontrolled part, or body, is to admit a value v at ~ ' ,
then after n y-experiments follow~d by a ~-experiment it w i l l emit
v at o and restore itself. That is, w e w a n t to realise
BODY = 1'y. b(y) where (4)
b(y) = ~.b(2y) + ~.oy.BODY
I '
BODY ~
i
s
j r
s I
( k " I r r ~
I
!
i
Exercise 4.3 Put this n e t together, as a restricted ~ i t i o n of
relabelled standard components, and show that it satisfies an
equation like (4) (but with intervening T's), using the Expansion
Theorem.
57
Having established the behaviour of BODY and C ~ L , it is a simple
matter to put them together in sud% a way that an input x to the
whole system first gates a i into BODY, then enters C O N S U L itself.
~ e outer pair of gates (present also in BODY and CONTROL) is to
prevent overlappin 9 of successive ccmputations.
I
I I
t
!
|
1
I
t
I
1
I t
! 1
D O bexp
-7
k ~
BODY
%
L
T
! - -
O
!
I
58
Exercise 4.4 T r e a t i n g B O D Y a n d C O N T R O L as g i v e n b y (3) a n d (4)~ p u t
t h e n e t t o g e t h e r as i n t h e l a s t e x e r c i s e , a n d s h o w t h a t i t b e h a v e s
like D O be~xp, b u t w i t h i n t e r v e n i n g T's. S e e (i) a n d (2).
T h e e x a ~ o l e s h o w s h o w n e t s m a y b e b u i l t i n m o d u l e s w h i c h a r e
v e r i f i e d separately. T h e r e a r e t w o remarks:
(i) T h e u s e o f t h e E x p a n s i o n T h e o r e m is tedious, b u t as w e
m e n t i o n e d e a r l i e r i t c a n b e m e c h a n i s e d .
(ii) W e h a v e i m p l i c i t l y assigned t h a t if t w o b e h a v i o u r s a r e
o b s e r v a t i o n equivalent, t h e n r e p l a c i n g o n e b y a n o t h e r i n
a n y s y s t e m c o n t e x t w i l l y i e l d a n o b s e r v a t i o n e q u i v a l e n t
system. (This is w h a t j u s t i f i e d o u r t r e a t m e n t o f B O D Y
a n d C O N T R O L - r e p l a c i n g t h e m b y t h e i r s ~ c i f i e d b e h a v i o u r s ) .
T h i s a s s t m p t i o n is j u s t i f i e d f o r t h e c o n t e x t s w e h a v e
considered, b u t i t is n o t t r i v i a l to p r o v e t h a t t h i s is so.
E x e r c i s e 4 . 5 C o n s t r u c t d a t a f l o w n e t s t o c c ~ p u t e t h e v a l u e o f y
i n p u t v a l u e s x a n d y , f o r e a c h o f t h e f o l l o w i n g prograns:
(i) w h i l e p(x) d o (y:= f(x,y) ; x: = g(x))
(ii) w h i l e p(y) d o (y:= if q(x,y) t h e n f(x,y) e l s e f(y,x) ;
x : = g(x) )
Y o u w i l l a l m o s t o e r t a i n l y n e e d s a m e o t h e r 'standard' agents, a n d a
d i f f e r e n t w a y o f h a n d l i n g p r e d i c a t e s - s i n c e t h e c o n s t r u c t 'ASK q'
d o e s n ' t g e n e r a l i s e v e r y w e l l f o r n o n - u n a r y p r e d i c a t e s .
f r c m
4.4 D e r i v a t i o n s
I n 4.2 w e g a v e a n exarmple o f a d e r i v a t i o n o f p = ~ x . S y . y ( x + y ) . p :
S i m i l a r l y , B = ((~x.B 1 + 8y.B 2) I ~ v o y z - B 3 ) \ S h a s d e r i v a t i o n s
B ~ (B1{5/x} t ~v-~z.B3)\S ;
B ~--> (B2{v/y} I Y z - B 3 ) \ 8 ~ (B2{v/Y} I B 3 { 7 / z } ) \ 8 -
59
A general derivation takes the form
B P l V l ) ~2v2 p v
B I _ _ _ _ ~ B 2 __.>... n n
(which has length n) o r m a y b e infinite.
derivation of length n as
UlVl ~2v2 Pn v
n
we can abbreviate B -J--~B' by B ~ B'
m n
a n d abbreviate B ~ . ~ V . T B' k57 B ~ > B '
(see also 3.3).
B
n
W e shall often ~a~ite a
~ 1 v l . ~ 2 v 2 . . . . . . ~ v
, o r B n n , B
n
(n -> O)
(m,n >_ O).
A cc~01ete derivation is either an infinite derivation, or a finite
derivation w h i c h cannot be extended (this means B = NIL).
n
I
Exercis____~e 4.__66 Using equations (3) and (4) in 4.3, write sc~e of the
derivations o f BODY, ~ L and (BODY I CONTROL)\y\6 . W h a t ccr~piete
derivations are there?
A ccrmplete finite derivation of B represents a possibility that B
can reach a point where no further action is Ix)ssible; it m a y deadlock.
4.5 A n example - Zero s ~ c h i n ~
W e w a n t to set two agents p and q to w o r k together in finding
a root for the equation f(X) = 0 in the range [A,B] , for a continuous
function f , knowing that such a root exists - i.e. f(A) f(B) -<0.
It is natural to make p and q calculate f(A') and f(B') respectively,
and concurrently, for two internal F~ints A' and B'.
If p finishes first, and finds that f(A') differs in sign frcm
he can leave a message for q to cane and help h i m in the n e w interval
[A,A'], a n d begin to w o r k within this interval himself.
f (A) ,
60
I f h e f i n d s f(A') t o h a v e t h e s a n e s i g n a s f(A), t h e n h e
s h o u l d g o t o h e l p q i n t h e i n t e r v a l [A',B3.
+ +
A A' B' :-A" B
H e c o u l d c h o o s e a p o i n t A " i n [A',B'] o r i n [B',B]. K u n g [Kun,
S e c t i o n 3] m a d e t h e e l e g a n t s u g g e s t i o n t h a t t h e p o i n t s A',B' s h o u l d
n o t t r i s e c t [A,B], b u t r a t h e r d i v i d e i t s o t h a t t h e r a t i o s A A ' : A B ,
B ' B : A B a n d A ' B ' : A ' B a r e equal; t h e n i n t h e case a b o v e A m a y p i c k
t h e n e w p o i n t A " s o t h a t t h e n e w i n t e r v a l [A' ,B] is s u b d i v i d e d b y t h e
~ r k i n g p o i n t s i n t h e s a m e r a t i o as [A,B] w a s subdivided.
T h i s d e t e r m i n e s A' ,B' as t h e g o l ~ s e c t i o n s o f A,B;
O2
. ~ + 8 - - 1 ;
A A' B I " B
. . . . . ' ~ 0 = ~ - 1 -~" .618
e2 03~ ~ -
e~
A t any n~ment t h e n , t h e r e a r e t wo p o s s i b i l i t i e s :
(i) p a n d q a r e b o t h ~ r k i n g o n g o l d e n s e c t i o n s o f [A,B];
(ii) O n e o f t h e m is w o r k i n g o n a g o l d e n s e c t i o n point, a n d
t h e o t h e r o n a p o i n t o u t s i d e t h e i n t e r v a l (because t h e
o t h e r a g e n t h a s s h r u n k t h e interval).
T h e o c ~ p u t a t i o n s t o p s w h e n t h e i n t e r v a l h a s b e e n r e d u c e d t o l e s s t h a n
s a m e p r e d e t e x m i n e d v a l u e ' e p s '.
A s K u n g o b s e r v e d , t h e a l g o r i t h m c a n b e i m p l e m e n t e d b y g i v i n g p
a l o c a l v a r i a b l e X (his w o r k i n g p o i n t ) , q a l o c a l v a r i a b l e Y similarly,
a n d r e p r e s e n t i n g t h e i n t e r v a l b y a f e w g l o b a l v a r i a b l e s w h i c h e i t h e r p o r
q m a y i n s p e c t a n d update, u s i n g
T h u s a n o u t l i n e p r o g r a m f o r P ,
p = w h i l e i n t e r v a l >_ e p s d o
~ u ~
s i m i l a r l y f o r q , a n d t h e w h o l e
p I
a c r i t i c a l s e c t i c n f o r t h e p u r p o s e .
u s i n g c o n v e n t i o n a l a n d o b v i o u s n o t a t i o n , is:
cP TIe SECT
f (X) ; u p d a t e g l o b a l s e n d ;
p r o g r a n is
I q o 0 e n d .
61
T. M~idner has given the ac~plete algorithm [Mtil]. I a m grateful to
A. Salwicki for drawing rmy attention to this ~ l e , which is a good
one to illustrate different concurrent programfing disciplines.
Now in a sense p and q are sharing a resource, i.e. the
interval, represented by global variables. Hoare and others have
made the point that code and data associated with shared resources are
better located at xle site, rather than distributed over the sharing
agents; Hoare proposed Monitors as a device to achieve this modularity
[Hoa 23.
Here we propose to represent the interval as a separate agent,
without the need for any extra progranmdng construct for the purpose.
The idea is that p or q submits the result of his evaluation
to the interval agent, which then hands him a new evaluation point.
p, working on X , is represented by
p(X) = ~i (X,f (X)) .e2 x' . p (X') ~p(X)~ ~i
~2
and q , working on Y, by ~I
q(Y) = ~l(Y'f(X) )'82Y''q(Y') B2 ~
Notice that each s u k ~ t s a pair, a r ~ t and function-value, to the
interval.
The interval Int is parameterised on A,B,a,b where initially
(and always later) a = f(A), b = f(B) and a b - < O .
By carefully reversing the direction of the interval when necessary,
Int ensures that at any time
p is working either at [A~B] (left section) o r outside the interval;
q " ' . . . . . r[A,B] (right section) " " " "
The interval agent has sort {~i '~2'81 '82 '~} ' and delivers the root
finally at ~ . It is defined as follows:
62
I n t (A,B,a,b) =
i f I A - B I < e p s t h e n ~ A . N I L e l s e
(~1 (X,x). i_~f X = A ' t h e n
i f x a _ < O
the/~ ~ [ 2 % [ A , A ' ] . I n t (A,A' ,a,x)
e l s e e 2 [ B , A ' ] . I n t ( B , A ' , b , x )
e l s e ~ 2 A ' . I n t (A,B,a,b)
+ 8 1 ( Y ' Y ) " i f Y = B ' t h e n
i f y b _ < O
t h e n ~ 2 r [ B ',B].Int(B' ,B,y,b)
e ! s e ~ 2 r [ B ' , A ] . I n t ( B ' , A , y , a )
e l s e ~2B' . I n t (A,B,a,b)
) w h e r e A ' , B ' = [ A , B ] , r [ A , B ]
: > - . )
g A ' B ' B
, ( p ) ( q )
t
+ _
"
{
j t I i
{ i
+ ~ _ ~
( q ) ( p )
+
( . P) ( [ q )
T h e c c r n p l e t e s y s t e m i s S y s ( A , B , a , b , X , Y ) =
(p(X) I I n t ( A , B , a , b ) { q ( Y ) ) \ ~ l \ ~ 2 \ ~ l \ ~ 2
(The a r r o w s a r e m a r k e d a s s u m i n g t h e c a s e I A - B I -> eps.)
~ a t d o w e w a n t t o p r o v e a b o u t S y s ? S J - ~ p l y t h a t e v e r y p o s s i b l e
d e r i v a t i o n c o m p u t e s a n e a r - r o o t o f f i n [ A , B ] . (By a n e a r - r o o t Z o f f ,
w e m e a n a Z s u c h t h a t [ Z - e p s , Z + e p s ] c o n t a i n s a root.) M o r e p r e c i s e l y ,
w e r e q u i r e
63
if (i) a = f(A), b = f(B), a b < O ,
a n d (ii) X = ~[A,B] o r Y = r[A,B],
t h e n e v e r y c c m p l e t e d e r i v a t i o n o f
Sys(A,B,a,b,X,Y) t a k e s t h e f o r m
S y s (A,B,a,b,X,Y) ~ N I L
w h e r e Z [A,B] is a n e a r - r o o t o f f.
I t ' s c o n v e n i e n t t o p r o v e this b y i n d u c t i o n o n t h e s i z e o f [A,B], d e f i n e d
as t h e l e a s t n s u c h t h a t O n I A - B I < eps. F o r s i z e = 0 w e h a v e
S y s (A,B,a,b,X,Y) .[A> N I L
as t h e o n l y c o m p l e t e d e r i ~ a t i o n ~ a n d w e a r e done. F o r s i z e > O, w e c a n
u s e t h e E x p a n s i o n ~ q e o r e ~ t o s h o w t h e f o l l o w i n g , w h i c h is e n o u c ~ t o cfm_~_lete
t h e proof:
c o n d i t i o n s (i) a n d (ii) , e v e r y c o m p l e t e d e r i v a t i o n o f
Sys(A,B,a,b,X,Y) e x t e n d s a d e r i v a t i o n
T,T
' ~ S y s ( A ' , B ' , a ' , b ' , X ' , Y ' )
w h e r e t h e p a r a m e t e r s a g a i n s a t i s f y (i) a n d (ii), a n d
(a) if X = [A,B] a n d Y = r[A,B] t h e n [A',B'] h a s ~ n a l l e r size;
(b) o t h e r w i s e e i t h e r [A',B'] h a s s m a l l e r s i z e o r [A',B'] = [A,B],
X' = [A,B] a n d Y' = r [ A , B ] .
~
E x e r c i s e 4 . 7 V e r i f y t h e
N o t e t h a t t h e i n t e r v a l
n o t a l w a y s a f t e r one.
a b o v e s t a t e m e n t b y e x p a n d i n g S y s ( A , B , a , b , X , Y ) .
d e c r e a s e s i n s i z e a f t e r ~ c c ~ o u t a t i o n s , t h o u g h
t 4 . 8 I t i s n ' t f o r a n d q I n t t h r o u g h _Exercise n e c e s s a r y
P
I d i s t i n c t ports. R e d e s i g n I n t s o t h a t p o r t s e I , 81 a r e identified,
a n d s i m i l a r l y e2' 8 2 ; it's e a s y b u t n o t c c ~ p l e t e l y trivial.
E ~ e r c i s e 4.9 K u n g r e m a r k s t h a t a r c o t - s e a r d l i ~ a l g o r i t h m f o r t h r e e
c o o p e r a t i n g a g e n t s c a n b e d e s i g n e d s o t h a t t h e i n t e r v a l s u b d i v i s i o n
a d o p t S o n e o f t h e t w o p a t t e r n s
~ / 4 ~./4 ~/ 4 ~ / 4 ~ / 3 ~ / 6 ~/ 6 9./3
. P r o g r a m t h i s algorithm.
64
I Exercis____~e 4.1___OO Suffuse p (q pause that similarly) can during its
evaluation of f (X) at certain times, to ask the interval
"should I continue or start on a new point?" A d j u s t the
i n ~ agent to respond to these interrupts.
C H A P T E R 5
S y n t a x a n d S e m a n t i c s o f C C S
5 . 1 I n t r o d u c t i o n
W e h a v e s e e n s o m e e x a m p l e s o f e x p r e s s i o n s o f OCS, r e p r e s e n t i n g b o t h
p r o g r a m s a n d t h e i r s p e c i f i c a t i o n s . W e s m ~ that, w i t h t h e i n t r o d u c t i o n
o f v a l u e - p a s s i n g , w e h a d t o a b a n d o n t h e s i m p l e i n t e r p r e t a t i o n o f b e h a v i o u r
e x p r e s s i o n s as s y n d q r o n i z a t i c n trees, b u t i n 4.2 w e t a l k e d o f a t a m i c
e ~ p e r i m e n t s o n b e h a v i o u r e x p r e s s i o n s (or o n t h e b e h a v i o u r s f o r w h i c h t h e y
stand), a n d t h i s w a s d e v e l o p e d f u r t h e r i n 4.4 o n d e r i v a t i o n s .
W e a r e n o w reaahy t o p r e s e n t C C S p r e c i s e l y , a n d t o d e f i n e p r e c i s e l y
t h e a t n m i c a c t i o n s (and h e n c e t h e derivaticns) o f e v e r y O C S program. O n
t h i s basis, w e p r o c e e d i n t h i s c h a p t e r a n d i n C h a p t e r 7 t o d e v e l o p o u r
c e n t r a l n o t i o n , o b s e r v a t i o n e q u i v a l e n c e o f p r o g r a m s . F r c m t h i s i t is a
s h o r t s t e p t o a c o n g r u e n c e relation; t w o p r o g r a n s a r e o b s e r v a t i c n c o n g T u e n t
i f f t h e y a r e o b s e r v a t i o n e q u i v a l e n t ( i . e . i n d i s t i n g u i s h a b l e b y observation)
i n e v e r y context. O u r p r o p o s a l is t h a t a n o b s e r v a t i o n c o n g r u e n c e c l a s s i s
a b e h a v i o u r , s o t h a t 0 C S is i n d e e d a n a l g e b r a o f b e h a v i o u r s , i n w h i c h e a c h
p r o g r a n s t a n d s f o r i t s c o n g r u e n c e class.
T h i s m a i n d e v e l o p m e n t is i n d e p e n d e n t o f t h e n o t i o n o f ST. S T s m a y
n o w b e r e g a r d e d as a f i r s t a p p r o x i m a t i o n (not s u f f i c i e n t l y abstract) t o a
m o d e l o f C C S w i t h o u t v a l u e - p a s s i n g , a n d i n C h a p t e r 6 w e s h o w h o w t h e y m a y
b e g e n e r a l i s e d to C T s (cca~m~ication trees) t o g i v e a f i r s t a p p r o x i m a t i o n
t o a m o d e l o f O C S w i t h v a l u e - p a s s i n g ; again, t h e m a i n d e v e l o p m e n t is in-
d e p e n d e n t o f CTs, w h i c h a r e o n l y d i s c u s s e d t o a i d u n d e r s t a n d i n g . ~ h e n w e
e v e n t u a l l y d e f i n e o b s e r v a t i o n e q u i v a l e n c e o v e r p r o g r a n s i n C h a p t e r 7, i t w i l l
l o o k j u s t l i k e t h e c o r r e s p o n d i n g d e f i n i t i o n i n 3.3 o v e r STs, w h i c h g e n e r a l -
ises t o C T s i n a n o b v i o u s w a y . Indeed, w e e x p e c t t o f i n d t h a t t w o p r o g r a m s
a r e e q u i v a l e n t i f f t h e correslxlnding C T s a r e so; i n t h a t c a s e CTs, t h o u g h
n o t t e c h n i c a l l y e s s e n t i a l , f i t n a t u r a l l y i n t o o u r p i c t u r e .
~ h i s c h a p t e r is d e v o t e d t o a o c m g r u e n c e o v e r p r o g r a m s w h i c h w e c a l l
s t r o n ~ c o n g r u e n c e , s i n c e i t is s t r o n g e r t h a n t h e o b s e r v a t i o n o 0 n g r u e n c e
s t u d i e d i n C h a p t e r 7. B y a p p r o a c h i n g o u r p r o p o s a l i n t w o s t a g e s w e i n t r o -
d u c e t h e p r o p e r t i e s o f b e h a v i o u r g r a d u a l l y , a n d w i t h g r e a t e r i n s i g h t t h a n i f
w e t a c k l e d o b s e r v a t i o n c c n g r u e n c e immediately. I n f a c t w e e v e n s u b d i v i d e
t h e f i r s t s t a g e i n t h i s chapter, a p p r o a c h i n g s t r o n g c o n g r u e n c e v i a a n e v e n
66
stronger relation called d i ~ c t equivalence.
The CCS language was introduced in the author's "Synthesis of
C ~ , ~ n i c a t i n g Behaviour" [Mil 3]. However, the semantic sToecificaticn
b y derivations was not given there in detail.
Value e ~ 0 ~ s s i c n s E
Value expressions are built frGm
(i) Variables x,y,...
(ii) Constant s y ~ I s , and functicn symbols standing
for knc~n total functicns over values
using conventional notation. W e also allow tuples (E l .... ,E n) of
value expressions. ThUS each value expressicn without variables stands
for a uniquely defined value; w e shall n o t worry about the distinction
between such expressions and their values.
W e shall also avoid details about the types of values and value express-
ions, though w e shall have to mention sane syntactic constraints depending
cn such details (which are standard).
Labels, sorts and relabellin@
A s in Chapter 2, our labels are A = A u A , together w i t h ~.
W e use e,8,., to range over ~, I over A, and u,v,.., to range over
A u { % } . A sort L is a subset of A ; to each behaviour expression
B will be assigned a sort L(B). %
A relabelling S : L M between sorts L and M is as in 2.2.
However, scme positive labels ~ will b e used to b i n d (tuples of) variables,
and the~ ~ will qualify (tuples of) value expressic~s; w e m u s t ensure
that S preserves the sign of such labels (i.e. S (e) e A ). Moreover, in
a ccr~plete treatment w e should have to assign types to value variables and
value e~pressions, hence also to labels, and to ensure that relabellings
respect the types of labels. W e will avoid these details; they need care,
but w o u l d only obscure the m o r e important aspects of semantics w h i c h w e w a n t
to discuss here.
% W e shall only m e e t finite sorts in examples. However, all w e need to
ass~ne - for technical reasons - is that A is never exhausted. Infinite
sorts m a y be of use; see the end of Chapter 6.
67
B e h a v i o u r i d e n t i f i e r s b
~ p r e s u p p o s e a c o l l e c t i o n o f s u c h identifiers, e a c h h a v i n g
p r e a s s i g n e d
(i) a n a r i t ~ n(b) - t h e n~m%ber o f v a l u e p a r a m e t e r s .
(ii) a s o r t L(b).
W e a s s u m e t h a t t h e m e a n i n g o f s u c h i d e n t i f i e r s is given, o f t e n r ~ s i v e l y ,
b y a b e h a v i o u r e x p r e s s i o n . F o r e x a m p l e , i n 4.5 w e g a v e m e a n i n g t o t h e
b e h a v i o u r i d e n t i f i e r p b y
p(x) = ~ i ( x , f ( x ) ) . ~ g x ' . p(x')
w h e r e n(p) = i, L(p) = {~i,~2}
o
A g a i n , a c G m p l e t e t r e a t m e n t w o u l d s p e c i f y n o t j u s t a n ~ b u t a
t y p e ( i . e . l i s t o f p a r a m e t e r types) f o r e a c h b .
B e h a v i o u r e x p r e s s i o n s B
B e h a v i o u r e x p r e s s i o n s a r e f o r m e d b y o u r s i x k i n d s o f b e h a v i o u r o p e r a t o r
(4.1), b y p a r a m e t e r i s i n g b e h a v i o u r i d e n t i f i e r s , a n d b y c o n d i t i o n a l s .
I t ' s c o n v e n i e n t t o p r e s e n t t h e forma~ t i o n r u l e s as a t a b l e (see below),
g i v i n g f o r e a c h e x p r e s s i o n B i t s s o r t L(B) a n d its f r e e v a r i a b l e s e t
FV(B).
W e s h o u l d r e g a r d t h e l a n g u a g e g i v e n b y t h e t a b l e as a c o r e language,
w h i c h w e a r e free t o e x t e n d b y d e f i n i n g d e r i v e d b e h a v i o u r o p e r a t o r s (the
c h a i n i n g c c m b i n a t o r ~ o f 4.1 f o r example) a n d b y a l t e r n a t i v e s y n t a x
f o r c c ~ m o n l y o c c u r r i n g p a t t e r n s .
I n w h a t follows, w e s h a l l u s e
. . . . }
t o d e n o t e t h e r e s u l t o f s u b s t i t u t i n g e x p r e s s i o n E i f o r v a r i a b l e
x i (i s i-<n) a t a l l i t s f r e e o c ~ ] r r e n c e s w i t h i n B . S c ~ e t i m e s w e s h a l l
a b b r e v i a t e v e c t o r s (tuples) o f v a r i a b l e s a n d e x p r e s s i o n s as ~ a n d E ,
a n d w r i t e a s u b s t i t u t i o n a s
(As usual, suc/h s u b s t i t u t i c n s m a y r e q u i r e d l a n g e o f b o u n d v a r i a b l e s , t o
a v o i d clashes. )
68
S Y N T A X T A B L E F O R B~]~AVIOL~ E X P R E S S I O N S
F o r m B " L (B") F V (B")
~ a c t i ~
S u m m a t i o n
A c t i o n
C o m p o s i t i o n
R e s t r i c t i o n
R e l a b e l l i n g
I d e n t i f i e r
C o n d i t i o n a l
N I L
B + B '
a x I~ .... ,x n . B
~ E I . . . . , E n B
T . B
BIB'
B\ c~
B [ S ]
b ( E 1 ..... En(b) )
i f E t h e n B e l s e B'
L(B) u L(B')
L(B) u {e}
L(B) u {~}
L(B)
L(B) U L(B')
L(B) - {a,~}
S (L (B))
L(b)
L(B) u L(B')

FV(B) U FV(B')
FV(B) - {x i ..... X n }
FV(B) u U. F V ( E i)
F V ( B )
FV(B) u FV(B')
FVCB)
FV(B)
~ F V ( E i )
1
FV(E) u FV(B) u FV(B')
T h e t a b l e s h o w s h o w B " o f s o r t L(B") m a y b e b u i l t f r o m B,B'
o f s o r t s L(B) ,L(B'). P a r e n t h e s e s a r e t o b e u s e d t o m a k e p a r s i n g
u n a m b i g u o u s , o r t o e ~ p h a s i z e s t r u c t u r e ; t o a v o i d e x c e s s i v e u s e o f
p a r e n t h e s e s w e asst~ne t h e o p e r a t o r p r e c e d e n c e s
{ R e s t r i c t i n } > A c t i o n > O D m ~ o s i t i o n > S t ~ m a t i o n .
R e l a b e l l i n g
~ q u s f o r e x a m p l e
B I ~ . B ' \ ~ + B " [ S ] means ( B I ( T . ( B ' \ ~ ) ) ) + ( m " [ s ] ) .
6g
5.3 S e m a n t i c s b y d e r i v a t i c n s
W e p r o c e e d t o d e f i n e a b i n a r y r e l a t i c n ~ o v e r b e h a v i o u r e x p r e s s i o n s ,
f o r e a c h u cAu{T} a n d v a l u e v (of t y p e a p p r o p r i a t e t o ~ ). B ~--~VB'
m a y b e r e a d "B p r o d u c e s (or c a n produce) B' u n d e r ~ v " ; t h u s i f B,B'
a r e i n t h e r e l a t i o n ~ v , a p a r t i c u l a r atcrnic a c t i o n o f B - r e s u l t i n g
i n B' - is indicated.
R e f e r r i n g b a c k t o 3.3, w e a r e t a k i n g b e h a v i o u [ e x p r e s s i o n s t o b e
o u r agents; t o w a r d s t h e e n d o f 3.3 w e c h o s e S T s as agents, a n d w e s h a l l
s e e i n t h e n e x t c h a p t e r h o w t o r e g a r d C T s as agents.
T
N o t e t h a t - ~ is a p a r t i c u l a r c a s e o f o u r relations, s i n c e t h e o n l y
v a l u e o f t y p e a p p r o p r i a t e t o T is t h e O-tuple.
~ h e r e l a t i o n s ~ a r e d e f i n e d b y i n d u c t i o n o n t h e s t r u c t u r e o f
b e h a v i o u r e x p r e s s i o n s . T h i s m e a n s t h a t a l l t h e a t a n i c a c t i c n s o f a
p o u n d e x p r e s s i o n c a n b e i n f e r r e d f r Q m t h e a t a m i c a c t i o n s of i t s ec~qx)nent (s).
S u c h a r e l a t i o n , t h o u g h n o t i n d e x e d a s h e r e b y ~ v , p r o b a b l y f i r s t
a p p e a r e d i n c o n n e c t i o n w i t h t h e l-calculus. I t w a s c a l l e d a r e d u c t i o n
relation, a n d t h e c l a u s e s o f its d e f i n i t i o n ~ c a l l e d r e d u c t i o n rules.
G o r d o n P l o t k i n f i r s t m a d e m e a w a r e o f t h e p o w e r a n d f l e x i b i l i t y o f s u c h
r e l a t i o n s in g i v i n g m e a n i n g - b y - e v a l u a t i o n t o progranluing languages. (In
p a s s i n g w e m a y n o t e t h a t t h e o r i g i n a l d e f i n i t i o n o f ALC/3L 68, t h o u g h s t r o n g l y
v e r b a l , is i n e s s e n c e a s e t o f r e d u c t i o n rules.)
I ~ c ~ o n
N I L h a s n o a t o m i c acticns.
Suranation
F r ~ BI--~--~B ~ i n f e r B I + B 2 ~ B 1
B 2 ~ B ~ i n f e r B I + B 2 ~ B ~
T n u s t h e a t c m i c a c t i c n s o f a stun a r e e x a c t l y t h o s e o f its summands.
W e a d o p t t h e f o l l o w i n g p r e s e n t a t i c n o f s u c h i n f e r e n c e rules:
S u m --) (i) B 1 ~ B { (2) B2 ~-~vB~
B 1 + B2 ~ B1 , B1 + B 2 ____>B 2 ~ v ,
A c t i o n
70
A c t
(1) = x I . . . . . x . B ~ ( v l . . . . . V n ~ B { v l / x I . . . . . v / x n }
(2) ~ V 1 ..... V n . B ~ (Vl' .... Vn)- B
(3) T . B ~-~B
N o t e s : (i) T h e s e a r e n o t i n f e r e n c e r u l e s , b u t axicrns.
(ii) A c t (i) h o l d s f o r a l l t u p l e s (v 1 ..... v n) (of a p p r o p r i a t e
t y p e f o r ~ ) , w h i l e A c t + (2) h o l d s j u s t f o r t h e t u p l e
q u a l i f i e d b y ~ .
(iii) S e e 5 . 5 b e l o w f o r w h y w e c o n s i d e r o n l y v a l u e s
v 1 ..... v n ( n o t e x p r e s s i o n s E 1 ..... En) i n A c t (2)
C c ~ p o s i t i o n
C a m
B I I B 2 ~ B ~ I B 2
(2) B 2 ~ v B ~
B~JB2~--%vBIIB~
(3) ~ i - - ~ S l B 2
B~ IB 2 ~ B~ IB~
t ~ t e s :
(i) C a n ( i ) a n d (2) e x p r e s s t h e i d e a t h a t a n a c t i o n
o f B I o r o f B 2 i n t h e c c r ~ p o s i t i o n B l I B 2 y i e l d s a n
a c t i o n o f t h e ccr~0osite i n w h i c h t h e o t h e r c c r ~ o n e n t
i s u n a f f e c t e d .
(ii) C a m (3) e x p r e s s e s t h a t c Q m m u n i c a t i o n o f ~ n e n t s
y i e l d s a T - a c t i o n o f t h e ~ s i t e .
Restriction
71
Res
B ~--~VB ' , ~ { e , ~ }
B\~ ~--~VB,\~
Note: the side condition ensures that B\~ has no ~ v or e v
actions.
R e l ~ i L i n S ,
Rel
B ~_~v B ,
B[S] (Su)v B'[S]
Note: recall our convention that ST = T
Identifier. Suppose that identifier b is defined by the (.possibly
recursive) clause
b(x I ..... X n ( b ) ) ~ ~ (FV(~) E {x I ..... Xn(b)})
W e shall discuss such definitions shortly. Our rule is
Ide
~ { v l / x I . . . . , V n ( b ) / X ( b ) } ~ - ~ B '
b ( v I ..... V n (b)) - ~ B'
Note: the rule says, in effect, that each parameterized identifier
has exactly the s~ne actions as the appropriate instance o f
the right-hand side of its definition.
Conditional
Con -> ( i )
BI~-R~VB' B2~-P~VB ~
i (2)
i f true t b ~ n B 1 else B2 ~-~VB 1 i f false then B I else B2 ~--~VB ~
Note:
As with all value expressions without variables, w e assume
that boolean-valued expressicns evaluate 'autcmatically' to
their boolean values. See 5.5 bel(x~ for w h y w e need not
consider value-expressions containing variables in these rules.
72
5.4 ~ f i n i n 9 behaviour identifiers
We shall now assume that every behaviour identifier b is defined
by a clause
b(x I .... ,Xn(b)) ~ B b
where x I ..... Xn(b) are distinctvariables, a n d w h e r e F V ( ~ ) c { x I .... ,Xn(b)}"
The symbol ' ~ ' is preferred to ' = ' since w e are not yet talking of the
behaviours denoted by behaviour expressions (so ' = ', in the sense of
equality of meaning, would be out of place), and also because w e will
later in this chapter use ' =' to mean identity between expressions.
W e thus have a collection of clauses defining our b's, and they may be
mutually recursive. Although not actually essential, we shall ini0ose a
slight constraint on the collection, which will forbid such definitions as
b(x) ~ ~x.NIL + b ( x + l )
O~ ~b I ~ b2 + ~.b3
[
b 2 b l I B. b 4
i n which a behavi our may ' c a l l i t s e l f r e c u r s i v e l y wi t hout pas s i ng a gua r d' .
Thus t he f ol l owi ng a r e per mi t t ed:
b(x) ~ ~x.NIL + T.b(x+l)
and ~ b I ~ b2 + c~.b 3
t
b 2 ~ ~.bllS"b 4
More precisely, we say that b
without an enclosing guard. The restriction on our defining clauses for
the b's is that there must be no infinite sequence bi(1) ,bi(2) ,... such
that, for each j , bi(j+l) is unguarded in bi(j) (In the forbidden
examples above there are such sequences: b,b,b, .... and bl,b2,bl,b2,...
respectively.) Further, for correctness of sorts, w e require
L ( ~ ) _c L(b)
When the above constraints are met, we shall say that the behaviour
identifiers are guardedly well-defined.
is tm$~arded i n B if it occurs in B
73
5. 5 s o~ and p~r ~
Our f ox. on r ul e s a s c r i be a uni que s or t L(B) each ~ha vi our
expression B ; w e w r i t e
B : L(B)
to mean 'B possesses sort L(B) ' F o r m a n y reasons, it is convenient
to allow B to possess all larger sorts as well; so w e declare
B : L & L _c M implies B : M
For example, this allows us to m a k e sense of an expression like
NIL[ 8/= ]
since 8/~ : {~} + {8} is a relabelling, and N I L : {~} since N I L : @.
A n ~ o o r t a n t property of at/mdc actions as defined in 5.3 is the
following:
Proposition 5.1 If B ~-~VB ' ~ and B : L , then
~ L u {T} and B' : L
Proof By induction on the length of the inference which ensures B ~ B' ,
using the ascription of sorts b y the fox,nation rules.
Although our rules for atcrnic actions apply to arbitrary behaviour
expressions, they fail to describe fully the meaning of expressions with
free variables. F o r example, the rule A c t gives n o action for
~ ( x + I) . N I L
and C o n says nothing for
i_ff x->O then ~ x . N I L e l s e fl(-x).NIL
Clearly they could n o t determine the actions of these e~oressions, since
actions involve values, n o t variables, and in the second exanple even the
label of the possible action depends upon the 'value' of x .
W e choose to regard the m ~ i n g of a be~aviour expression B with
free variables ~ as dete/~nined b y the meanings of B{~/~} for all
value-vectors q .
Definition W e define a program to b e a closed behaviour expression,
i.e. one with n o free variables.
74
N o w the fact that our rules describe the meanings of programs
satisfactorily is due to the following:
prc~ositi0n 5.2 If B is a program and B ~ B ' , then B' is also
a progran.
Proof By induction on the length of the inference which ensures
B ~ v B' . ~ e cendition c n the free variables of each ~ , and
the substitution involved in A c t + (i) , are critical.
5.6 Direct equivalence of behaviour programs
(In 5.6 and 5.7 w e are concerned only with programs).
W e n o w take ~o the question, posed in 55.1, of w h i c h behaviour
programs possess the same derivations; this will yield an equivalence
relation, w h i c h will also be a ccngruence - that is, any program m a y b e
replaced b y an equivalent one in any context, without affecting the
behaviour (derivations) of the whole. F o r example,
B + B ' and B' + B
are different prograns, but w e clearly expect them to be interchangeable
in this sense.
A first approximation to w h a t ~ want m a y be called direct e~uivalence ;
w e denote it b y - , a n d define it as follows:
Definition B 1 _-- B 2 (B 1 and B 2 are directly equivalent) iff for every
~,v and B
(Warning: -- is n o t a congruenoe relation. For example, w e m a y have
B I - B 2 , but in general
I B I B 2 . For le,
I % I I
n o t identical:
.NILI B 2 a ~ N I L I B 2
But the congruence relation w e want w i l l be ~nplied b y ~ , and so the
following laws for - will hold for the congruence also. )
75
I n w h a t f o l l o ~ i t is o f t e n c o n v e n i e n t t o l e t g s t a n d f o r a n
a r b i t r a r y g u a r d e X , ~ E o r T. T h e r e s u l t S g o f r e l a b e l l i n g a
g u a r d is g i v e n b y S(ax) = (S~)x , S ( ~ ) = (S~)E a n d ST = T .
T h e n a m e o f t h e l a b e l i n g is d e n o t e d b y name(g)
T h e o r e m 5.3 (Direct ~ u i v a l e n c ~ _ s ) . T h e f o l l o w i n g d i r e c t e q u i v a l e n o e s
h o l d (classified b y t h e l e a d i n g o p e r a t o r o n t h e l e f t side):
S u m -
(I) B I + B 2- B 2 + B I
(3) B + N I L - B
(2) B I + ( B 2 + B 3) -- ( B I + B 2 ) + ~
(4) B + B - = B
A c t - e x . B =- ~ y . B { y / x } (change o f b o u n d variables)
w h e r e y a r e d i s t i n c t v a r i a b l e s n o t i n B
R e s -
(i) N I L \ 8 - N I L (2) (B 1 + B 2 ) \6 - B I \ 8 + B 2 \ ~
(3) (g.B)\8--- I N I L if 8 = n a m e ( g )
!
g . B \ ~ o t h e r w i s e
R e l - (i) N I L [ S ] - N I L (2) (B 1 + B 2 ) [S] - B I [ S ] + B 2 [ S ]
(3) (g.B) [S] -- Sg.B[S]
N o w in v i e w o f S~-m - t h e f o l l o w i n g n o t a t i o n s a r e u n a m b i g u o u s :
[ S i m e a n i n g B I + . . . + B n ( N I L , if n = O )
l < i < n
[ { B i ; i e I} m o r e g e n e r a l l y , w ~ _ r e I is finite.
If e a c h B i is o f f o z m g i . B i , w e c a l l s u c h a s u m a s ~ n o f ~ ,
a n d e a c h B. a sL~mand.
l
C c [ n - L e t B a n d C b e s t ~ s o f guards. T h e n
- [{g.(B'IC) ; g.B' a s i m m a n d o f B}
+ [{g. (BIC') ; g.C' a s ~ a n a n d o f C }
+ [ { ~ . ( B ' { ~ / x } I C ' ) ; s x . B ' a s u m m a n d o f B
a n d ~ C ' a s u m m a n d o f C }
+ ~{T. (B'[C'{~/~}) ; ~ . B ' a s u m m a n d o f B
a n d ~ x . C ' a s u m m a n d o f C }
7 6
I d e - L e t i d e n t i f i e r b b e d e f i n e d b y b ( x ) ~ ~ ; t h e n
b(~) _-- B b { - ~ / ' x }
Con_-- (I) i f t r u e t h e n B i e l s e B 2 _-- B I
(2) i f f a l s e t h e n B I els___ee B 2 = B 2
P r o o f T o p r o v e e a c h l a w is a r o u t i n e a p p l i c a t i o n o f t h e d e f i n i t i o n
o f t h e r e l a t i o n s ~v> . W e c o n s i d e r t h r e e laws:
(i) Stun---(2): B I + ( B 2 + B 3) - (B 1 + B 2 ) + B 3
l e t B I + ( B 2 + B 3 ) ~ B. T h i s c a n o n l y b e d u e t o
e i t h e r r u l e Su~n + (i), b e c a u s e B 1 ~V>B
o r r u l e S u m 4(2) , b e c a u s e B 2 + B 3 ~ V ~ B ,
a n d i n t h e l a t t e r case, similarly, e i t h e r B 2 ~ - ~ B o r B 3 U ~ B .
I n e a c h o f t h e t h r e e cases, r u l e s S u m 4(1) a n d S u m 4(2) y i e l d
( B I + B ~ ) + B 3 ~ - X v B .
T h e r e v e r s e i n p l i c a t i c n is similar.
(ii) R e s - (3) : ( ~ x . B ) \ ~ - = { N I L ( ~ = a )
e X . ( B \ 6 ) ( 8 : * : ~ )
B y A c t (i) , t h e o n l y a c t i o n s o f ~ x . B a r e o f f o m n
N
~ X . B ~V~B{~/X} (for a r b i t r a r y v ).
Thus (~x.B) \~ h a s n o a c t i o n s (since R e s + y i e l d s none} ;
n e i t h e r h a s NIL, w h i c h s e t t l e s t h e c a s e 8 = a.
F o r ( 8 ~ ) , b y R e s t h e c n l y a c t i o n s o f (~x.B)\8 a r e
(ex.B)\8 a ~ , B { ~ / x } \ B = (B\8) {~/x}
a n d t h e s e a r e e x a c t l y t h e a c t i o n s o f ~x. (B\B).
T h e p r o o f f o r g u a r d s ~-5 a n d T is similar.
c~iii~ c ~ - : < c =- I ' " + l - - - + I - - - + I ' " .
(We u s e X t o a b b r e v i a t e t h e r i g h t - h a n d side.)
l e t B I C ~--~VD . T h e r e a r e s e v e r a l cases.
(a) B ~ B " , a n d D = B " I C (by Corn+(1) ).
T b e n B h a s a slmlnand g.B' f o r w h i c h g.B' ~V~B"
(by S u m + ) . T h i s a c t i o n m u s t b e a n i n s t a n c e o f A c t +
77
( b )
( c )
frc~ w h i c h w e can also find that g. (B' I C) ~v> B,,I C
(considering the three types of guard).
Hence also X ~ B " I C = D .
C ~-~v C " , a n d D = BIC" (by Ccrn(2))
The ~ t that X ~--~D is similar.
B ~-gu B '' , C ~-~u C ' a n a ~ v = , D = B " I C '
(by C a n (3) ; there is a similar case w i t h = ,~ exchanged)
Then by S ~ + and A c t , B has a stm~and ~x.B'
and B" = B ' { ~ x } , while C has a s%mm~nnd ~u.C'
Hence, since X has a summand ~ . ( B ' { u ~ } I C ' ) , w e have
X - ~ B " I C ' = D , as required .
W e have n o w shown by (a),(b) & (c) that for all u , v
B l C ~--%VD ~ X ~ V ~ D
and the reverse implication can be argued similarly.
and D
Exercise 5.1 Prove sane m o r e equivalences claimed; of the
e.g. S u m - ( 1 ) , Re s - ( 2 ) , R e l ~(2) a n d C o n - (I) . They are all as
easy as S ~ -(2) .
5.7 Congruence of behaviour programs
W e now propose to extend or widen our direct equivalence relation to a
congruence relation. Apart frc[fl the w i s h to get a congruence relaticn
(so that equivalence is preserved b y substitution of equivalent programs)
there is another motivation; ' -' requires that the results of actions of
equivalent programs should b e identical, and it is reasonable to ask only
that the results should b e equivalent again.
W e therefore define the relation ' ~ ' over programs, which w e call
strong equivalence (we define it analogously to the observation _equiv-
alence of 3.3, b u t it is stronger because w e do n o t allow arbitrary
T-actions to interleave the observable actions). W e define it in terms of
a decreasing sequence ~0' ~1 . . . . . ~k .... of equivalence relations:
78
D e f i n i t i o n B N o C i s a l w a y s t r u e ;
B ~ k + l C i f f f o r a l l ~, v
(i) i f B ~V-~B' t h e n f o r s a m e C' C u--~Vc' a n d B' C '
' ~ k '
(ii) i f C ~--~Vc' t h e n f o r s o m e B ; , B ~--~VB ' a n d B ' ~ k C ' ;
B ~ C i f f k/k>-O. B ~ k C (i.e. ~ = ~ ~ k ) .
k
W e l e a v e o u t t h e sir~ple p r o o f s t h a t e a c h ~ k i s a n e q u i v a l e n c e
r e l a t i o n , a n d t h a t B ~ k + l C i m p l i e s B ~ k C ( i . e . t h e s e q u e n c e o f
e q u i v a l e n c e s i s d e c r e a s i n g ) .
~ E x ~ s e 5 . 2 S h o w t h a t B C B C f o r e a c h k a n d
E
~ l i e s
~ k
f
c e in,plies B ~ C .
T h e o r e ~ 5 . 4 ~ i s a o o n g r u e n c e r e l a t i o n .
M o r e p r e c i s e l y , B I ~ B 2 i m p l i e s
B I + C ~ B 2 + C , C + B I ~ C + B 2
~ . B I ~ ~ v . B 2 , T . B I ~ ~ - B 2
B I I C ~ B 2 1 C , C I B I ~ C I B 2
B I \ ~ ~ B 2 \ ~ , B I [ S ] ~ B 2 [ S ]
a n d B I { ~ / ~ } ~ B 2 { ~ / x } (for a l l ~ ) i m p l i e s
~ . B 1 ~ ~ . B 2
P r o o f W e g i v e t h e p r o o f o n l y f o r ccr~position. W e p r o v e b y i n d u c t i o n
o n k t h a t
B 1 ~ k B 2 i m p l i e s B 1 1 C ~ k B 2 I C
F o r k = O i t i s t r i v i a l . N o w a s s ~ n e B 1 ~ k + l B 2 "
l e t B I l C ~ - ~ D I " W e w a n t D 2 s u c h t h a t
B 2 1 C ~-~Y~v D 2 ~ k D 1
T h e r e a r e t h r e e c a s e s :
(a) B 1 ~--~VB ~ , a n d D 1 = B ~ I C (by C a m + _ ( 1 ) )
T h e n B ~ B ~ ~ k B ' . f o r s c m e B ~ ,
2 v 1
w h e n c e B 2 1 C ~-~v B ~ I C b y C c ~ ( 1 )
~ k D 1 (= B 1 I C) b y i n d u c t i v e h y p o t h e s i s
(b) C U I C " a n d D = B I l C ' (by C c m ( 2 ) )
qPnen B21C~--~VB2~C' b y C c x n ( 2 )
B u t B 1 ~ k B 2 ( s i n c e B I ~ k + l B2) " h e n c e B I I C ' ~ k B 2 1 C '
b y i n d u c t i v e h y p o t h e s i s .
79
(c) Bi l--~UB'l lu' C !~C', a n d .~v = T, D i' = B i'IC' ( b y C c m ( 3 ) )
T h e n B 2 ~ B 2 ' ~'k i ' B f o r sc~ne B 2
~ k D1 b y i n d u c t i v e h y p o t h e s i s .
B y symmetry, o f course, if B 2 1 C ~ D 2 t h e n w e f i n d D 1 s u c h t h a t
B I I C ~ D 1 ~ k D
e
E x e r c i s e 5 . 3 (i) P r o v e t h a t B1 ~ k B 2 i m p l i e s ~ v . B 1 ~ k + i ~ v . B 2 ;
this s h o w s t h a t B I ~ B 2 i m p l i e s ~ v . B 1 ~ a ~ . B 2, a n d a l s o t h a t
g u a r d i n g i n c r e a s e s t h e i n d e x o f N k b y one.
(ii) P r o v e t h e l a s t p a r t o f t h e Theorem, i n v o l v i n g t h e
p o s i t i v e l a b e l guard.
W e e n d t h i s s e c t i o n b y g i v i n g s a m e u s e f u l p r o p e r t i e s o f ~ , in
t h e f o r m o f e q u a t i o n a l laws. N o t e t h a t T h e o r e m 5.3 a l r e a d y g i v e s m a n y
o f its p r o p e r t i e s , s i n c e - is c o n t a i n e d in ~ S i n c e w e r u n t h e
r i s k o f b e w i l d e r i n g t h e r e a d e r w i t h a c o n f u s e d m a s s o f p r o p e r t i e s , l e t
u s e ~ p h a s i z e s o m e structure.
I n T h e o r e m 5.3, S ~ n _= s t a t e s t h a t + a n d N I L f o ~ a cc~rm/tative
s e m i g r o u p w i t h absorption, a n d R e s _=, R e l -_-, C a m _= e a c h d e s c r i b e h o w
o n e o f t h e s t a t i c b e h a v i o u r o p e r a t i o n s \~, [S] , I i n t e r a c t s w i t h t h e
d y n a m i c o p e r a t i o n s +, ~ v a n d NIL. I n t h e f o l l o w i n g t h e o r e m Ccrn~ s t a t e s
t h a t J a n d N I L f o l m a c c ~ m u t a t i v e semigroup, w h i l e R e s ~ a n d R e l ~ s t a t e
h o w t h e s t a t i c o p e r a t i o n s i n t e r a c t w i t h e a c h other. T h e laws o f T h e o r e m
5.5 a r e o n l y c o n c e r n e d w i t h t h e s t a t i c o p e r a t i c n s - t h e y a r e e s s e n t i a l l y
t h e L a w s o f F l o w i n [M~, M i l 2] .
T h e o r e m 5.5 (Stron 9 congruences) T h e f o l l o w i n g s t r o n g c o n g r u e n c e s hold:
( i ) B llB 2~B 21B 1
(3) B1NIL~B
(2) Blt(B2IB3)~ (BlJB2) IB 3
R e s N
(i) B \ ~ ~ B (B:L, a ~ n ~ s ( L ) )
(2) B \ a \ 8 ~ B \ B \ a
(3) ( B I I B 2 ) \ a ~ B I \ a I B 2 \ ~ ( B I : L I , B 2 : L 2 , ~ ~ ns~r~s ( L l n L2) )
8 0
R e I N
(i) B [ I ] ~ B ( I : L L i s t h e i d e n t i t y r e l a b e l l i n g )
(2) B [ S ] ~ B [ S ' ] ( B : L , a n d S [ L = S'~L)
(3) B [ S 3 [ S ' ] ~ B [ S ' o S ]
(4) B [ S ] \ B ~ B \ ~ [ S ] (8 = n a n e ( S ( ~ ) ) )
(5) ( B 1 ] B 2 ) [ s ] ~ B I [ S ] [ B 2 [ S ]
P r o o f ~ g i v e t h e p r o o f o f C c m ~ ( 2 ) . I t i s t h e h a r d e s t - b u t a l l t h e
p r o o f s a r e r o u t i n e i n d u c t i o n s .
W e p r o v e ~ B I B 2 B 3 . BI[(B21 B3) ~ k ( B I [ B 2 ) I B 3 b y i n d u c t i o n o n k.
F o r k = O i t ' s t r i v i a l .
N o w f o r k + l , l e t B I I ( B 2 1 B 3 ) ~--~VD ; w e r e q u i r e D ' s u c h t h a t
( ~ 1 ~ ) [ ~ ~-Z,v ~ ' - k ~ "
T h e r e a r e s e v e r a l c a s e s :
(a) ~ p v B ~ , a n d D = B~[ ( B 2 [ B 3) b y C ~ n + ( 1 ) .
T h e n ( B I ] B 2 ) [ B 3 ~ _ .v , ( B ~ I B 2 ) I B 3 b y C ~ + ( 1 ) t w i c e
~ k D b y induc+_ion.
(b) B 2 1 B 3 ~--~Vc , a n d D = B 1 ] C b y Ccra+(2).
S u b c a s e s
(~1% --*~ B[,
(iii) B 2 ~ B ~ ,
~ e n B 1 I % ~ B~ [B~ b y C a ~ + ( 2 ) ,
s o ( B I [ B 2 ) [ B 3 Z - ~ ( B I l B ~ ) IB Z by C . ~ ( 3 ) ,
~ k D b y i n d u c t i o n .
( ~ ) ~ X U B I , % [ B 3 ~ c , D = % ' I c a n d ~ v =
S u b c a s e s
(i) B 2 ~ B ~ , a n a c = B ~ [ B 3 b y C ~ + ( i )
~ B I IB 2 ~+ B ~ IB~ bY c ~ ( 3 ) ,
(i) B 2 ~ - Z v ' , a n d C = B '
B 2 2 [ B 3 b y C.(m~(1) ; i . e . D = B I ( B 2 1 B ) .
I 3
~ B II B 2 ~ B~l B~ b y C a n + ( 2 ) ,
D b y i n d u c t i o n .
~ k
a n a c = B2[ B' 3 b y C a ~ ( 2 ) ; s=~J_ar.
(B' IB') b y C c m + ( 3 ) .
s o D = B I [ . 2' 3- '"
b y Ccgn(3) .
; i . e . D : B ~ _ [ ( B ~ ] B 3 )
s o (B I [B 2) [ B 3 - ~ (B[ I B m ) J B 3 b y Corn+(1),
~ k D b y i n d u c t i o n .
(ii) B 3 ~ B ~ , a n d C = B 2 IB~ b Y ~ ( 2 ) : s ~ a r .
81
T h u s w e h a v e f o u n d t h e r e q u i r e d
S i m i l a r l y g i v e n ( B I l B 2 ) IB3P-~V D , w e f i n d
BII(B21B 3) 0 ' ~ k D
% T ~ s o m p l e t e s t h e i n d u c t i v e step, s h o w i n g
BII(B21B3) ~ k + l (BIlB2) IB3
~ E x e r c i s e 5 . 4 P r o v e C G m ~ ( 3 ) a n d Res~(3) .
H n e e d t o a p p e a l t o P r o p o s i t i o n 5 .i.
D' ~ D i n e a c h case;
D' s u c h t h a t
F o r t h e second, y o u
W e n o w s t a t e a n d p r o v e a t~heorem w h i c h w e n e e d later. I t d e p e n d s
c r i t i c a l l y o n t h e a s s u n p t i o n t h a t a l l b e h a v i o u r i d e n t i f i e r s a r e g u a r d e d l y
w e l l d e f i n e d (5.4).
T h e o r e m 5.6
f o l l o w i n g sense:
B ~ C i f f f o r a l l p , v
(i) if B - ~ B' t h e n f o r s a n e
(ii) if C ~--~Vc ' t h e n f o r s a m e
S t r o n g c c n g r u e n c e 'satisfies its definition' in t h e
C' C ~ C ' a n d B '~ C'
F
B', B - ~ B' a n d B '~ C' .
P r o o f ( ~ ) B ' ~ C' i n , lies B' ~ k C' f o r a n y k ; h e n c e f r c m (i)
a n d (ii) w e d e d u c e B ~ k + l C f o r a l l k , b y d e f i n i t i o n , w h e n c e B ~ C .
( 3 ) S i n c e B ~ k + l C f o r a l l k , w e h a v e b y d e f i n i t i o n t h a t i f
B ~ B ' then, f o r e a c h k, 3 ~ . C ~ & B ' ~ k C k . B u t f r c m o u r
a s s u m p t i o n t h a t a l l b ~ a v i o u r i d e n t i f i e r s a r e g u a r d e d l y w e l l - d e f i n e d
i t f o l l o w s t h a t {C' ;C ~ C' } is f i n i t e (we c m i t t h e d e t a i l s o f t h i s
argument). H e n c e f o r s c m e C' ,
~ k a r e
C ~ C' a n d B' ~ k C' f o r i n f i n i t e l y m a n y k
a n d this i m p l i e s B' ~ k C' f o r a l l k , s i n c e t h e r e l a t i o n s
d e c r e a s i n g in k , h e n c e B ' ~ C ' .
T h u s (i) is p r o v e d , a n d (ii) is similar.
5.8 C o n @ r u e n c e o f B e h a v i o u r e x p r e s s i o n s a n d t h e E x p a n s i o n T h e o r e m
H a v i n g e s t a b l i s h e d d e f i n i t i o n s a n d p r o p e r t i e s o f d i r e c t e q u i v a l e n c e
a n d c o n g r u e n c e o f p r o g r a m s - b e h a v i o u r e x p r e s s i o n s w i t h o u t f r e e v a r i a b l e s -
w e a r e n o w i n a p o s i t i c n t o l i f t t h e r e s u l t s t o a r b i t r a r y b e h a v i o u r expressicns.
A l l t h a t is n e e d e d is t o d e f i n e - a n d ~ o v e r e x p r e s s i o n s a s follows:
82
D e f i n i t i o n
L e t ~ b e t h e f r e e v a r i a b l e s o c c u r r i n g i n B I o r B 2 o r both.
T h e n
B I - B 2 iff, f o r a l l v , Bi{~/x}---B2{~/~}
B i ~ B 2 iff, f o r a l l ~ , B 1 { v / x } ~ S 2 { v / ~ }
N o w w e c l e a r l y w a n t t o e x t e n d t h e r e s u l t s o f T n e o r e ~ 5.3, 5.5 t o
a r b i t r a r y expressions; f o r example, w e w o u l d l i k e t o a p p l y C c ~ ( 3 )
o f T h e o r e m 5.5 t o r e p l a c e
~ ( x + l ) . N I L I N I L b y ~ ( x + I ) . N I L
a n y w h e r e i n a n y expression, b u t t h e l a w o n l y a p p l i e s a t p r e s e n t t o programs,
a n d t h e e x p r e s s i c n s s h o w n h a v e a f r e e v a r i a b l e x.
W e s t a t e w i t h o u t p r o o f t h e d e s i r e d generalisation.
T h e o r e m 5 . 7 T h e r e l a t i o n ~ is a c o n g r u e n c e o v e r b e h a v i o u r expressions.
~ D r e o v e r , t h e r e s u l t s o f T h e o r e m s 5.3, 5.5 h o l d o v e r arbitral~y expressions,
w i t h t h e f o l l ~ i n g adjustments:
(i) I n C c m - a n d I d e - o f T h e o r e m 5.3, r e p l a c e v (a v a l u e tuple)
e v e r y w h e r e b y ~ (a t u p l e o f v a l u e e x p r e s s i o n s ) .
(ii) A d d in Coin = t h e c o n d i t i o n that, in t h e f i r s t (resp.seoond) s ~
o n t h e r i g h t - h a n d side, n o f r e e v a r i a b l e o f C(resp. B) i s b o u n d b y g.
W e n o w h a v e e n o u g h t o p r o v e t h e E x p a n s i o n Theorem, w h i c h w e
u s e d i n C h a p t e r 4.
T h e o r e m 5 . 8 (The E x p a n s i o n Theorem).
L e t B = (Bll... IBm )\A, w h e r e e a c h B i is a s ~ o f ~/ards. T h e n
c cBiI I B i I B m \ A ; g . B i
a s ~ m m a n d o f B i, name(g) { A }
+ [{~" ((BII " " I B I { ~ } I --- IB~I "-" IBm)\A) ;
~ . B i a s u m m a n d o f Bi, % E . B 3 a sLmlmand o f
B. , i ~ j }
]
p r o v i d e d t h a t i n t h e f i r s t t e a m n o f r e e v a r i a b l e i n ~ (k # i) is
bound by g .
83
Proof. W e f i r s t show, b y i n d u c t i o n o n m, t h a t
B I I . . . I B m ~ ~ { g . ( B I I . . . I B ~ I . . . I B m) ; g . B 1 a
s u n l ~ o f B. , l-<i-<In}
1
+ ( B I I - . . I B I . - . f B m ) ;
e~.B: a s u n m a n d o f B. , ~E.B'. a
l i 3
s ~ a a n d o f B. , i , j ~ { l , .... m } , i ; j }
]
u n d e r t h e p r o v i s o o f t h e T h e o r e m . N o t e f i r s t t h a t f o r m = 1 t h e
s e c o n d t e m n is v a c u o u s a n d t h e r e s u l t f o l l o w s s i m p l y b y r e f l e x i v i t y
o f ~ . N o w a s s ~ n e t h e p r o p e r t y f o r m - 1 , w i t h r i g h t - h a n d s i d e C.
T h e n w e h a v e (by congruence)
B i l - - - I B m _ l i B m ~ C l B m
and we may a p p l y Cam = , g e n e r a l i s e d as i n Theor em 5 . 7 , s i n c e each o f
C and B i s a s ~ o f g u a r d s - and mo r e o v e r t h e s i d e - c o n d i t i o n f o r
m
Can ~ ( s t a t e d as ( i i ) i n Theor em 5. 7) f o l l o ws f r c m t h e p r o v i s o o f t h e
p r e s e n t theorem. T h e p r o p e r t y f o r m t h e n f o l l o w s b y r o u t i n e , t h o u g h
s l i g h t l y tedious, m a n i p u l a t i o n s ; o f c o u r s e w e r e l y s t r o n g l y o n C c m ~ (2).
Finally, t h e t h e o r e m f o l l c ~ s e a s i l y b y r e p e a t e d u s e o f R e s - ( 3 ) a n d
S u n -(3).
E x e r c i s e 5 . 5 C c m p l e t e t h e d e t a i l s o f t h e i n d u c t i v e s t e p i n t h e proof,
a n d s e e e x a c t l y w h e r e t h e p r o v i s o o f t h e t h e o r e m is necessary.
I n sim~nazy : w e n c ~ h a v e a p o w e r f u l s e t o f laws f o r transfoz~ting
p r o g r a m s a n d b e h a v i o u r e x p r e s s i o n s w h i l e p r e s e r v i n g t h e i r d e r i v a t i o n p a t t e r n .
(These laws a r e e n o u g h t o p r o v e t h e E x p a n s i o n T h e o r e m , T h e o r e m 5.8, f o r
example. )
W e h a v e p r e p a r e d t h e w a y f o r i n t r o d u c i n g CTs, a n a l g e b r a w h i c h s a t i s f i e s
t h e s e laws a n d so m a y b e r e g a r d e d as a m o d e l o f O C S w h i c h is f a i t h f u l t o its
d e r i v a t i o n p a t t e r n s .
B u t w e s h o u l d m e n t i o n t h a t o ~ e r v a t i o n e q u i v a l e n c e (~) (generalised
f r o m 33 t o a d m i t value-passing) is a w i d e r r e l a t i o n t h a t o u r ~ , a n d
s a t i s f i e s s t i l l m o r e e q u a t i o n a l laws.
C H A P T E R 6
C~,~lunication T r e e s (CTs) as a m o d e l o f C C S %
6 . 1 C T S a n d t h e D ~ n a m i c O p e r a t i o n s
L e t u s r e v i e w t h e d e f i n i t i o n o f STs. A n S T o f s o r t L e A is
a rooted, f i n i t e l y b r a n c h i n g , u n o r d e r e d t r e e w h o s e a r c s a r e l a b e l l e d
b y m e m b e r s o f L u { T } .
A n o t h e r w a y o f s a y i n g t h i s is t h a t a n S T o f s o r t L is a f i n i t e
c o l l e c t i o n (multiset) o f p a i r s o f f o r m <~,t> (~eLu{~}) w h e r e e a c h
t is a g a i n a n S T o f s o r t L.
(We a l l o w this d e f i n i t i o n t o i n c l u d e t h e p o s s i b l i t y o f i n f i n i t e
p a t h s i n a n ST, t h o u g h t o s t a t e this f o z m a l l y r e q u i r e s same m a t h e m a t i c a l
so!~qistication w h i c h w e d o n o t w a n t t o b e b o t h e r e d w i t h - t h e i d e a o f
i n f i n i t e p a t h s is c l e a r enough.)
H e r e is a t y p i c a l ST:
N o w i n t h e l a n g u a g e o f C h a p t e r 5, p o s i t i v e labels a r e a l l o w e d t o
b i n d variables, a n d n e g a t i v e o n e s a r e a l l o w e d t o q u a l i f y v a l u e s (or
v a l u e e x p r e s s i o n s ) . Thus, w h a t 'happens next' a f t e r p a s s i n g a p o s i t i v e
l a b e l (= i n p u t guard) d e p e n d s u p o n t h e v a l u e input; less crit~cally, a
v a l u e i s o u t p u t w h i l e p a s s i n g a n e g a t i v e l a b e l (= o u t p u t guard). S u p p o s i n g
t h a t {v0,vl,...} a r e t h e v a l u e s o f t y p e a p p r o p r i a t e t o ~, a n d v is a
v a l u e o f t y p e a p p r o p r i a t e t o ~, t h e n a t y p i c a l C T w i l l l o o k like this:
v
2,
T h i s c h a p t e r is n o t e s s e n t i a l t o t h e t e c h n i c a l d e v e l o p m e n t , a n d c a n b e
cmitted. I t s p ~ e is t o a s s i s t u n d e r s t a n d i n g b y g i v i n g t h e n a t u r a l
g e n e r a l i s a t i a n o f S T s t o a d m i t v a l u e - p a s s i n g .
85
i n d i c a t i n g (i) t h a t o n p a s s i n g g u a r d ~, t h e i n p u t v i s e l e c t s t i
t o 'happen next'
(ii) t h a t v is o u t p u t o n p a s s i n g 8.
W e e x p e c t t h i s C T t o b e t h e i n t e r p r e t a t i o n o f a b e h a v i o u r p r o g r ~ n
a x . B + ~ V . B ' + T . B "
w h e r e (i) t h e p r o g r a m s B { v i / x ) s t a n d f o r C T s t i ;
(ii) t h e p r o g r a m s B' a n d B" s t a n d f o r t' a n d t".
N o t i c e t h a t t h e v a r i a b l e x a p p e a r s n o w h e r e i n t h e CT; its p u r p o s e
i n t h e p r o g r a m is t o s h o w h o w B d e p e n d s u p o n t h e v a l u e input, a n d t h i s
d e p e n d e n o e is e x p l i c i t i n t h e CT; e a c h t i d e p e n d s , literally, f r o m
t h e v a l u e v.. (Of course, v ~ c a n n e v e r d r a w a w h o l e CT, i n g e n e r a l -
1
e v e n t o f i n i t e d e p t h - b e c a u s e o f i n f i n i t e v a l u e dcmains).
M o r e fozmally, then:
D e f i n i t i o n A C T o f s o r t
e a c h o f fo~xn
L is a f i n i t e c o l l e c t i o n (multiset) o f pairs,
<~,f> (~L), w h e r e f is a f a m i l y o f C T s o f s o r t L i n d e x e d
b y the v a l u e s e t a p p r o p r i a t e t o
o r <~,<v,t>> (SeL), w h e r e v is a v a l u e a p [ m o p r i a t e t o ~ a n d t
is a C T o f s o r t L
o r <T,t> w h e r e t is a C T o f s o r t L.
L e t us d e n o t e b y C ~ L t h e C T s o f s o r t L, a n d b y ~ t h e s e t o f
v a l u e s a p p r o p r i a t e f o r s. W e have, as w i t h STs, a n a l g e b r a o f C T s as
follows:
N I L (nullary operation)
N I L is t h e C T
N I L E C T ~ .
+ ( b i n a r ~ operation)
is t h e C T
86
(a '~f-ary" operation)
v 0 v I v 2 v 0 v I
takes a set o f ~ of C T L indexed by V ,
f:_ V~ + CTL, and gives a member o f CTLu{e } ; so
~ ( v ~ c T L ) C T L u { ~ }.
~%is is w h y we called ~ a V -ary operation.
which is just a function
(a family o f unary operaticns)
~v , for each v e V , is the C f
For each v, ~ v e CT L + CTLu{~}; ~ e Ve (CT L CTLu{~}).
T (unary operation)
2
T ~ C T L C T L.
Clearly there is a very close relaticn between CCS programs (involving
only the dynamic operations) and expressions for CTs in this algebra.
~his is no accident'
Corresponding to programs NIL, ~v.B, T.B, B + B' w e have CTs
NIL, ~vt, ~t, t + t'. Corresponding to t h e program ~x.B w e have a
C T ~f; if w e wrote t h e C ~ family f as v ~+ t(v) then w e w o u l d
express ~f as
~(v ~ t(v))
Of oourse there are many CTs whiQh w e cannot write down as expressions,
because arbitrary V - i n d e x e d families of CTs cannot be written down
finitely.
87
B u t w e can, u s i n g t h e s e n o t a t i o n s , b e g i n t o d e f i n e the i n t e r p r e t a -
t i o n o f C C S i n t h e a l g e b r a o f CTs. W e s h a l l w r i t e t h e C T w h i c h B s t a n d s
f o r as ~ B ]. T h e n w e h a v e
D e f i n i t i o n
~ N ~ L ~ = NIL
~ X . B ~ = ~ (V ~ { I ~ V / X } ~ )
~ j v . B ~ = j ~ B ~
[~ .B~ = T~B~
[ B + B'~ = [B] + [B']
6.2 C T s a n d t h e s t a t i c o p e r a t i o n s
W e n o w s h o w t h a t t h e s t a t i c o p e r a t i o n s ] , \~, [ S] c a n b e d e f i n e d
r e c u r s i v e l y o v e r CTs. R e c a l l t h a t a C T is, fom~ally, a m u l t i s e t o f
e l e m e n t s l i k e <~,f>, <6,<v,t>> o r <x,t> ; w e s h a l l c a l l s u c h
e l e m e n t s b r a n c h e s o f t h e CT. W e s h a l l o o n t e n t o u r s e l v e s w i t h a r a t h e r
infoxm~%l d e f i n i t i o n o f I , \~, [S] u s i n g p i c t u r e s o f b r a n c h e s , r a t h e r
t h a n d e f i n i n g t h e m f o r m a l l y i n temas o f m u l t i s e t s .
, I . . . . . . .
(binary operation)
I~CT L x C ~ f M CTLu M
L e t tcCTL, u e C T M. T h e n t l u
v 0
(i) F o r e a c h b r a n c h
v o v I T~
(ii) For each branch ~
/ - X
(iii) For each branch ~T
h a s t h e f o l l o w i n g brandles:
T
v I c~
" o f t, a b r a n c h
o f t, a b r a n c h
o f t, a b r a n c h
i
88
and similarly for the branches of u.
(iv) For each pair of branches
[
a branch
of t, and of u,
and similarly for brandles <~,<vj,t'>> of t and <~,vi~+ ui> of
(~nus an output branch of u selects a nm~ber of t's cempla~ntary
input branch. You should c c ~ r e this definition with crmpcsition of
STs in 2.3.)
u.
\a (unar~ operation)
\ ~ CT L c ~ { ~ , ~ }
We could give the recursive definition, but it's enough to say that t\a
is gained by pruning away all e- and ~-branches occurring anywhere
i n t .
[ S ] (unary operatic)
[S]ECT L + % , where S:L M is a relabelling.
Again it's enough to say that t[S] is gained by replacing k by Sl
everywhere in t (IEL).
If_Exercise 6.1 Give the recursive defintions of \s, IS] in the same
ii
H style as w e defined I
Now of course, w e can continue our definition of the interpretation
of behaviour programs, as follows:
Definition EBIB'~ = EB]I~B'~
~BES]] = EB][S]
Ei_~f true then B else B'] = [B~
[i_~f false then B else B'~ = [B'~
89
S i n c e o u r d e f i n i t i o n s o f ~ f o r p r o g r a m s l o o k v e r y trivial, as t h e y
should, w e m u s t r e m i n d o u r s e l v e s o f t h e p u r p o s e . W e a r e a i m i n g t o s h o w
t h a t w h e n w e a r e w o r k i n g w i t h s t r o n g e q u i v a l e n c e o f p r o g r a m s (the con-
g r u e n c e r e l a t i o n ~ d e f i n e d i n 5.7), a n d u s i n g i t s p r o p e r t i e s as
l i s t e d i n t h e o r e m s 5.3, 5.5 (but c m i t t i n g S%~n =(4), t h e a b s o r p t i o n law),
t h e n w e a r e j u s t i f i e d i n t h i n k i n ~ o f t h e p r o ~ r a r s as t h e C T s t h a t t h e y
denote; C T s a r e m e a n t p r i n c i p a l l y t o b e a h e l p f u l m e n t a l p i c t u r e , o r
v i s u a l aid.
T h e r e s t o f t h i s c h a p t e r g i v e s t h e a p p r o p r i a t e justification. B u t
f i r s t w e m u s t d e a l w i t h r e c u r s i v e l y d e f i n e d CTs.
6 3 C T s d e f i n e d b y r e c u r s i o n
A s s ~ n e as i n 5.4 t h a t o u r b e h a v i o u r i d e n t i f i e s b a r e d e f i n e d b y
c l a u s e s
b (xi,... ,x n (b)) ~ ~ '
o n e f o r e a c h b. H e r e i t w i l l b e c o n v e n i e n t t o s u p p o s e t h a t b0, bl,...
a r e t h e s e t o f identifiers, w i t h a ~ i t i e s no, nl,... , a n d w r i t e B i f o r
, s o t h a t t h e c l a u s e s a r e
i
b i ( x i , - - . , X n i ) ~ B i .
N e w w e i n t e n d t o s h c ~ t h a t t h e s e c l a u s e s define, f o r e a c h i a n d v e c t o r
= v I, ... , V n o f v a l u e s a p p r o p r i a t e f o r b i, a u n i q u e C T as t h e
1
i n t e r p r e t a t i o n o f
b i
~ h a t a r e t h e s e C T s t o b e ? W e w i l l c a l l t h e m ~ b i(9) ]. ~ h e n w e k n o w
them, w e a l s o k n e w t h e m e a n i n g o f B i { v / ~ } f o r e a c h i a n d v; this
is so b e c a u s e , b y o u r d e f i n i t i o n s [] s o far, e a d l ~Bi{v/x}~ c a n b e
r e w r i t t e n as a C T e x p r e s s i o n i n t e r m s o f ~bj ( u ) ~ f o r v a r i o u s j a n d
u. A n ~ l e w i l l m a k e t h i s clear. C o n s i d e r t h e d e f i n i n g c l a u s e
b(x) ~ = i_ff x = 0 t h e n ~ x . N I L e l s e ~y.b(y)
a n d c a l l t h e r i g h t - h a n d s i d e B o T h e n
~B{0/x}~ = ~ 0 o N I L ~ = T0 (NIL) (a C T expression)
w h i l e f o r a n y v ~ 0
~B{v/x}] = ~ y . b ( y ) ~ = ~ ( u ~ b ( y ) { u / y } ~ ) = e ( u ~ b ( u ) ~ ) ,
90
N o w w e w i s h o u r C T s b. ( v ) , f o r e a c h i a n d V , t o b e s o l u t i o n s
l
o f t h e e q u a t i o n s o v e r C T s
~bi(v) ~ = [ B i { ~ / x } ~
( t h e r e a r e v e r y m a n y s u c h e q u a t i o n s , o n e f o r e a c h p a i r i, 5 . )
L u c k i l y , w e c a n p r o v e t h e f o l l o w i n g :
Pro~x)sition 6 . 1 I f t h e h e h a v i o u r i d e n t i f i e r s b i a r e g u a r d e d l y w e l l - d e f i n e d
(see 5.4) t h e n t h e e q u a t i o n s
~bi(v) ~ = ~ B i { ~ / ~ } ]
d e f i n e a u n i q u e C T ~b. (~) ~ f o r e a d l p a i r (i,v).
1
~ f O m i t t e d .
W e c a n s e e w h y t h i s i s so, f o r o u r e x a r ~ p l e a b o v e , a s f o l l o w s .
C l e a r l y ~ b ( 0 ) ~ = 8 0 ( N I L ) = [ ~ i s u n i q u e l y d e f i n e d .
0
F o r a n y v ~ 0 w e h a v e
[ b ( v ) ] = ~ ( u ~ [ b ( u ) ] ) = [ ~
|
A ........
2
S O t h a t b y u s i n g t h e t w o e q u a t i o n s r e p e a t e d l y t h e C T ~b(v) ] f o r a n y
v c a n b e d e v e l o p e d u n a m b i g u o u s l y t o a n y d e s i r e d d e p t h .
O n t h e o t h e r h a n d , c o n s i d e r a g a i n t h e f o r b i d d e n e x a m p l e i n 5 . 4
b(x) ~ ~ x . N I L + b ( x + l ) .
F o r a n y v (a n o n - n e g a t i v e integer) w e w o u l d h a v e
~b(v) I = ~ v ( N I L ) ~b(v+l)
9 1
and if w e develop this, w e obtain the infinitely branching (forbidden')
CT for b(0) :
~b(0)~
Moreover, even if we allowed infinite branching in Cgs this w o u l d not be
a unique soluticn.
Exercise 6.2 Find another solution. (Hint: consider, if y o u k n o w
the theory of regular expressions, w h y the equation R = S R + T -
for given sets of strings S and T - does not have a unique
soluticn for R as a set of strings unless c~S, where e is the
null string. )
TO stun up; we crxsplete our interpretation of behaviour programs
as CTs b y defining unambiguously for each b
Definition ~ ( ~ ) ~ = ~ { ~ / X } ~
Remark There is a more general interpretation than CTs whidn makes sense
of unguarded recursions, but w e decided not to use it here.
6.4 Atcmic acticns and derivaticns of CTs
If we w i s h to think of behaviour programs as the CTs which they
stand for, then - for one ~ g - w e m u s t b e able to understand the
action relations ~ v over CTs in such a w a y that they hazmonize
w i t h the correslx)nding relations over programs.
W e therefore start with an independent defintion of the relations
~ v over CTs. (We c~tld use a different symbol frc~ --~ for these
relations, but it will in fact always be clear whether w e are talking
about atcmic actions of CTs or o f prograns. )
g2
Definition Let t be a CT, i.e. a multiset of pairs (as defined in
6.1). Then t has the atcmic actions
(i) t ~v) f(v) for e a c h ~ r <u,f> of t and each v of
type appropriate for u;
(ii) t ~ v t' for ead~ member <~,<v,t'>> of t;
(iii) t T ~ t' for each member <T,t'> of t.
~ i s states, for every t, exactly w h i c h pairs <t,t'> are in the
relation ..... pv ~ for every ~ and v.
II F xercise 6.3 List the atomic actions of the typical CT diagrammed in
I 6 . 1 .
IF~ercise 6.4 Prove that + ~ v t' iff either ~ v > t'
t I t 2 t 1
o r t2 ~ v t'.
Exercise 6.4 gives a hint of the h ~ y we expect between the
action relations ~ v over CTs and over prograns. For if w e recall
the rules Sum+ of 5.3, w e can rephrase them as follows:
~v B'
B I + B 2 > iff either B1 ~ V ~ B , or B 2 ~ > B '
(the 'iff' being justified by the fact that S~n+ is the only rule b y
which actions of B i + B 2 can be inferred).
Similarly, the CT ~f, which is the multiset whose only member is
<~,f>, has only the actions
ef e v > f(v) , for each v,
which we can cc~pare with the fact, frcm Act+ (1) in 5.3, that the
program ax.B has only the actions
~x.B ~ v > B{v/x}, for each v.
Exercise 6.5 Using the definition of I over CTs in 6.2, show that
the CT tllt 2 has exactly the actions
(i) t. It^ -~v t' It^ when t~ ~v t' ;
_fLY_ , ~ ,
(ii) tllt 2 tllt 2 when t 2 ' t2;
(iii) tllt 2 T t~it ~ when tl lv t~
Cc~pare Corn+ in 5.3.
~ v
!
a n d t 2 t 2 .
93
S u r e l y t h e n t h e a t o m i c a c t i o n s o f B a n d its C T [B ~ a r e c l o s e l y
related. W e s t a t e t h e r e l a t i o n in a theorem:
T h e o r e m 6.2
(i) I f B W V > B , t h e n ~ U v > ~ , ~ ;
(2) If [B~ W v > t , , t h e n f o r s a m e B', B ~ v > B , a n d [B'~ = t I.
P r o o f M a i n l y b y i n d u c t i o n o n t h e s t r u c t u r e o f B; b u t p a r t i c u l a r c a r e
is n e e d e d w h e n B = b ( 9 ) , a n d t h e asstmlotion t h a t t h e b ' s a r e g u a r d e d l y
w e l l d e f i n e d is important.
I n o t h e r w o r d s , t h e a t c m i c a c t i o n s o f [B~ a r e e x a c t l y ~B~ Wv > [B'
w h e r e B ~v >B' is a n a t o m i c a c t i o n o f B; t h i s m e a n s t h a t in c o n -
s i d e r i n g a t r m ~ c a c t i c n s , i t m a k e s n o d i f f e r e n c e w h e t h e r w e t h i n k o f
p r o g r a m s o r o f t h e C T s t h a t t h e y s t a n d for.
T h e n e x t s t e p is t o s h o w t h a t t h i s h o l d s t o o i n c o n s i d e r i n g s t r o n g
e q u i v a l e n c e .
6.5 S t r o n g e q u i v a l e n c e o f C T s
W e p r o c e e d i n t h e s a n e style; t h a t is, w e d e f i n e s t r o n g e q u i v a l e n c e
(~) o v e r C T s i n d e p e n d e n t l y , a n d t h e n s h o w h o w it h a n m o n i s e s w i t h s t r o n g
e q u i v a l e n c e o f p r o g r a m s . O u r d e f i n i t i o n is e n t i r e l y a n a l o g o u s t o t h a t o f
~ f o r p r o g r a m s (5.8) ; w e u s e a d e c r e a s i n g s e q u e n c e ~0' ~I '"" "' ~ k'""
o f e q u i v a l e n c e s :
D e f i n i t i o n t ~ 0 u is a l w a y s true;
t ~ k + l U i f f f o r a l l u , v
~ v u' t'
(i) if t ~ v . t' t h e n f o r s a m e u', u ~ a n d ~ k u';
(ii) i f u B v u' t h e n f o r s o m e t', t B v t' a n d t' ~ k u'.
t ~ u i f f V k >0.t~ku.
A l t h o u g h w e d o n ' t n e e d i t a t p r e s e n t , w e m a y as w e l l s t a t e t h e a n a ! ~
o f T h e o r e m 5.4.
T h e o r e m 6 . 3 ~ is a c o n g r u e n c e r e l a t i c n in t h e a l g e b r a o f C~s. M o r e
p r e c i s e l y , t l ~ t 2 inlolies
94
t I + u ~ t 2 + u , u + t i ~ u + t 2
~ v < t ~ ~ ~v<t21, ~ < t p ~ ~ It2~
t l I u ~ t21u, U l % ~ ult 9
t l \ ~ ~ t 2 \ ~ , t l [ S ] ~ t 2 [ S ]
and for fl (v) ~ f2 (v) ( f o r all v) i~plies ~fl ~ ~f2"
Proof Analogous to Theorem 5.4, and cmitted.
What w e do need, to ccmlolete our justification of thinking of
programs as CTs, is the following:
Theorem 6.4 B I ~ B 2 iff [ B I ~ ~ [B2].
Proof We tin/st prove separately, by induction on k, that
(i) B I ~ k B 2 implies ~BI~~k[B2];
(2) [B 1] ~ k~B2] inlolies B 1 ~ kB2 -
W e do only (i), leaving (2) as an ez~ercise. The case k=0 is trivial.
_z_rcise 6.6 9~y?
N o w asst~me (i) at k, and assl~ne B I ~ k + I B 2 , and prove [ B I ~ ~k+l[B2~.
!
Suppose ~BI] ~ v tl" Then by Theorem 6.2(2)
BI--Z~B'I for some BI,' with ~ B ~ = t'l '
So b y ass~mlotion
B 2 ~ v ~ for ~ B~, w i t h B l i p 2 ,
and by Theorem 6.2 (!)
~B 2~ ~Y- B' =
~ 2~, with t I ~B'~~~.[B'~I ~ z by inductive hypothesis.
This verifies the first clause in ~k+l's definition; the second clause
follows b y symmetry, so the inductive step for (i) is ec~iolete.
Exercise 6.7 Prove (2) by inducticm on k. Y o u will again need both
parts of Theorem 6.2; if y o u think you need only one part, then your
proof is lJ_kely to b e wrong.
95
6.6 Equality in the CT model
Can w e h a v e B I ~ B 2 but [BI~ 9 [B2~? That is, if two progr~ns are
strcngly equivalent, are their CDs perhaps always the same?
No, because for example
T.NIL + T.NIL ~ ~.NIL;
but the two ~ are T and T respectively.
But then perhaps the only difference between the CTs ~ B I ~ and [B2~,
when B I ~ B 2, is due to the fact that t + t = t is false for CTs, because
we allow the presence of identical branches.
In fact, we first thought that if we adjusted our definition of CTs
to be in terms of sets rather than multisets, then all our results so far
~Duld hold, and also we would have
B I ~ B 2 iff ~BI~ = [B2~ (?)
However, Brian Mayoh showed this to be false, with the following simple
counter-example. Suppose x is a Boolean variable, and consider the two
programs
B 1 = e.x.C 1 + ~x.C 2
B 2 = ~x (i_ff x then C 1 el__~ C2)+ ax. (if x then C 2 else C1)
where C 1 and C 2 do not ccntain x. Clearly w e have only the following
four actions for B :
BI~-~Y~Vc i , ve{true,false} and ie{1,2}
and B 2 has exactly the same four actions. So B 1
[ B ~ are different CTs:
~ B 2. But [ B I ~ and
true ~ false true ~ false
AAAAA AA
in which t i = [Ci~, it{l,2}. So in general [BI~ # [B2~ , though of course
~BI~ ~ ~B2~ b y Theorem 6.4.
We dnose to define CTs as multisets rather than sets of branches,
because it seemed that multisets are a more eoncrete intuitive model;
96
a f t e r all, t o c h e c k w h e t h e r t w o b r a n c h e s a r e i d e n t i c a l r e q u i r e s a n i n f i n i t e
a ~ o u n t o f work' B u t i t is v e r y m u c h a m a t t e r o f taste.
E v e n in t h e p r e s e n t m o d e l , m a n y e q u a l i t i e s hold. I n fact, if w e a l l o w
o u r s e l v e s t o d r o p t h e s e m a n t i c b r a c k e t s [ ~ , a n d t a k e a b e h a v i o u r p r o g r a m
t o d e n o t e a C T w i t h o u t t h i s e x t r a formality, t h e n w e s t a t e t h e following:
T h e o r e m 6 . 5 A l l t h e o o n g r u e n c e s o f T h e o r e m s 5.3, 5.5 a r e i d e n t i t i e s in
t h e C T model, e x c e p t Sty---(4) (absorption).
P r o o f Omitted. I t is a m a t t e r o f p r o v i n g t h a t t h e t w o C T s i n q u e s t i o n -
f o r e x a u p l e (BIIB 2) \~ a n d ( B l \ a ) ~ ( B 2 \ a ) ( R e s ~ (3) in T h e o r e m 5.5) -
a r e i d e n t i c a l t o d e p t h k, f o r a r b i t r a r y k (using i n d u c t i o n o n k).
I n fact, t h e i d e n t i t i e s o f T h e o r e m 5 . 3 c a n b e p r o v e d w i t h o u t a n y induction.
E x e r c i s e 6 . 8 P r o v e s o m e o f t h e i d e n t i t i e s o f T h e o r e m 5.3. A l s o p r o v e
C c m ~ (1) o f T h e o r e m 5.5 - B 1 IB 2 = B 2 1 B 1 - b y i n d u c t i o n o n depth.
T h a t is, asst~me t h a t C I l C 2 a n d C 2 1 C 1 a r e i d e n t i c a l t o d e p t h k
f o r a l l C 1,C2, t h e n s h o w t h a t t h e b r a n c h e s o f B lIB2, B 21B 1 a r e
in 1-1 c o r r e s p o n d e n c e , w i t h o o ~ d i n g b r a n c h e s i d e n t i c a l t o
d e p t h k+l.
6.7 S ~ r ~ % r y
I n t h i s c h a p t e r w e h a v e
(i) C o n s t r u c t e d C T s as a n i n t u i t i v e m o d e l o f CCS;
(ii) S h o w n that, i n c c n s i d e r i n g a t c ~ i c a c t i o n s a n d s t r c n g e q u i v a l e n c e o f
programs, w e a r e j u s t i f i e d in c c n s i d e r i n g t h e s e n o t i o n s a s t h e y a p p l y
t o t h e d e n o t e d CTs;
(iii) S h o w n t h a t m a n y u s e f u l p r o g r a m e q u i v a l e n c e laws a r e a c t u a l l y i d e n t i t i e s
f o r CTs.
W e h a v e n o t s t u d i e d t h e w i d e r r e l a t i o n o f o b s e r v a t i o n - e q u i v a l e n c e o v e r
programs. B u t it t u r n s o u t that, f o r a n y e q u i v a l e n c e r e l a t i o n whirl% is
d e f i n e d i n t e r m s o f ~ v a n d / o r ~, w e c a n t h i n k o f t h i s a l s o as as
e q u i v a l e n c e r e l a t i o n o v e r CTs.
g7
Exercise 6.9 After reading ~7.1 and 7.2 on observation equivalence
(~), define the analogous relation z over CTs. Then investigate
whether the analogue of Tneorem 6.4
B I = B 2 iff [B I ~ B 2
is true, as suggested in 5. !.
One further point should be mentioned. The syntax of CCS is such
that only a small subclass of CTs are expressible as prograns. In parti-
cular, a C T of fozm {<~,f>} can cnly be expressed by a program ~ . B
for which B, ocnsidered as a function of its free variables ~, expresses
the fanily f schematically. Now there are effectively indexed CT-families
f which cannot be represented b y CCS expressions; ccnsider for example
the family f = { ~ [ ; ioN}, and let s bind an integer variable, so
that {<~,f>} is the-e CT
I
0 i 2
whose (infinite) sort is {a,~0,yi,y2,...}. To express it in CCS we may
wish to allow labels to be parametically dependent upon values, and write
~X.~x.NIL. In more (xmplex cases ~x could also qualify a value expressicnt
or be replaced by a positive parametric label binding a variable. Such
extensions of CCS may be of real practical value. If we wish to ccnsider
them, then the theory of CTs increases in importance since it does not
co,nit us to any particular expressible subclass of CTs.
CHAPTER 7

Observation e q u i v ~ e n c e and its properties

7.1 Review
In Chapter 6 w e studied CTs as a model of CCS; this should have
given insight into the laws of strcng ccngruence ( ~ ) stated in Theorems
5.3 and 5.5, since CTs satisfy all these laws except the absorption law
B + B - B, interpreted as identities. In spite of this slight discrepancy,
it is still useful to think of programs 'as' CTs.
In 3.3 w e defined a notion of Observation Equivalenoe ( = ) for STS;
in our Data Flow example (4.3) w e anticipated using it in full CCS b u t
gave no definition. We saw that its purpose was to allow unobservable
actions (~) to b e absorbed into experiments.
Recall also the derivations of 4.4. We abbreviated
m
B Tm--~B' (m>-0) by B - ~ B '
m n
B ~" ~v.T >B' (re,n_>0) b y B ~v >B'
More generally, w e n o w abbreviate
~ . ~iv:T m ~ . . . . ~ k V k . ~
B ~ B ' ( k - > 0, m 0 ..... ink> 0)
~IVl ..... ~ k V k B '
b y B
which includes the above cases (they correspond to k = 0, k = i). It also
includes the possibility ~ i = T, so that for example B ~ B ' means
m
Tm
B >B' for some m > 0 , while B e~ >B' means B T ~ B ' for sane
m >- 0 ; b u t usually w e shall have u ic A.
For each s = XIv I ..... IkV k ~(A V)*, ~ is the s-experiment
relation, and each instance B -S->B' is called a s-experimemt. W e n o w
define Observaticn Equivalence = in tezms of s-experiments.
7.2 Qbservatic n equivalence in CCS
Analogous to 3.3, = is defined for programs by a decreasing sequence
of equivalences:
99
Definition B z 0 C is always true;
B Dk+l C iff for all s%(A x V)*
(i) if B s .~B' then for same
(ii) if C s-~C' then for scrae
B = C iff k/k > 0 . B ~ k C.
Remarks
C', C S ;C' a n d B ' ~ k C';
B', B s ~B' and B' ~ k C';
(i) There is a question as to whether w e need to consider all s-experiments
in this definition, o r if it is enough to coD~ider only those of length
1 - i.e. w e m i g h t replace se(A x V)* b y s e a V in the definition.
T h e relation ~ thus obtained is different, but it turns out that the
congruence (7.3) which it induces is the same (assuming only that
CCS includes an equality predicate over values), t/qough w e shall not
prove it here~ Our present definition, using (AxV) * , has sc~aewhat
nicer properties.
(2) Our definition has a property w h i c h m u s t b e pointed out. It all(x~s
the program (CTs)
T = and NIL =
to be equivalent' (T ~ can be defined by b ~ T.b.)
iExercise 7.1 Prove T ~ ~ i " ~ ~ ~ . ~ N I L by induction o n k.
Notice that the 0nly experiment on T ~ is ~%-~ ;'T ~ (corresponding
I i to T~ T m > T m for any m) and NIL's only experiraent is N I L e > NIL.
R
Thus, whenever w e have proved B ~ C (e.g. B m a y be a program and C
its specification) w e cannot deduce that B has n o infinite unsee~
action, even if C has none. In one sense w e can argue for our def-
inition, since infinite unseen action is - b y Our rules - unobserv-
able' B u t the problem is deeper; it is related to so-called
fairness, w h i c h w e discuss briefly in 11.3. In any case, there is
a more refined notion of ~ w h i c h respects the presence of infinite
unseen action, w i t h properties close to those w e m e n t i o n for the
present one.
I00
(3) D i s r e g a r d i n g t h e q u e s t i o n o f w h i c h e q u i v a l e n c e is correct, i f i n d e e d
t h e r e is a s i n g l e 'correct' one, t h e f i n e r e q u i v a l e n c e (under a
s l i g h t f u r t h e r refin~Inent)has i n t e r e s t i n g properties. H e n n e s s y a n d
P l o t k i n [HP 2] h a v e r e c e n t l y f o u n d t h a t it c a n b e axic~atized, i n
a s e n s e w h i c h w e c a n n o t e x p l a i n here. M u c h m o r e n e e d s t o b e k n o w n
b e f o r e w e c a n s a y w h i c h e q u i v a l e n c e y i e l d s b e t t e r p r o o f m e t h o d s ;
a t l e a s t w e c a n s a y that, if a n e q u i v a l e n c e c a n b e p r o v e d und~_r t h e
r e f i n e d d e f i n i t i o n , t h e n it h o l d s a l s o u n d e r ours.
W e n o w t u r n t o t h e p r o p e r t i e s o f z. T h e r e are m a n y , b u t t h r e e a r e
e n o u g h t o g i v e a f e e l i n g f o r it, a n d t o a l l o w y o u t o r e a d t h e f i r s t c a s e
s t u d y i n C h a p t e r 8, if y o u w i s h , b e f o r e p r o c e e d i n g to 7.3.
T h e m a i n t h i n g w h i c h d i s t i n g u i s h e s z f r o m ~ is t h e following:
P r o p o s i t i o n 7.1 B ~T B
P r o o f W e s h o w B ~ k r . B b y i n d u c t i o n o n k. k=0 is trivial, s o w e
asst~ne f o r k a n d p r o v e f o r k+1:
s. B'
(i) L e t B s--~-B '. T h e n a l s o ~ . B - , a n d w e k n o w B ' ~ k B ' (each
~ k is a n e q u i v a l e n c e relation:)
(ii) L e t T . B ~ C ' . T h e n
e i t h e r (a) s=e, a n d C' is ~.B; b u t t h e n a l s o B B, a n d b y
i n d u c t i o n B ~ k T . B
o r (b) ~ . B ~ B s C', i.e. B S ; c , also, a n d a g a i n
C' ~ k c'
T h i s c o m p l e t e s t h e i n d u c t i v e step, y i e l d i n g B = k + I T . B .
T h i s p r o p o s i t i o n s h o u l d m a k e y o u i m m e d i a t e l y s u s p i c i o u s o f =,
b e c a u s e w e c a n s h o w t h a t i t c a n n o t b e a ccngruence. In p a r t i c u l a r
B ~ C d o e s n o t i m p l y B + D ~ C + D;
e.g. t a k e B as NIL, C as T.NIL, D as e . N I L -
t h e n B ~ C b y P r o p . 7.1, b u t B + D ~ 2 C + D .
I Exerci______se 7__.2 S h o w t h a t N I L + ~ . N I L ~ 2 T . N I L + ~.NIL, b y o b s e r v i n g t h a t
R H S E > NIL, b u t t h e o n l y e - e x p e r i m e n t o n I H S y i e l d s a r e s u l t w h i c h
is ~I N I L
I
101
Even so, Theorem 7.3 b e l ~ tells us that ~ is near exKx~h a ccn-
gruence for many purposes. First w e need to see its relation with ~ .
Theorem 7.2 B ~ C implies B ~ C.
Proof W e show that B ~ C implies B ~ k C b y induction on k. A t k=0
it is trivial; ass~ne it at k ( f o r all B and C), and prove it
at k+l. Assume B ~ C :
BnVn Bn, where sane of
(i) let B ~ B n , say B ~ I ~ I > B
. . . . . . . . . . ,
the ~ivi may be T, while the re~rainder ccnstitute s. Then by
Ci, ..., % with
n
Theor~n 5.6 used repeatedly, there exist
ivl ~nVn
C ~ C 1 ... ~ C n , i.e.
with B. ~C. for all i<-n.
i 1
In particular B n ~ C n , so by induction B n ~ kCn , and we have found
the desired % .
(ii) Let C ~ C n ; then similarly w e find B n with B ~ B n = k C n .
The importance of this theorem is that all laws of Theorems 5.3, 5.5 hold
also for =.
Theorem 7.3 Observation equivalence is a congruence for all behaviour
operations except +. ~bre precisely:
(I) B ~ k C ir~plies I ~ v . B ~ k ~ . C , T . B ~ k T . C ,
i
I B I D ~ k C I D ,
t B\a = kC\a, B[S] ~ kC[S]
and B{v/x}~kC{V/X} for all v implies ~x.B~k~X.C.
(2) Hence the same holds with the indices k removed.
Proof Let us just take the n~st interesting case:
B ~ k C implies B I D ~ k C I D ,
which w e prove by induction cn k. ( T h i s property is not true for the
different observation equivalence suggested in Remark (i) ~ e . ) Assume
at k, for all B, C, D, and ass~ne B = k + I C :
102
i)
Definition Let x
B = C if, for all
Then w e have
Let BID S > E ; then E must be B'ID' , with B q;-B', D ~ D '
for scr~ q,r (ccntaining ccr~lementary ~ s which 'rcerge' to
form s .> in a way which we need not detail) Then for same C'
C :q'-c' and B ' ~ k C' by assumption.
But then C J D S ; . C' 1D', and by the induce_ive hypothesis
B'JD'~kC'ID' , i.e. E~kC'ID'.
(ii) Let CID s~ ..... E, then similarly w e find B'ID' such that
BID ~B' I D' ~k E.
The essenoe of Pr q0os i t i c n 7. 1 and Theorems 7. 2, 7. 3 i s t ha t we
can use a l l our l aws, and cancel T' s t oo, i n pr ovi ng obs e r va t i on
equi val ence - pr ovi ded onl y t ha t we i nf e r not hi ng about t he r e s ul t of
substituting C for B under +, when w e only know B ~ C .
The next section tells us what such inferences can b e made.
Exercise 7.2 Prove that B ~ k C implies a v . B ~ k ~ V . C by induction
on k. Why is induction neaessary? (Consider ~-experiments).
As we did for ~, we extend ~ to expressions by:
be the free variables in B or C or both. Then
v
Theorem 7.4
sions.
Proof Routine.
Frgn now on, we deal with expressions.
Proposition 7.1 and Theorems 7.2, 7.3 hold also for expres-
103
7.3 Observation Congruence
W e must nc~ face the fact that ~ is not a ccngruence (see Exercise
7.2). But we would like a congruence relation, because we would like to
know that if B and C are equivalent, then in whatever context w e
replace B b y C the result of the replacement will be equivalent to
the original - which is cnly trae for an equivalence relation which is a
congruence. W e have one congruence - strcng congruence (~) - but it is
too strong; for exarp!e ~.~.NIL ~ ~.NIL.
Can w e find a ccngruence relation which is weaker than ~ (so that
all our laws, Theorems 5.3 and 5.5 will hold for it), and has sane of the
properties of % (so that for example ~.T.NIL and ~.NIL will be congruent)i
Let us draw the order relation (part of the lattice of equivalence relations)
among our existing equivalence relations with stronger relations to the leftj
and square boxes representing ccngruences:
Equivalences over behaviour programs:
Identity _~ ~ ~ ~ ~ Universal 1
.Relation Relation
We want to fill in "?". It must be strcnger than ~ because w e do want
ccngruent prograns to be observation equivalent. We get what we want by
the following:
c
I Definition B ~ C (Obse#vation congruence) iff for every expression
context C[ ], C [ B ] ~ C [ C ] .
Theorem 7.5
(i) c is a congruence relation;
(2) If @ is a ccngruence and B S C implies B ~ C , then B S C implies
B C ~ c .
Proof Omitted; it is ccmpletely standard, and has no~dling to do with
particular properties of the equivalence Z - [~
104
c
Our Theorem says that
(smaller than) ~.
is the weakest congruence stronger than
Cor011ary 7.6 B ~ C implies B c C implies B = C
Proof Immediate.
It is cne thing to define a congruence, another to know its properties.
c
W e first find o u t more about the relation o f = to =; in the next
c
secticn w e find sc~e laws satisfied b y ~ .
W e saw earlier that sign ccntexts w e r e critical for ~, because
B ~ C does not imply B + D ~ C + D. ~lis leads us to explore a n e w equi-
+
valence relation = :
Definition B ~ + C iff Y D . B + D ~ C + D
(equivalence in all sun contexts.)
N o w the critical result is the following:
Theorem 7.7 ~ + is a congruence.
Proof See 7.6. This proof is n o t standard, but depends strongly on the
definition of ~; it is not true for the alternative in Remark (i) of 7.2,
and that is w h y w e chose our definition. Theorem 7.3 is critical.
F r c m this w e get, fortunately:
c +
Theorem 7.8 ~ and ~ are the sane congruence.
Proof
+
(i) B = + C implies B ~ c C b y Theorems 7.5(2) and 7.7, since ~ is
stronger than = (take D to be N I L in the definition).
(ii) B c C implies B ~ + C, since [ ] + D is just a special kind of
context.
N o w w e know that w e preserve ~ b y substitution exoept in '+' con-
texts. W h a t do w e do if w e have B ~ C and w i s h to k n o w s c m e t h i ~ about
B + D and C + D? Luckily, for an important class of expressions B and
C w e can infer from B = C that B ~ c C, and then infer that B + D ~ c C + D.
Definition B is stable iff B - ~ B ' is impossible for any B'.
Thus a stable behaviour is one w h i c h cannot 'move' unless y o u observe it.
Stability is ir~portant in practice; one reason w h y our scheduler in
Chapter 3 works, for exanple, is that it will always reach a stable state
if it is deprived o f external c~,tlunication for long enough. Cc~pare
the notion of "rigid" in Chapter I~ w e m a y define a rigi d program to be
one whose derivatives, including itself, are all stable.
105
T h e r e a r e t w o m a i n p r o p o s i t i o n s a b o u t stability; f i r s t w e p r o v e a
l e s m a i n a s l i g h t l y m o r e g e n e r a l f o r m t h a n w e n e e d f o r t h e p r o p o s i t i o n s
b u t t h e g e n e r a l f o z m h e l p s in t h e p r o o f o f T h e o r e m 7.7 (skip t h e l e m m a
i f y o u a r e o n l y i n t e r e s t e d in m a i n results, n o t p r o o f s ) .
L e n m ~ 7.9 I f B z + C a n d B - ~ B ' , t h e n f o r e a c h k t h e r e is a C' s u c h
t h a t C ~ ;'C' a n d B' ~ k C'.
P r o o f S ~ p p o s e C' d o e s n o t exist; w e f i n d D s u c h t h a t B + D ~ C + D,
c e n t r a r y t o assir~ption. T a k e D t o b e 1 .NIL, w h e r e Io is n o t in t h e
s o r t o f B o r C. N o w s i n o e B ~ B ' , w e h a v e B + D ~ B ' . B u t if
C + D ~ E t h e n e i t h e r (i) E is C + D, ~ ' s i n c e C + D I ~ ; N I L , b u t
D ~ E - B' ; o r ( i i ) C ~ E , ~ k B' b y supposition; o r (iii) T
i m p o s s i b l e s i n c e D is stable.
H e n c e B + D ~ C+D, c o n t r a d i c t i n g B =+C.
P r o p o s i t i o n 7 . 1 0 I f B ~ C c t h e n e i t h e r b o t h a r e s t a b l e o r n e i t h e r is.
P r o o f D i r e c t f r c m L e m m a 7.9 (B ~ ~ k C' n o t needed).
M o r e important, f o r p r o o f m e t h o d s , is t h e following:
P r o p o s i t i o n 7.11 I f B a n d C a r e stable, a n d B = C , t h e n B ~Cc.
P r o o f I t is e n o u g h t o s h o w t h a t B + D = k C + D f o r a r b i t r a r y D, b y
i n d u c t i o n o n k. W e d o t h e i n d u c t i v e step.
L e t B + D ~ E :
(i) If s=e t h e n e i t h e r E is B + D, a n d t h e n C + D e;-C + D , ~ k B + D
T,
b y induction, o r D ~ E , a n d t h e n C + D e ; ~ E a l s o (B ~ .... ;- E i m p o s s i b l e
b y stability).
s s
(ii) O t h e r w i s e e i t h e r D ~ E , a n d t h e n C + D ----~E also, o r B ~ E ,
w h e n c e C S ; - F = k E (because B ~ C ) , w h e n c e a l s o C + D S > F ~ k E .
T h u s w e h a v e f o u n d i n e a c h c a s e a n F s . t . C D ~ F ~ k E. T h e c o n v e r s e
a r g r ~ e n t is similar, so B + D ~ k + I C + D.
N o w f o r a n y g u a r d g ~ T , w e c a n d e d u c e f r m m B = C (for a n y B,C)
t h a t g . B = g . C (Theorem 7.3) , a n d h e n c e g . B z % . C s i n c e b o t h a r e stable.
i m p l i c a t i o n h o l d s in f a c t f o r a n y guard, b y t h e f o l l o w i n g
P r o p o s i t i o n (which is e s s e n t i a l in t h e p r o o f s o f C h a p t e r 8):
P r o p o s i t i o n 7.12 F o r a n y g u a r d g,
B ~ C i ~ p l i e s g . B ~ % . C .
t 06
P r o o f B y t h e a b o v e re,harks w e n e e d o n l y c o n s i d e r g = T. W e p r o v e
T . B + D ~ k T . C + D f o r arbitra/ny D, b y i n d u c t i o n a n k. I n d u c t i v e step:
L e t T~.B + D S ; E . T h e n
e
(i) I f s=e t h e n e i t h e r E is ~ . B + D, a n d t h e n T.C + D ~ T . C + D ~
b y induction, o r D ~ E , a n d t h e n T.C + D ~ E also, o r T . B T . ~ E ,
a n d t h e n B e > E , w h e n c e C ~ F ~ k E (since B ~ C ) , w h e n c e a l s o
c
T.C + D ; F ~ k E .
s
(ii) O t h e r w i s e e i t h e r D ............. ~ E , a n d t h e n C + D ~ E : also, o r B ~ E ,
~ e n c e C S ~ - F ~ k E (since B ~ C ) , w h e n c e a l s o T . C + D S > F = k E .
A s i n Prop. 7.11, t h i s c a ~ p l e t e s t h e proof.
B y n o w t h e s e i n d u c t i v e p r o o f s o f =k' a p p e a l i n g t o t h e i n d u c t i v e
h y p o t h e s i s o n l y w h e n e - e x p e r i m e n t s a r e ccnsidered, a r e befxmaing familiar;
w e s h a l l l e a v e t h e m as e x e r c i s e s in future.
7.4 L a w s o f O b s e r v a t i o n C o n ~
W e a r e g o i n g t o p r o v e t h r e e laws, f o r w h i c h w e h a v e s t r o n g e v i d e n c e
t h a t t h e y s a y a l l t h a t n e e d s t o b e s a i d a b o u t t h e s t r a n g e i n v i s i b l e
c
u n d e r ~ ; this s u g g e s t s t h a t t h e a p p a r e n t l y n e v e r - e n d i n g s t r e a n o f laws
is d r a w i n g t o a close' T h e e v i d e n c e is t h a t t h e s e n e w laws, t o g e t h e r
w i t h t h o s e o f T h e o r e m 5.3, h a v e b e e n s h o w n t o b e ccrmplete f o r C C S w i t h o u t
r e c u r s i o n a n d v a l u e - p a s s i n g . T h i s m e a n s t h a t a n y t r u e s t a t e m e n t B ~Cc
(in t h i s r e s t r i c t e d language) c a n b e p r o v e d f r c m t h e laws; i n f a c t t h e
laws o f T h e o r e m 5.3 a r e q u i t e a l o t s i m p l e r w i t h o u t v a l u e - p a s s i n g , a n d
t h o s e o f T h e o r e m 5.5 a r e u n n e c e s s a r y w i t h o u t recursion.
O n e w o u l d e x p e c t t o h a v e t o a d d s a n e i n d u c t i o n p r i n c i p l e i n t h e
p r e s e n c e o f recursicn; w h a t n e e d s t o b e a d d e d f o r v a l u e - p a s s i n g is
less o b v i o u s (but in s e v e r a l m o r e - o r - l e s s n a t u r a l e x a m p l e s , i n c l u d i n g
t h o s e i n C h a p t e r 8, w e h a v e n o t n e e d e d m o r e t h a n w e h a v e already).
T h e o r e m 7.13 ( T laws)
c
(i) g . T . B = g . B
c
(2) B + T . B ~ T . B
C
(3) g . ( B + T . C ) + g . C ~ g . ( B + z.C)
P r o o f (i) f o l l o w s d i r e c t l y f r c m Prop. 7.1 ( T . B ~ B) a n d P r o p 7.12.
F o r ( 2 ) , w e m u s t p r o v e f o r a r b i t r a r y D , k
B + T . B + D = k T . B + D
a n d t h i s f o l l o w s t h e p a t t e r n o f Props. 7.11, 7.12.
107
F o r (3) similarly, w e n e e d
g. (B + T . C ) + g . C + D ~ g . (B + T . C ) + D
w h i c h f o l l o w s t h e s a m e pattern, b u t n e e d s t h e e x t r a e a s y f a c t t h a t f o r
s
s ~ , i f g . C - > E t h e n a l s o g . ( B + T.C) ~ E .
~ e r c i s e 7.3 Ccr~plete t h e p r o o f s o f (2) a n d (3) e
A m o r e u s e f u l f o r m o f (2) is t h e following:
C o r o l l a r y 7.14 E + T . ( B + C) c T . ( B + C) .
P r o o f
E x e r c i s e 7.4 P r o v e this, b y f i r s t a p p l y i n g (2) t o ~. (B+C); y o u w i l l
n e e d a n o t h e r l a w o f +.
O n e m a y j u s t i f y t h e laws i n t u i t i v e l y b y t h i n k i n g o f a n y b e h a v i o u r
B as a c o l l e c t i o n o f a c t i o n c a p a b i l i t i e s (the b r a n c h e s o f its C2),
i n c l u d i n g p e r h a p s s a n e T - a c t i o n s (the T-branches) w h i c h a r e c a p a b l e o f
r e j e c t i n g t h e o t h e r capabilities.
L a w (i) m a y t h e n b e e x p l a i n e d b y s a y i n g that, u n d e r t h e g u a r d g,
t h e T - a c t i o n o f T . B r e j e c t s n_~o o t h e r c a p a b i l i t i e s a n d t h e r e f o r e h a s
n o effect. F o r L a w ( 2 ) , t h e c a p a b i l i t i e s r e p r e s e n t e d b y B a r e a g a i n
p r e s e n t a f t e r t h e T - a c t i o n o f T . B in t h e c o n t e x t B + T.B, S O T . B
i t s e l f h a s a l l t h e p o w e r o f B + T .B. F o r L a w ( 3 ) , a n o b s e r v a t i o n o f
t h e l e f t s i d e m a y r e j e c t B b y p a s s i n g t h e g u a r d g in g.C, b u t
t h i s r e j e c t i o n is a l r e a d y r e p r e s e n t e d in g. (B + ~.C). B u t s u c h w o r d y
j u s t i f i c a t i o n s b a d l y n e e d support; o b s e r v a t i o n e q u i v a l e n c e is w h a t
g i v e s t h e m s u p p o r t here.
L a w s (2) a n d (3) a r e a b s o r p t i o n laws; t h e y y i e l d m a n y o t h e r a b s o r p -
tions.
E x e r c i s e 7.5 Prove, d i r e c t l y f r o m t h e laws, t h a t
(i) ~ . ( B I + ~ . ( B 2 + ~.B3) ) + B3 c ~ . ( B 1 + x.(B 2 + T . B 3))
( i i ) ~ . ( B 1 + T.(B 2 + B 3)) + ~ c T . ( B ~ + T . ( B + B 3))
(iii) To(B 1 + e.(B 2 + T . B 3)) + ~ . B 3 ~ T . ( B I +2 .(B2 + T . B 3))
a n d e o n s i d e r h o w t h e y g e n e r a l i s e . O n t h e o t h e r hand, d i s p r o v e
6 . ( B + C ) + ~ . C c 6 . ( B + T.C)
b y f i n d i n g B , C w h i c h m a k e t h e m n o t ~.
7.5 P r o o f T e c h n i q u e s
I n c o n d u c t i n g proofs, w e m a y t a k e t h e l i b e r t y o f u s i n g "=" i n p l a c e
o f "~" o r ,, c,,, a d o p t i n g t h e f a m i l i a r t r a d i t i c n t h a t "=" m e a n s e q u a l i t y
108
in the intemded interpretation;
, for w h i c h care is needed because it is n o t a congruence.
convention, let us stmlnarise the ir~portant properties.
(i)
(ii)
(iii)
(iv)
(v)
(vi)
(vii)
Since w e
bother w i t h m in proofs?
often show that a behaviour
B = T.B*
this helps us to highlight our uses of
W i t h t~mls
The laws of ~ (Chapter 5);
B ~ T . B (Proposition 7.1) ;
B = C implies B ~ C (Corollary 7.6) ;
is p r e s e r v e d b y all operations except + (Theozem 7.3);
B ~ C implies B=C when both stable (Proposition 7.11) ;
B ~ C in,plies g.5:g.C (Proposition 7.12) ;
The x laws (Theorem 7.13).
mentioned that the T laws have a cx~npleteness property, w h y
The reason is to do w i t h stability. W e can
B of interest, not stable itself, satisfies
for scrse stable B*; so of course B ~ B * (but B ~ C B *, b y Proposition 7.10')
This expresses that B stabilises. Stable hehaviours are often easier to
handle, and the oonstrained substitutivity of z often allows us to conduct
our proofs mainly in tezms of stable behaviours. Chapter 8 should make this
point clear.
Many proofs can be done with our laws without using any induction
principle, though the laws are established using induction on ~k "
Xhere is, however, a pcwerful induction principle - C ~ u t a t i c n Induction
- due to Scott, which w e cannot use at present since it involves a
partial order over behaviours. W e believe that this principle can be
invoked for the finer notion of observation equivalence alluded to in
7.2, Remmrk(2); it remains to be seen h o w important its use will be.
7.6 Proof of Theorem 7.7
Theorem 7.7 ~ + is a congruence.
Proof First, w e show that B ~ + C
require (B + D) + E ~ (C + D) + E
But (B + D) + E ~ B + (D + E)
C + (D + E)
~ ( C + D ) + E .
Next w e require that B ~ + C
+
implies B + D ~ C + D;
for arbitrary E.
(Theorem 5.3)
( s i n c e B ~ C )
implies
I
g.B ~+g.C ,
B \ ~ ~ + C \ ~ ,
B [ S ] ~ + C [ S ] ;
that is, w e
t 09
e.g. w e want g.B + E ~ g . C + E for any E. In each case the proof follows
the pattern of proof in Propositions 7.11, 7.12 (these Propositions are
stated in terms of c , but the proofs are entirely in terms of z ).
+
The critical case is B + C implies BID z C I D . A s s ~ B + C and
prove BID + E ~ CID + E, for arbitrary E, b y induction on k.
Inductive Step: Let BID + E ~ E;
(i) If s ~e, then either E ~ E ' , and then CID + E ~ E ' also,
or BID s-~--E' and then CID S ~ > F ' ~ k E ' for scme F' (since
B ~ C ~ BID=ClD ~ ~ e o ~ m 7.3), w ~ c e CID + E ~ F ' ~ k E ' also.
(ii) If S = e , then either E' is BID + E itself, and then
T !
c L D + E ~ ; c I D + E , % B t D + E b y i n d u ~ ~ , o r E ~ E , ~ d
then CID + E > E' also, o_rr BID ~ - ~ B' ID' ~s> E'. These are n o w
the three cases:
(a) B' is B, and D - ~ D ' ; then CID T > C I D ' and B I D ' ~ C I D '
b y Theorem 7.3 so CID' ~ F' ~ k E ' for sane F', whence
CID + E ~ : - F ' ~ k E ' as required.
(b) D' is D and B T-~-~B'; then b y lemma 7.9 C ~ C ' =
k + l B '
for same C' ( t h i s is the only use of B + C - elsewhere
B = C is all that is needed), and w e also have B ' I D ~ k + I C ' I D
frcm Theorem 7.3, so since B'ID S > E ' , C'ID c - ~ F ' = k E ' for
sane F'. So finally CID + E ~ : . C ' I D ~ F ' = k E ' .
(c) B I V > B ' and D - ! V > D ' ; then C IV;-c"~k+iB' for scme C',
9~qence CID ..T ;, C' ID' ~ k + i B ' ID' b y Theorem 7.3, whence
C'ID' ~" F' ~ F' ~ " ~ k E' for some F', whence also CID + E .> ~ E ' .
Thus we have found F' in every case so that CID + E S ~ - F ' ~ k E ' ; by
symmetry, w e have BID + E ~ k + I C I D + E which ccrnpletes the induction.
7.7 Further exercises
We end this Chapter with some harder exercises, for readers interested
in the theoretical development.
Exercise 7.6 ( H e n n e s s y ) . Prove the following result, which further
clarifies the relation between ~ and c :
B ~ C iff ( B c C or B C T . c or T.B C c )
I 10
E x e r c i s e 7.7 W e w o u l d like t o k n o w t h a t if b ~ ~ . b a n d B C ~ . B
t h e n b ~CB; t h i s states that, u p t o c, t h e r e c u r s i v e d e f i n i t i o n
b < s . b h a s a u n i q u e solution. T h e a r g u m e n t i n 3.4, p r o v i n g t/le
s c h e d u l e r correct, u s e d a m i l d g e n e r a l i s a t i o n o f this result. T h e
f o l l o w i n g e x e r c i s e s l e a d t o a m o r e g e n e r a l t h e o r e m (for simplicity,
w o r k w i t h o u t v a l u e passing).
(i) Prove: i f B = e . B a n d C ~ e . C t h e n B ~ C .
( i i ) Deduce: i f B ~ C ~ . B a n d C ~ C ~ . c t h e n B ~Cc.
M o r e generally, l e t C E ] b e o f f o r m
D I + UI.(D2 + ~2.( ..... (D m + pm.[3)...))
f o r m - > I , w h e r e a t l e a s t o n e P i is n o t T.
(iii) Prove: i f B ~ C [ B ] a n d C ~ C [ C ] t h e n B ~ C .
( i v ) Deduce: i f B ~CCEB] a n d C c C [ C ] t h e n B ~Cc.
(v) Deduce: i f b ~ C [ b ] a n d B c C [ B ] t h e n b ~CB.
~ c i s e 7.8 C c n s i d e r a d i f f e r e n t d e f i n i t i o n o f o b s e r v a t i c n equivalence.
First, d e f i n e a d e c r e a s i n g s e q u e n o e o f p r e - o r d e r s ~0,~<i,...,~k , .. :
B ~0 C is always t r u e ;
B < k + l C iff, f o r a l l s ,
if B - ~ > B ' t h e n f o r s o m e C', C ~ > C ' a n d B' ~ k C' .
T h u s w e t a k e o n l y t h e f i r s t c l a u s e o f t h e d e f i n i t i o n o f ~k+i" %~%en;
B < C i f f V k . B < k C ; B z C i f f B ~< C a n d C ~ B .
W e m a y t a k e m a s a c a n d i d a t e f o r o b s e r v a t i o n e q u i v a l e n c e .
(i) P r o v e t h a t < k , ~ a r e p r e o r d e r s , t h a t z is a n e q u i v a l e n c e , a n d
t h a t B ~ C i m p l i e s B ~ C .
(ii) P r o v e t h a t m is a congruence; i n p a r t i c u l a r , t h a t B z C i m D l i e s
~ D . B + D Z C + D (first s h o w t h a t e a c h ~ h a s t h i s p r o p e r t y ) . T h u s
- a n d ~ differ, s i n c e t h e l a t t e r is n o t a congruence.
(iii) F i n d a s i m p l e e x a n p l e i n w h i c h B = C b u t B ~ C . A l s o s h o w (by
a s i m i l a r exanple) t h a t - d o e s n o t r e s p e c t d e a d l o c k p r q p e r t i e s i n
t h e s e n s e o f E x e r c i s e 3.6.
T h i s is w h y w e r e j e c t e d = as o u r n o t i o n o f o b s e r v a t i o n e q u i v a l e n c e , i n
s p i t e o f i t s sc~s~what s i m p l e r theory
C H A P T E R 8
S a m e p r o o f s a b o u t d a t a s t r u c t u r e s
8 . 1 I n t r o d u c t i o n
W e h a v e a l r e a d y s h o w n s c ~ e n o t q u i t e t r i v i a l a l g o r i t h m s a n d s y s t e m s
e x p r e s s e d i n CCS. T h e p o i n t o f t h i s c h a p t e r is twofold. F i r s t w e w a n t
t o s h o w t h a t f a m i l i a r d a t a s t r u c t u r e s , as w e l l as a l g o r i t h m s , f i n d n a t u r a l
e x p r e s s i o n i n CCS; second, w e w a n t t o i l l u s t r a t e h o w t h e p r o p e r t i e s o f
o b s e r v a t i o n e q u i v a l e n c e a n d c o n g r u e n c e a l l o w u s t o p r o v e t h a t s y s t e m s w o r k
properly. T h e d a t a s t r u c t u r e s h e r e g i v e g o o d p r o o f examples. T o w h a t
e x t e n t t h e y c o r r e s p o n d t o h a r d w a r e r e a l i s a t i o n s m u s t b e l e f t open, b u t i t
d o e s n o t a p p e a r u n r e a s o n a b l e t h a t a t l e a s t s o m e h a r d w a r e s t r u c t u r e s c a n b e
f a i t h f u l l y r e p r e s e n t e d i n OCS.
8 . 2 R e g i s t e r s a n d m e m o r i e s
T h e s i m p l e s t s h a r e d resource, w h i c h m a y b e t h e r ~ a n s o f i n t e r a c t i o n
b e t w e e n o t h e r w i s e i n d e p e n d e n t agents, is p r o b a b l y a s i n g l e m e m o r y register.
M a n y c o n c u r r e n t a l g o r i t h m s h a v e b e e n r e p r e s e n t e d i n l a n g u a g e s w h i c h p e r m i t
a g e n t s t o i n t e r a c t o n l y t h r o u g h 'shared v a r i a b l e s ' (usually 'writeable' as
w e l l as 'readable'). W e a r g u e d ~ ] 4.5 t h a t a l g o r i t h m s a r e n o t a l w a y s b e s t
e x p r e s s e d t h i s w a y - m a n y p e o p l e h a v e r e c e n t l y m a d e t h i s point.
B u t i f w e d o w a n t a register, r e a d a b l e a n d w r i t e a b l e b y o n e o r m o r e
agents, i t s b e h a v i o u r m a y b e w e l l r e p r e s e n t e d b y
R E G ( v ) ~ ~ x . R E S ( x ) + ~ v . R E G ( v )
T w o k i n d s o f a t G m i c e x p e r i m e n t a r e p o s s i b l e :
REG(v) ~ BEG(u) (write u)
REG(v) Y v > REG(v) (read v)
W e m a y a l s o f i n d i t u s e f u l to d e f i n e
L O C ~ ~x.REG(x)
REG(v) :{e,{) d e f i n e d by:
_ ( w r i t e )
(read)
- a r e g i s t e r w i t h o u t i n i t i a l eontentg w h i c h a t f i r s t a d m i t s o n l y w r i t i n g .
I f w e d e f i n e r e l a b e l l i n g s S i = e i Y i / a y (l<i_<n) w h e r e t h e e i , T i
a r e a l l d i s t i n c t names, t h e n w e c a n d e f i n e a m e m o r y o f s o r t
{al,yi, ...,~n,Tn } b y
M H ~ O R Y n = L O C [ S I ] I . - - I L O C [ S n]
112
or, u s i n g ~ t o r e p r e s e n t m u l t i p l e cc~position:
L O C [ S ] ~I ~2 ... ~ n
M ~ 4 O R Y n = l_<i<n i O O
- @ -
YI Y2 Y n
N o t e t h a t t h i s u s e o f c c ~ p o s i t i o n j u s t p l a o e s t h e r e g i s t e r s s i d e b y side;
t h e y d o n ' t c u m ~ n i c a t e w i t h e a c h other:
L e t u s n o w suppose, m o r e r e a l i s t i c a l l y , t h a t w e w a n t t o b u i l d a m e m o r y
o f s i z e 2 k w i t h j u s t t h r e e ports:
(i) A t ~ , i t r e c e i v e s i n s e q u e n c e t h e k b i t s ~ - 1 ' " ' " a 0 o f a
m e , o r / a d d r e s s m , 0<_m<2 k ;
(ii) A t ~ i t r e c e i v e s a v a l u e t o b e w r i t t e n a t a d d r e s s m ;
(iii) A t { i t d e l i v e r s t h e v a l u e s t o r e d a t a d d r e s s m .
L e t u s c a l l t h e m e m o r y , s t o r i n g v a l u e s v = (v 0 . . . . ,V2k_ 1) , ~ ( v ) :{~,8,y}.
W e s h a l l a d o p t a o o n v e n t i o n w h i c h is i n f a c t a r e a l i t y f o r m a g n e t i c c o r e
m e m o r i e s ; d e s t r u c t i v e reading. T o w r i t e a n e w v a l u e u i n t o a d d r e s s m
i n ~ (v) , t h e e n v i r o r m ~ n t w i l l p e r f o n ~
. . . . . . . . .
a n d i g n o r e t h e v a l u e r e c e i v e d a t y (which is b o u n d t o x ); t h i s v a l u e
w i l l a c t u a l l y b e v m. T h u s t o r e a d t h e raemory a t m , t h e e n v i r ~ t f i r s t
w r i t e s a n a r b i t r a r y v a l u e (say 0) t o m , r e c e i v e s a n d h o l d s v m , a n d
w r i t e s v m b a c k a t m ; i t p e r f o z m s
w h e r e B (the c o n t i n u i n g enviror~nent behaviour) w i l l u s e x samehow, b u t
i g n o r e y .
I n s ~ m a r y then, w e c a n e x p r e s s h o w w e w a n t
t h a t f o r a n y e n v i r o ~ t e x p r e s s i o n B o f f o z m
~ - 1 . . . . . ~ 0 .Su.yx. B'
t h e f o l l o w i n g o b s e r v a t i o n e q u i v a l e n c e m u s t hold:
M k to b e h a ~ by saying
(i)
( ~ ( ~ ) I B )\~\8\Y ~ ( ~ ( ~ ( u / m ) ) I B ' ( V m / X } )\~\8\Y (2) I
w h e r e v(u/m) m e a n s ( v 0 , . . , V m _ l , U , V m + 1 . . . . V2k_l)
T h i s r e q u i r e m e n t is a n e x a m p l e o f i n c c ~ p l e t e specification; w e d o
n o t s p e c i f y w h a t h a p p e n s if B s u p p l i e s t o o f e w o r t o o m a n y a d d r e s s bits,
o r acts s t r a n g e l y i n s a n e o t h e r way. I t is a n a t u r a l inocmloleteness ,
113
b e c a u s e w e m i g h t n a t u r a l l y c c ~ p o s e ~ w i t h a ' f r o n t e n d ' a g e n t w h o s e j o b
i s t o r e c e i v e i n t e g e r a d d r e s s e s , d e c o d e t h e m i n t o b i t - s e q u e n c e s o f l e n g t h
k ( c o m p l a i n i n g i f t h e i n t e g e r r e e e i v e d i s o u t s i d e t h e r a n g e [ 0 , 2 k - 1 ] )
a n d c o n d u c t t h e c o r r e c t r e ~ d ~ n g a n d w r i t i n g s e q u e n c e s w i t h ~ . A l s o ,
t h e i n c c m p l e t e s p e c i f i c a t i o n a c t u a l l y m a k e s t h e d e s i g n o f ~ e a s y , a s w e
s h a l l s e e .
A s p e c i f i c a t i o n w h i c h w o u l d b e t o o i n c G m p l e t e w o u l d b e t o d e m a n d m e r e l y
t h a t
M k (~7) ~mk-1 . . . . . e/n0"~u'~Vm ~> ~ (v(u/m)) ;
c e r t a i n l y ~ ( ~ 7 ) m ~ t h a v e t h i s d e r i v a t i o n f o r e v e r y m = ink_ 1 ..... m 0
a n d e v e r y u , b u t t h i s w o u l d n o t e x c l u d e u n w a n t e d d e r i v a t i o n s l i k e
- deacllock:
N c ~ l e t u s a b b r e v i a t e { ~ , ~ , ~ } b y L , a n d d e f i n e a r b i t r a r y s o r t s
L 0 = { e 0 , 8 0 , ~ 0 } , L I = { ~ l , B l , ~ l } , a s k i n g o n l y t h a t a l l t h e s e n a r e s
~' " " Y 1 a r e d i s t i n c t a n d t h a t ~ 0 , 6 0 , Y 0 , e l , BI, Y 1 d o n ' t a p p e a r i n ~ ,
t h e s o r t o f B . W e w i l l a l s o a b b r e v i a t e \ ~ \ 8 \ 7 b y \ L , \ a 0 \ 8 0 \ 7 0
b y \ L 0 , e t c . , a n d s e t S i = ~ i 8 i ~ i / ~ 8 7 , i = 0, i .
F i r s t w e c a n s e e t h a t t h e s p e c i f i c a t i c n (2) i s e q u i v a l e n t t o d e m a n d i n g
( ~ ( v ) [~0 ] I B 0) k L 0 Z ( M ~ ( v ( u / m ) ) S S 0] [ B ~ { V m / X } ) L L 0 (3)
f o r a n y B e o f f o z m ~ k - i . . . . . ~ 0 . 8 0 u . Y ~ . B 0 ; t o d e d u c e (2) f r Q m
(3) w e n o t e t h a t
( M k ( J ) I B ) ~ = ( ~ ( J ) [ B ) [ S 0 A L 0 R e i ~ ( i ) , ( 2 ) , ( 4 ) )
= ( ~ ( v ) [S O ] ! B [ S 0 ] ) \ L 0 ( R e l ~ ( 5 ) )
= ( M k ( ~ ) [s 0 ] I B 0 ) ~ 0 ( ~ ! ; - = ( 3 ) )
' = B ' [ S O ] ;
w i t h B 0
t h e o t h e r s i d e o f (2) transforr~s s i m i l a r l y , a n d (3) c a n b e u s e d t o g e t ( 2 ) .
C o n v e r s e l y t o d e d u c e (3) f r c m (2) w e w o r k w i t h R 0 = ~ S y / ~ 0 B O Y 0 , t h e
i n v e r s e r e l a b e l l i n g t o S O , a n d u s e P e l ~ ( 1 ) , (3) k n o w i n g t h a t R 0 o S 0 = I ,
t h e i d e n t i t y r e l a b e l l i n g . S u c h m a n i p u l a t i o n s s h o u l d b e c a m e r o u t i n e '
W e n o w c o m e t o t h e d e s i g n o f ~ . M 0 ( v ) , t h e r m m ~ r y o f s i z e 1 c o n -
t a i n i n g v , i s g i v e n b y
I S 0 ( v ) = CEr;.(v) , w h e r e C E L L ( x ) ~== ~ . ~ . Ck~.L(y) (4)
114
(The a port is not used.)
We build M]~+I (v:w) (~,w each of length 2k; v:w is their concaten-
ation) out of ~ ( v ) and ~ ( w ) by composing t h e m w i t h NODE: Lo[.0uL1 ,
whose job is to inspect the first address bit z which it receives and -
r o u g h l y - transmit the rest of the communication to ~ (v) or ~ (w)
according as z = 0 or 1 . Precisely:
i . . . . . . . . . . . . . . . . . .
kDDE <= a z . Nf I ) E z
Noo i<= z. iz. NooE i +
( i = 0 , i )
(5)
a n d
,,, ,,, .....
~ + I ( ~ : W ) = ( ~ ( v ) [ S 0] I ~ ( w ) [ S 1] I NODE )\L0\L 1
. .
Notice that NODE i does not know how many bits to receive;
ready for an address bit o r a value, and act accordingly.
it must be
J
The diagram cn the next page shows M 3 (v) , with arrc~s indicating
the initial capabilities of the cu~onents. By swinging arrows about on
it, you can convince yourself that it works - and that 'wrong' sequences
deadlock; e.g. M 3(v) ~0.~l.~u > NIL .
(The idea to use as an example a memory built of nodes which 'use
the first bit to direct traffic' came frcm a talk with Nigel Derrett,
who told m e that this method is used in practice.)
Having now defined ~ rather succinctly by (4) - (6), and specified
its intended behaviour by (i) and (2), we proceed to prove that it meets
its specification.
115
J J ~.
/ / \
k k
. / /
i / I \
/ / / 1 ~ \ \ \ \ [ / I l/ \\\\~k
DDE
I
Diagram of M3(v) ,
showin~ initial action ~ i l i t i e s .
116
T h e o r e m 8 . 1 F o r a n y B o f f o z m ~ _ 1 . . . . . ~ m 0 . s u . y x . B' ,
( ~ ( v ) I B ) v , ~ ( ~ ( ~ ( u ~ ) ) I B ' { V m / X } ) \ L .
P r o o f F o r k = O w e h a v e , s i n c e v = (v O) ,
( M 0 ( ~ ) I B ) \ L = ( 8 y . y v 0. C E L L ( y ) I [ u . y x . B' ) \ L
= T . T - ( C E L L ( u ) I B ' { V 0 / X } ) \ L (Expansion)
= ( M 0 ( ~ ( u / 0 ) ) I B ' { v 0 / x } ) \ L ( P r o p o s i t i o n 7.1)
a s r e q u i r e d . N o w asstlne t h e t h e o r ~ n f o r k . T a k e B o f f o ~ n
~ ' ~ - 1 . . . . . ~ 0 . ~ u . y x . B'
a n d c o n s i d e r ~ ( ~ : w ) , w h e r e v , w a r e o f l e n g t h 2 k . W e w a n t
~ + 1 (~:~) I B ) \ L = ~ + l ( ~ : w ) ( u ~ m ) ) I B ' { ~ : w ) n k J x } ) \ L
w h e r e m = ink_ 1, . . . , m 0 B y s y m m e t r y i t w i l l b e e n o u g h t o p r o v e t h i s
f o r t h e c a s e ~ = 0 , w h i c h i s t o s a y w e w a n t
( ~ + i (~:~) I B ) \ L = ( ~ + l v ( u / m ) :w) I B ' { v J x } ) \ L
T h e l e f t - h a n d s i d e is, b y (6),
( ( ~ ( ~ ) [ S O ] [ ~ ( w ) [ S I] I N O D E ) \ L 0 \ L 1 ] B ) \ L
L 0 L I L ~ L o O L I
( w r i t i n g s o r t s b e l o w )
= ( ~ ( w ) [ S I] I ( ~ ( v ) [ S O ] I (NODE I B) \ L ) \ L 0 ) \ L 1 (7)
w h e r e w e h a v e r e g r o u p e d b y r e p e a t e d u s e o f R e s ~ a n d b y C c m ~ ( 1 ) ,
~ i n g t h a t L 0 ~ -- L I ~ = ~
N o w r e c a l l i n g ~ = 0 , b y t h e E x p a n s i o n ~ e o r e m
( ~ , I m v , = ~. ( ~ 0 I ~ _ ~ - . . . . _ ~ 0 . ~ u . ~ x . B , ) v , ,
~ 0 m k _ l . . . . . ~ 0 m 0 . 6 0 u . 7 0 x . (NODEIB') \ L
b y P r o p o s i t i o n 7 . 1 a n d T h e o r e ~ 7 . 3 . B u t t h i s i s a B 0 o f t h e f o r m
n e e d e d f o r ( 3 ) , w h i c h w e s h o w e d e q u i v a l e n t t o t h e t h e o r e m a t k (whirl%
w e ' r e a s s ~ n i n g ) ; s o r e c a l l i n g T h e o r ~ n 7 . 3 - t h a t ~ c a n b e s u b s t i t u t e d
e x c e p t u n d e r + - w e c a n r e w r i t e (7) a s
-~ ( M k ( W ) [ S 1] I (Mk(C#(u/m) ) I S 0 ] ] B ~ { V J X } ) \ L 0 ) \ L 1
w h e r e B 0 ( N O O E I B ' ) \ L , s o B ~ { V m / X } = ( N O D E I B ' { V m / X } ) \ L s i n c e x i s
n o t a f r e e v a r i a b l e i n N O D E . N o w w e c a n r e g r o u p , j u s t r e v e r s i n g t h e
o p e r a t i o n s b y w h i c h w e g o t t h e f o n a ( 7 ) , t o g e t
= ( ( ~ ( v ( u / m ) ) [ S 0] I ~ ( W ) [ S 1] ] N O D E ) \ L o k L 1 I B ' { V J X } ) \ L
= ( ~ + l ( ~ ( u / m ) : ~ ) ] B ' { V m / X } ) \ L a s r e q u i r e d .
117
E x e r c i s e 8.1 S u p p o s e y o u h a v e a v a i l a b l e a decoder, w h i c h a c c e p t s a n
i n t e g e r (assLm~d t o b e i n t h e r a n g e E 0 , ~ - 1 3 f o r s o m e f i x e d k) a n d
d e c o d e s i t i n t o i t s b i t sequence. ~ q a t is:
D E C O D E < = ~ m . ~ _ I . . . . . ~m0. ~. D E C O D E :{~,~,~} o
~ e i n t e g e r c o m e s i n a t ~ , t h e b i t s g o o u t a t e, a n d ~ s i g n a l s
~ l e t i o n .
D e s i g n a n o t h e r agent, c a l l e d F R O N T E N D , s o t h a t w h e n y o u o c ~ p o s e
D E C C D E , ~ a n d M~(v) w i t h a p p r o p r i a t e r e l a b e l l i n g s a n d
r e s t r i c t i o n s y o u g e t a s y s t e m ~ ( v ) : {~,8,~} s a t i s f y i n g
+
(TO w r i t e v a l u e u a t a d d r e s s m , t h e u s e r p e r f o z m s ~ m . 6 u . . . . ; t o
r e a d t h e m e m o r y a t m a n d b i n d t h e r e c e i v e d v a l u e t o y h e p e r f o r m s
~ m . y y . . . . . ) P r o v e t h e d e s i r e d e q u i v a l e n c e .
Hint: F R O N T E N D a n d D ~ C O D E m u s t c o o p e r a t e t o p r o d u c e e x p r e s s i o n s
o f t h e f o r m B , s o t h a t y o u c a n u s e ~ h e o r e m 8 . 1 a b o u t ~ ( v ) .
E x e r c i s e 8.2 C a n y o u t h i n k o f a w a y t o r e d e s i g n ~ ( ~ ) s o t h a t t h e
o u t g o i n g v a l u e d o e s n ' t h a v e t o t r a v e l u p t h e b i n a r y t r e e ?
8.3 C h a i n i n g o p e r a t i o n s
S u p p o s e w e h a v e a g e n t s B I a n d B 2
a n d w i s h t o j o i n thegn like this:
@ ........ @
I t is n a t u r a l t o d e f i n e a b i n a r y o p e r a t i c n
D e f i n i t i o n L e t B I : L I , B 2 : L 2 a n d ~ ;
B ~ B 2 = ( B I [ ~ / ~ ] I B 2 [ ~ / ~ ] )\6
N o t e t h a t t h e d e f i n i t i o n is s p e c i f i c t o
w r i t e B 1 ~ ' ~ B 2 .
"~ f o r t h i s p u r p o s e .
t h e n
w h e r e 6 ~ n a m e s ( L l ~ 2 )
a n d ~ ; p e r h a p s w e s h o u l d
118
W e n e e d t o j u s t i f y o u r d e f i n i t i o n b y s h o w i n g t h a t t h e c h o i c e o f
d o e s n ' t a f f e c t it. T o s e e this, s u p p o s e t h a t d' / n a m e s ( L l u L 2) , ~'~6 o
T h e n
(BI[ ~'/6] IB2[ ~'/e]) ~ '
= (BI[~'/8]IB2[$'/~])\~'[6/6'] b y Rel~(1),(2)
= (BI[6'/6][6/~']IB216'/~][6/~'])\6 b y Rel~(4),(5)
= (BliP/S] IB216/~]) \~ b y Rel~(3) .
N o t e t h a t B " ~ B m a y f o ~ n o t h e r links, d e p e n d i n g o n L 1 a n d L 2 ;
1 2
t h i s d o e s n ' t a f f e c t o u r ~ t , b u t w e a r e m a i n l y i n t e r e s t e d i n t h e
c a s e L I ~ 2 = @ .
T h e i n p o r t a n c e o f "~ i s t h a t i t i s associative; t h i s p r o p e r t y i s
h e l p f u l w h e n w e n e e d t o c h a i n s e v e r a l a g e n t s together. L e t u s p r o v e
associativity. S u p p o s e B I : L 1 , B 2 : L 2 , B 3 : L 3 .
T h e n
(B F " B = B2) 3 ( (BI[~/8]IB2[~/~])\~[~/8] I B 3 [ ~ / ~ ] )\~
c h o o s i n g 6, ~ ~ n a m e s ( L l U L 2 u L 3) a n d ~ ;
= ( (BI[~/8]IB2[~/~])[~/B]\~ IS3[~/~]\~ ) \ ~
b y Rel~(4) a n d Res~(1) (we a r e p u s h i n g r e l a b e l l i n g s inwards, p u l l i n g
restrictions outwards) ;
= ( B 1 1 6 / 6 ] [ ~ B ] ~ 2 1 6 / e ] [ ~ B ] I B 3 [ ~ ] ) \6\~
b y Rel~(5) a n d Res~(3) (check i t s s i d e condition') ;
= (BI[6/83 I B 2 1 6 V ~ S 3 IB3[V~]) \~\~
b y ~ i ~ ( 3 ) a n d Res~(2) ;
= B I ( B B b y
E x a c t l y t h e s a n e c a n b e d o n e f o r d o u b l e chaining; g i v e n t w o a g e n t s
-
w e W a n t t o j o i n t h e m t o g e t h e r t o g i v e
119
Definition Let BI:L 1 , B2:L 2 and let e,B,y,~ be distinct. Then
B l a B 2 = (B1[~/8,0/~] IB2[~/~,0/Y])\0\~
w h e r e n,0 i na~eS(LlUL 2) and ~ 8 .
It is easy b u t tedious to check the associativity of ~ . W e shall
use this operation in the n e x t section.
Both " a n d ~. give us special cases of theorem 5.8, the Expan-
sion ~heorem; w e just state it for ~ , in the siaple case where
B 1, .... B n : {e,~} , ioe. n o labels are present except the chaining
labels o
Expansion ~heorem for "~
of guards, then
X { x . ( B I B 2
+ [ { B v . ( B I B 2 - . . B n )
If BI,O..,B n : {~,~} , and each is a sL~n
; ~ o B ~ a stm~nand of B1}
; 8-~.B n a s~mmand of Bn}
+ [{ T. (Bi'~. ~" ' ~ ' ~ ~ " ~ . . . " ~ B n ) . B i Bi+l{V/X}
13-~.B 1 a s ~ o f B i , c~x.B~_+l a ~ d o f Bi +l }
A l l that this says is that the only external actions occur at the ends of
the chain, and the only internal acticns occur b e ~ neighbours. W e
will use the correspcnding theorem for ~,'~ ; it's obvious enough, so we
do n o t w r i t e it down.
8o4 Pushdc~ns and queues
Let V be a value set;
W h a t should b e the behaviour
w h i c h values are pushed in at
suggestion is
PD(s) < = ex. PD(x:s)
if s=e then
w e use s to range over V* o
PD(s) : {s,y} of a pushdown store in
and popped out at y ? A reasonable
+ ( i )
y$o PD(e) else y(first s)oPD(rest s)
Here ':' is the prefixing operation over V* , and '$' indicates
es~otiness; w e test the pushdcwn for e~ptiness b y popping and testing
the v a l u e popped
120
T n u s w e w a n t t O b u i l d PD(s) t o s a t i s f y
PD(e) = ~x. PD(x:E) + ~$. PD(e)
PD(v:s) = ex. PD(x:v:s) + ~v. PD(S) (2)
W h a t w e s h a l l a c t u a l l y b u i l d is PUSH(s) : {~,~} t o s a t i s f y
PUSH(e) = ~x. PUSH(x:e) + ~$. N I L
PUSH(v:s) = ~x. PUSH(x:v:s) + ~ . PUSH(s) (3)
the o n l y d i f f e r e n c e b e i n g t h a t PUSH(e) , w h e n popped, d e g e n e r a t e s
t o N I L . ~]%is is e a s i e r t o build, a n d it's a l s o e a s y t o b u i l d a
s p e c i a l f r o n t end, F R O N T , s o t h a t (2) is s a t i s f i e d b y
PD(s) = F R O N T ~ P U S H ( s ) .
W e b u i l d P U S H as a c h a i n o f cells, e a c h o f w h i c h c a n h o l d O, 1
o r 2 values, t e z m i n a t e d b y a n e n d c e l l h o l d i n g $ .
y is
_ Y
CELT,I(y ) <~--- ~4. CEI,T,2(x,y) + ~ . ~, L 0 (4)
T h e n t h e r e s t o f t h e d e f i n i t i o n is
~T__z2(x,y) : { % ~ , ~ , ~ }
C~,T,2(x,y) < = ~ . C~,LI(X)
~ 0 : { ~ , S , ~ , 6 }
C ~ T <---~ ax. (i ! x = $ t h e n
~ ; , $ ~ - - - ~ . ( C ~ T , I ( x ) - - ~ , $ ) + ~ $ . ~ L
C E L L S e l s e
A c e l l h o l d i n g
~ , T , (x))
1
(5)
(6)
(7)
W e s h o w t h e s u c c e s s i v e c o n f i g u r a t i o n s o f a t y p i c a l d e r i v a t i o n ,
s t a r t i n g f r o m CELT, S , i n t h e d i a g r a m b e l o w .
121
I~6
~ 5
I T
(push 6)
(push 5)
( p o p 5 )
(push 2)
( 8 )
~ h e d e r i v a t i o n C E L L S
m 6 . ~ 5 . ~ 5 . ~ 2 > C E L L 2 (2,6)~CRT,T.$
N o w f o r a n y s = (vl,...~v n) l e t u s d e f i n e
( v ) ~ C E L L . . (9)
PUSH(S) = C R L L i ( V l ) ~ ..o ~ C E L L I n
C l e a r l y PUSH(s) is stable; t h e f o u r t h e o n f i g u r a t i o n i n t h e d i a g r a m
s h o w s y o u t h a t n o r - a c t i o n s a r e p o s s i b l e . I t is a l s o r e a s o n a b l y
c l e a r t h a t e v e r y c o n f i g u r a t i o n w i l l s t a b i l i s e , g i v e n time, b u t t h a t
e x t e r n a l o ~ t , ~ m i c a t i o n c a n o c c u r b e f o r e s t a b i l i t y is reached.
1 2 2
L e t u s s e e w h a t w e n e e d t o p r o v e ( 3 ) , w h i c h is o u r aim. F r o m
(9), b y t h e E x p a n s i o n T h e o r e m , w e g e t
PUSH(~) = C~!,T,$ = ~X. (CELL 1 ( X ) ~ , T , $ ) + ~ $ . N I L
= ~x. PUSH(X:e) + y$. N I L
s o t h e f i r s t p a r t o f (3) is done. (Recall t h a t w e a l l o w o u r s e l v e s
t o w r i t e '=' w h e n e v e r w e u s e a congruenoe, '~' o r ,~c,~ , a n d
t h a t '=' a l w a y s i n p l i e s '~' o) W e a l s o g e t
PUSH(v:s) = ~ . T , 1 (V) ~APUSH(s)
= ~ X o ( C E ~ 2 ( x , v ) ~ P U ~ ( s ) ) + ~ v . ( C ~ 0 ~ P u ~ ( s ) )
W e t h e r e f o r e p r o p o s e t o p r o v e
C E L L 2 ( u , v ) ~ P U S H ( s ) ~ PUSH(u:v:s) (iO)
C E L L 0 ~ P U S H ( s ) m PUSH(s) . (ii)
T h e s e c a n n o t b e c o n g r u e n c e s ( = c ) s i n c e t h e l e f t - h a n d s i d e is u n -
s t a b l e i n e a c h case. B u t '=' is s t r e n g t h e n e d t o '=' b y a g u a r d
( P r o p o s i ~ o n 7.12), s o f o r e x a m p l e f r c m (ii) w e d e d u c e
~ v . ( C ~ L 0 ~ P ~ H ( s ) ) = ~ v . P U S H ( s ) ;
a p p l y i n g t h e s a m e t e c h n i q u e t o (iO) w e f i n a l l y r e a c h (3). W e h a v e
a c h i e v e d e q u a l i t y (=) b e f o r e s u b s t i t u t i n g u n d e r '+' .
T o p r o v e (iO) a n d (ii) w e o n l y n e e d f o u r l i t t l e lemmas,
g r o u p e d together:
L e m ~ 8 . 2
(i) C E L L 2 ( u , v ) ~ C ~ T I ( w ) Z C E L L I ( u ) C C ~ T h ( v , w )
(2) C E L L 2 ( u , v ) O C E L L $ ~ c ~ r % ( u ) D ~ T ' I ( V ) C C ~ T ' $
(3) C E L L o " ~ - - C k T I , T , I ( W ) ~ C E ' T ' I L I ( w ) ~ C E T ' T ' 0
(4) CELL0~CRT.T. $ ~ C E L L S
P r o o f A l l b y t h e E x p a n s i o n Theorem; w e n e e d o n l y c o n s i d e r t h e
f i r s t in detail.
-- I
123
W e h a v e
C ~ T 2 (u,v) C c ~ r I (w) = ~. (C~.T u (u) C ~ r 2 (v,w))
= C E L L I ( u ) ~ C E L L 2 ( v , w ) b y T h e o r e m 7.1 .
F o r t h e last, w e n e e d t h e f a c t t h a t C E T I . $ ~ N I L = C ~ , I $ .
I] mxe~cise 8 3 Pl~(~ this s i ~ l ~ f~ct +
N o w (iO) a n d ( i i ) follow:
L e m m a 8 . 3
E x e r c i s e 8.4 A n a l o g o u s t o ( 3 ) , w e m a y s p e c i f y a q ~ e u e b y
Q U E O E ( ~ ) = ~ . g ~ J E ( x : ~ - ) + ~ $ . N I L
QUEUE(v:s) = ~x. QL~TJE(v:s:x) + ~ . QU]K/E(s) .
(Note t h a t ':' is b e i n g u s e d t o p o s t f i x e l E s ~ n t s t o sequences, as w e l l
as f o r prefixing.) M a k e a v e r y s m a l l c h a n g e t o t h e b e h a v i o u r o f
CELL2(x,y) ( 5 ) , a n d a d j u s t t h e iesrmas t o s h o w t h a t
g . ~ E ( s ) = c m r , r , l ( v ~) C . . ~ C ~ r , r . ~ ( v ) ~ C E L L
n
(for s = v l , . . . , v n)
s a t i s f i e s t h e a b o v e e q u a t i o n s .
E x e r c i s e 8.5 D e s i g n F R O N T : {~,~,~,~} s o t h a t
F R O N T ~ P U S H (s)
s a t i s f i e s t h e e q u a t i o n s (2) f o r PD(s) .
T (i) ~, , 2 ( U , v ) ~ P U S H ( s ) ~ PUSH(U:V:S)
(2) ~ . T . 0 ~ P U S H ( s ) ~ PUSH(S) .
P r o o f L e t s = w l , . . . , w n ; t o g e t ( i ) , u s e t h e d e f i n i t i c n o f PUSH,
a n d a p p l y L e m m a 8.2(1) r e p e a t e d l y , t h e n I~t~+~ 8.2(2). T o g e t ( 2 ) , u s e
8.2(3), (4) s i m i l a r l y . N o t e t h a t ~ is p r e s e r v e d b y ~ s i n c e
t h e l a t t e r is d e f i n e d w i t h o u t u s i n g + .
S O b y w h a t w e d i d b e f o r e , w e h a v e s e t t l e d
T h e o n a n 8.4
P U S H (e) = ax. IXJSH (x: e) + ~$. N I L
PUSH(v:s) = ax. P ~ ( x : v : s ) + ~ . PUSH(s) .
124
W e w e r e r a t h e r c a r e f u l i n o u r d e f i n i t i o n (5) o f C"A~I, 2 (x,y) ;
i t m u s t p u s h y d o w n b e f o r e i t c a n p o p x . W a s t h i s necessary?. B y
c o n s i d e r i n g d i a g r a m (8) a n d s i m i l a r d e r i v a t i o n s y o u c a n p r o b a b l y
s a t i s f y y o u r s e l f t h a t ~ I , 2 ( x , y ) c a n b e a l l o w e d t o p o p x . ~ h a t
h a p p e n s t o o u r p r o o f t h o u g h ? L e t u s r e d e f i n e
c ~ t 2 (x,y) ~ ? x . ~c~t.t. i ( y ) + I-y. Ck~T'T, I (X)
W e n e e d o n l y m a k e s u r e t h a t L e m m a 8.2(i),(2) s t i l l hold.
F o r t h e first, w e h a v e b y e x p a n s i o n
C E L L 2 (u,v) 3 ~ . t . i (w) =
~ u . ( C ~ . T i ( V ) C ~ ' T , i (w)) + ~ . ( ~ t i
6
(u) D ~ t . 2 ( v , w ) ) ( 1 2 )
w h i c h d o e s n o t l o o k right. B u t c a n t h e f i r s t t e r m b e a b s o r b e d i n t o
t h e s e c o n d ? B y C o r o l l a r y 7.14 - a d e r i v e d a b s o r p t i o n l a w - w e m u s t s h o w
C~T.T.I(U)~rm~.L2(V,W) = ~U. (C~T.T.I(V)~CET.T.I,(W) ) + B (13)
for s a m e B . E x p a n d i n g t h e l e f t - h a n d s i d e g i v e s
C~TJ, (U) ~C~T.T.2(V,W) = ~U. ( C E T , T . 0 ~ 2 ( V , W ) ) + B (14)
1 i
w h i l e e x p a n d i n g p a r t o f t h i s g i v e s
C~T/.0C(IX[L2(V,W) = T. (C~T'T.I(V)~CET'T'I(W)) + B 2 (15)
N O W p u t (14) a n d (15) together:
(u) ~ CELL_ (v,w)
~ ' T ' I _ z
= yu.(T. (~.T.I(V)~CRT.T,I(W)) + B2) + B I , = B say,
= y-u. (CELL 1 (v) ~C~T.T. I (W)) + B b y T h e o r e m 7.13 (3)
w h i c h i s w h a t w e w a n t e d ' W e n o w h a v e ( 1 3 ) , a n d t h i s j u s t i f i e s t h e s t e p
f r a m ( 1 2 ) t o
c ~. u 2 (u,v) ~, T, I (w) = t. ( C E L L i ( u ) ~ C ~ t 2 (v,w)) ,
125
SO ~e still have Lemma 8.2(1).
i i
ll rcise 8 5 s h o w 82(2) still holds,
Ii Exercise 8.6 Give some extra freedom as well, and show that
f
all of ~ 8.2 still holds. Why does extra freedom for CELL O have
~ effect on the deduction (12)-(15) above?
ll
~ r c i s e 8.7 Complete the proof of the scheduler, half of which was
I
done in 3.4; it remains to show that the second constraint in Method
I
i, 3. i, is satisfied. You will almost certainly need the derived
absorption law, Corollary 7.14.
Exercise 8.8 Re-examine Exercises 4.3 and 4.4, in the light of our
proof techniques.
As a deeper exercise, investigate what happens if the two GATEs
in the OONTROL part of the net are removed. CONTROL will not
satisfy the same equation, but the whole system may still function as
specified. If so, can you prove it?
Exercise 8.9 W e can get rid of CELL 2 completely from the definition
of PUSH b y defining
~ . L 1 (y) ~ ex. ( ~ . L 1 (X)~Cg~.L 1 (y)) + ~ . CET.T. 0
(Notice that we could not then adapt our syste~ to form a queue, as in
Exercise 8.4') Carry out the proof for this changed syst~n.
9
TraD~slation into CCS
9.1 Discussion
Many concurrent algorithas can be expressed in CCS with sane lucidity.
On the other hand, the aim in designing a high level concurrent language is
(in part) to provide and enforce a discipline in the way in which ~ e n t s
~ c a t e and share their resources, partly to protect the prograrmer
frcrn unwanted deadlocks. This often restricts (usefully) the behaviours
which may be expressed.
If such a language can be translated into CCS, its meaning is thereby
determined; w e also obtain a way of reasoning about the language. For
~ l e , observation equivalences among its prograTs can be established,
and these may yield useful laws for program transfozmation.
In this chapter w e give a translation for a rather simple language.
It is a subset of various languages in use; also Hennessy and Plotkin
[HP 13 have specified its semantics in detail, in a very different way.
Our translation is quite straightforward; the main reason for this
is that the scoping of program variables, which often requires the use of
a notion of environment in semantic specifications, is for us represented
directly by the restriction operation of OCS. However, when w e examine
how to translate an enrichment of the language in which procedures may be
defined, and each procedure is supposed to admit several concurrent
activations, w e discover a limitation of CCS in its present form (we can
handle a prooedure which cannot be concurrently activated, however).
The translation will be seen to be phrase-by-phrase; each phrase of
the language beccmes a behaviour program which is totally independent of
the context of the phrase. (Such translations are scmetimes called macro-
expansions. ) We shall write ~C~ to mean the translation of phrase C.
For exanlole
~IF E THEN C ~.qE C'~
will be oonstructed uniquely from ~E~ , ~C~ and ~C'~ . This means that
the ccnstruct "IF-THI~-EISE-" in the source language can be thought of
just as a derived ternary behaviour operation. W e can then think of the
entire source language as a derived behaviour algebra.
127
9.2 T h e l a n g u a g e P
P r o g r a m s o f P a r e b u i l t f r c m e x p r e s s i o n s E a n d c c r m ~ n d s C, u s i n g
a s s i g n a b l e p r o g r a m v a r i a b l e s x. W e s u p p o s e a f i x e d s e t o f f u n c t i o n s y m b o l s
F, s t a n d i n g f o r f u n c t i o n s f. A c o D ~ t a n t s y m b o l is j u s t a n u l l a r y f u n c t i o n
symbol. W e d o n o t s p e c i f y t h e v a l u e t y p e s o f expressions.
T h e s y n t a x o f e x p r e s s i o n s is j u s t
E : : = X I F(E, .... ,E)
(This i n c l u d e s e.g. "+(X,I())" w h i c h is w r i t t e n "X+l").
T h e s y n t a x o f c c ~ m a n d s is
C: := X : = E
C ; C
IF E
W H I L E
B E G I N X;
C P A R C
I N P U T X
O U T P U T E
S K I P
% ~ E N C E L S E
E DO C
C ~ D
(Assignment)
(Sequential ccmposition)
(Conditional)
(Iteration)
(Declaration)
(Parallel cc~position)
( I n p u t )
(~tput)
(NO action)
(Parentheses a r e u s e d t o a v o i d p a r s i n g a m b i g u i t i e s ) .
T h e m a i n d o u b t a b o u t t h e m e a n i n g o f P is t o d o w i t h PAR. F o r
~ l e , c a n t h e 'concurrent' a s s i s t s i n t h e p r o g r a m
X:=0 ;
X : = X + I P A R X:=X+I
o v e r l a p i n t i m e ? I f so, t h e r e s u l t i n g v a l u e o f X o o u l d b e I o r
i t not, i t m u s t b e 2. O u r f i r s t t r a n s l a t i o n w i l l y i e l d t h e fozm~_r;
s e e h o w t o g e t t h e l a t t e r afterwards.
2;
w e
9 . 3 S o r t s a n d a u x i l i a r y d e f i n i t i o n s
E a c h v a r i a b l e X w i l l b e r e p r e s e n t e d b y a r e g i s t e r ( 8 . 2 ) o f s o r t
{ e X , ~ X } . R e c a l l i n g 8.2, w e d e f i n e
. . . . , ...... ,
L O C : { ~ , ~ } ~ ~x.REG(x)
REG(y) :{a,~} ~ ~ X . R E G ( x ) + ~y.REG(y)
~ U S f o r X w e w i l l h a v e L O C x = L O C [ ~ x Y x \ ~ T ] ;
w e w i l l a b b r e v i a t e R E G ( y ) [ ~ X Y X \ ~ 7 3 b y REGx(Y).
128
W e use L x = {~X, Y X } - the oc~olement of the sort of LOC x - in
defining the sorts of commands and expressions; w e call it the access sort
of X.
Each n-ary function symbol F (denoting function f) will be repre-
~ n t e d by
] bf ~ PlXl . . . . . PnXn o ~(f(xl, .... Xn)). NIL 1 '
whose sort is {Pl ..... Pn '~}" So for a ccnstant symbol - e.g. 2 - w e
have b 2 ~ ~2.NIL.
Each expression E w i t h variables X 1,. .. , ~ will be represented b y
a behaviour progran of sort {YXl,...,y~,~}. Thus expressions deliver
their result at 5, and then die; this means that if ~E~ is the transla-
tion of E it has the property
.... ov
~E] ~ B implies B = NIL.
In translating commands w e often write, for same B,
(~E] I px.B)\p
which w e abbreviate to [E~ result (px.B), defining the behaviour operation
result b y
1 B ~ r e s u l t B2 ~ (B~'B~)\P" ~ . . . . . I
Eadl ccmmand C with ~lobal variables X I ,... , ~ will be represented
b y a behaviour program of sort L ~ u . . . U L ~ U { I , o , ~ } . W e call this program ~C~;
it uses l ,o for input and output and signaTs its completion at ~. It then dies,
so [C~ ..... ~ B implies B = N I L
Scme auxiliary behaviour operations are useful in defining ~C];
done = ~.NIL
B 1
before B 2 = (BI[~/~]ISoB2)\ B (B new)
B 1 par B 2 = (Bl[~1/6]IB2[~2/6]](61.62.done + 62.61.done)\61\62
(61,62 new)
~ Exercise 9.1 Use the laws of Theorems 5 . 3 , 5.5 and 7.13 to show that
~ ~ d ~ are associative, and ~ is cu,,,~tative.
W e now have all w e need to define the translations ~E] and [C~
inductively on the structure of ~%rases.
129
m
E x e r c i s e 9 . 2
c ( m m a n d s , t h a t
(i) If E c o n e a ~ n s v a r i a b l e s X l , . . . , X ~,.
n x u...uL x u{~}-
I K
(ii) I f t h e n o n - l o c a l (free) v a r i a b l e s o f
~c] m s the sort L x u...uL x u{~,o,~}.
i k
(bound) i n B E G I N X; C ~qD.)
Prove, b y i n d u c t i o n o n t h e s t r u c t u r e o f e x p r e s s i o n s a n d
t h e n ~E] h a s t h e s o r t
C a r e X i , . . . , ~ t h e n
(_Note t h a t X is l o c a l
M a n y s i m p l e e q u i v a l e n c e s o v e r P c a n b e s h o w n f r o m t h e translation.
H e r e a r e a f e w as exercises.
E x e r c i s e 9.3
(i) P r o v e ~ S K I P ; C ] = ~C~
(ii) P r o v e ~ 4 I I ~ E D O C~ ~ ~ I F E ~ (C; ~ E D O C ) E L S E SKIP~
(iii) If X is n o t a f r e e v a r i a b l e o f C, p r o v e
~BEGIN X; C m m ] ~ ~C]
~ B E G I N X; C; C' ~ ] ~ ~C; B E G I N X; C' E~D]
~ B E G I N X; C P A R C' E N D ] ~ ~C P A R (BEGIN X; C' EhD)]
(iv) I f X is n o t i n E, p r o v e
~ B E G I N X; I F E ~ C E L S E C' ~ D ]
~IF E ~ (BEGrN X; C ~ 9 ) E L S E (BEGIN X; C' E h D ) ]
a n d i n v e s t i g a t e
? ~ B ~ Z N X ; ~ m m E D O C m D ~ ~ ~ ;
(v) ~ h a t c a n y o u c o n c l u d e f r o m E x e r c i s e 9.1?
E D O B E G I N X; C E~3] ?
E x e r c i s e 9 . 4 S h o w t h a t ~X:--X + 11 c y x X . ~ x ( X + I)done S i m p l i f y ~X:=0]
s i m i l a r l y . N o w show, b y b r u t e f o r c e a n d e x p a n s i o n , t h a t
~ B E G I N X; X:=0; (X:=X + i P A R X : = X + i) ; O U T P U T X ~ 3 ]
~OUTPUT i] + ~OUTPUT 2~
(Recall t h e p r o p e r t i e s o f ~ a n d c , l i s t e d i n 7.5)
130
9.3 T r a n s l a t i o n o f P
F o r e x p r e s s i o n s :
~xl = y A j x . ~
~ F ( E I , . . . , E n ) } =
( ~ E I ~ [ P l / P J l - - - I ~ E n ~ [ P n / P J l b f ) X P l - - . k P n
F o r caanands:
~X:=E] = ~E~ r e s u l t ( p x . a ~ . d o n e )
~C;C'] = ~C~ b e f o r e ~C'~
~IF E T H E N C E I ~ E C'] =
~E~ r e s u l t p x . ( i f x t h e n ~C~ e l s e ~C'~)
[WHILE E D O C] = w, a n e ~ b e h a v i o u r identifier,
w i t h w ~== ~E~ r e m i l t ( p x . i f x t h e n ( ~ C ] b e f o r e
w) e l s e done)
~ x; c ~ = ( U ~ x { ~c~) \L x
~C P A R C'~ = ~C~ p a r ~C']
~ I N P U T X ~ = ~X.~xX.done
~ E] = ~E~ r e s u l t ( p x.ox.done)
~SKIP~ = d o n e
R ~ s
(i) W e a r e u s i n g \ ~ t o a b b r e v i a t e \ ~ X \ Y X , as w a s d o n e i n 8.2.
(2) T h e i d e n t i f i e r w f o r t h e }~HILE c o m m a n d m u s t b e d i f f e r e n t f o r e v e r y
s u c h ~ t r a n s l a t e d . A m i n o r e x t e n s i o n t o CCS, a d d i n g e x p r e s s i c n s
o f t h e f o z m
f i x b . B
(in w h i c h b is a b e h a v i o u r i d e n t i f i e r b o u n d b y t h e p r e f i x "fix")
w o u l d a v o i d this inelegance. S u c h a n e x p r e s s i o n m a y b e u n d e r s t o o d as
b, w h e r e b 4 - = B
w h e r e t h e i d e n t i f i e r c h o s e n is d i s t i n c t f r c m a l l o t h e r s used. (The
n o t a t i o n c a n b e e x t e n d e d t o m a t c h t h e d e f i n i t i o n o f p a r a r e t e r i s e d
b e h a v i o u r identifiers.) W i t h t h e "fix" notation, w e w o u l d w r i t e
~%YI-~E E D O C~ = f i x w. ~E~ r e s u l t (...) .
I31
9.4 A d d i n ~ p r o c e d u r e s t o p
T h e b l o c k B E G I N X; C ~ % D c r e a t e s a r e s o u r c e X f o r u s e b y C;
t h e r e s o u r c e X is r e p r e s e n t e d b y a b e h a v i o u r , a c c e s s e d t h r o u g h t h e s o r t
L x .
P r o c e d u r e s (of m a n y d i f f e r e n t kinds) a r e e x a m p l e s o f o t h e r r e s o u r c e s
t o create. L e t u s a d d a n 6 ~ s y n t a x c l a s s o f d e c l a r a t i o n s D t o o u r
language, w i t h t h e u n d e r s t a n d i n g t h a t e a c h d e c l a r a t i o n D is t o b e
a c c e s s e d t h r o u g h a n a c c e s s s o r t ~ . T h e n w e g e n e r a l i s e t h e s y n t a x o f
b l o c k ~ t o
B E G I N D; C ~ 3
a n d b e g i n t h e s y n t a c t i c d e f i n i t i o n o f d e c l a r a t i o n s b y
D ::= V A R X J ....
T h e u n i f o r m t r a n s l a t i o n o f b l ~ w i l l b e
j , ~BEGIND; C END~ = (~D~J~C~)\~_ I
and t he t r a n s l a t i o n o f va r i a bl e decl ar at i ons i s now
I - t
~ V A R X~ = L O C x (with a c c e s s s o r t I~XI
V a r i a b l e s a r e p a r t i c u l a r i n t h a t t h e y ~ , L ~ n i c a t e o n l y w i t h t h e i r accessors;
t h i s is r e f l e c t e d i n t h e f a c t t h a t t h e s o r t o f ~ is j u s t ~ . P r o c e d u r e s
m a y , w e suppose, c o n t a i n f r e e v a r i a b l e s a n d c a l l o t h e r p r o c e d u r e s , s o t h e
c o r r e s p o n d i n g b e h a v i o u r s w i l l h a ~ a s o r t l a r g e r t h a n t h e c c ~ p l ~ n e n t o f t h e
a c c e s s sort.
L e t us d e f i n e
D ::= V A R X J P R O C G (VALUE X, R E S U L T Y) IS C G
a n d a d d t o t h e s y n t a x o f c c r m ~ n d s
C ::= .... ICALL G(E, Z)
T h e p r o c e d u r e d e c l a r a t i o n i n d i c a t e s t h a t G is a o n e - ~ t p r o c e d u r e ,
t a k i n g i t s a r g u m e n t (by value) i n t o a l o c a l v a r i a b l e X; t h e b o d y o f G
(command CG) h a s free v a r i a b l e s X a n d Y a n d t h e r e s u l t o f t h e p r o -
c e d u r e is t h e v a l u e i n Y o n campletion. T h e c a l l p a s s e s t h e v a l u e o f E
a s ~ n t , a n d a s s i g n s t h e r e s u l t t o v a r i a b l e Z. T h e a c c e s s s o r t o f G
i s t o b e L G = { ~ G , Y G } , a n d w e c a n i m m e d i a t e l y w r i t e t h e t r a n s l a t i o n o f a
procedure call:
I ~CALL (E,Z) ~ ~E~ ( p x . ~ . ~ G z . ~ z Z . d o n e ) G result
W e n o w have to say that the sort of ~C~ , when C has free variables
X 1 ,... , ~ and free prooedure identifiers G 1 ,... , ~ , is
N _
L X I U ' " U L X U k ---InLC~lU'"uLc~u{I''~}" ~ i s will follow frcm the definition
of ~D~ for a procedure declaration. (In fact sort-checking is a good
first guide to correct definition, like type-checking in good programming
languages and dimension-analysis in school mechanics.)
We can give a first approximation (wrong for at least two reasons)
to the translation of procedure declarations:
? [PROC G(VALUE X, RESIST Y) IS CG~ = g, where
g~== (LOCxILOCyI (~Gx.~xX.~CG ] before yyY.~GY.NIL))\Lx\Ly
Notioe that this has sort ~ ~ ..__LcuLc-(L~L~{~} ) where L C is the sort
of CG; this will make the sort of the block right.
Are the free variables of C G treated properly? What output do
w e expect frcm the following amlnand C ?
o
BEGIN V A R Z; Z:=3;
BEGIN P R O C G (VALUE X, R E S I S T Y) IS Y:=Z;
BEGIN V A R Z;
CALL G (17, Z);
OUTPUT Z
~ D
~ND
END
~he aD~wer should be "3", since the body of G should use the outer Z.
If it used the inner Z the answer w o u l d be "no output" since locations
cannot be used before they are assigned.
Ex~rcise 9.5 If y o u are interested to see how a mechanical evaluator
for P (via CCS) might work, simplify ~ C o ~ ~ f first simplifying the
translations of subphrases as far as possible , and obtain
c
~Co~ = ~OUTPUT 3 ~ o3.done.
133
The first mistake in g
since it dies after one use.'
selves (with possibly changed content) after use, so w e m y make
same.
Second approximation:
? [PROC G(VALUE X, RESULT Y) IS CG~ = g, where
g 4 = = ( L O C x I ~ I ( ~ . ~ . [ C g ~ before ~ y . ~ . g ) ) \ L x \ L Y
So the last thing g does is to restore itself. Notice that the restored
g is of foma (...)\Lx\Ly , so its local variables X,Y are not those of
the old g. But you should see how to allow G to have "own" variables
which are initialized at declaration and persist frcm call to call.
above is that it is not much use as a resource,
Our other resources (registers) restore ths~-
g do the
Exercise 9.6 Translate the ~ declaration
P R O C G ( V A L U E X, R E S U L T Y) O W N Z:= E is C G
so that G's "own" variable Z is initialised at declaration to
the value of E.
The second mistake in g is that there is no provision for it to
call itself recursively. If C G contains CALL G(-,-) then it will
d~nand a reply to ~ G v for sane value v, and nothing can meet it. }~nat
could meet it? The answer is: a fresh resource g for use by C G.
Taking the clue frcm the translation of blocks (whid~ is the way resources
are provided for use), we obtain fLnally
~PROC G ( V A L U E X, R E S U L T Y) IS CG~ = g , where
g 4== (LOCxllf~yI (~GX.~x. (g[ [CG~ ) \L G before 7yy.~Gy.g)) \Lx\Lz
(with access sort L G)
Exercise 9.7 If [CG~ has sort LC, check that
g : L G o L c -
yields the sa~ne sort for the right hand side of g's definition.
It is rather hard work to evaluate even simple recursive P programs
by hand via OCS. What would be She point of evaluating them? Well, the
purpose of our translation is to investigate the power of CCS, and also
t 34
to indicate that properties of languages such as P (as distinct frcm
properties of particular P prograus) m a X thereby be established.
But a check on the validity of t_he translation would be helpful, and
could be provided by a mechanical CCS simplifier/evaluator. Peter
Mosses has shown how Scott-Strachey semantic specifications expressed
in the lambda-calculus can be checked out by a lambda sir~plifier/
evaluator [ Mos].
We must now exanine a shortcmming of our translation of procedure
declarations. Since g only restores itself after returning ( ~ )
its result, it follows that although there may be concurrent calls of
G within the block of the declaration, for example
CALL G(6,Z) PAR CALL G(7,W),
the resulting executions o f C G will not be overlapped in time; one
must take priority, while the other waits to use the restored g. (It
cannot access the inner g provided for recursive calls of G by
itself; that is restricted by \LG.) A t first sight, w e might hope to
allow for concurrent activations of G b y making g restore itself
directly after receiving its a r ~ t :
? [PROC G(VALUE X, RESULT Y) IS CG] = g, where
g ~ = ~ " (gl ( L O C x I ~ y I ( ~ " (g I [CG]) \L G before 7 y y . ~ . N I L ) \IX\ ~ )
(Note that we still have guarded recursion). Now the restored g may be
activated inmediately after the first, and run concurrently with it. But
w e cannot be sure that the two (or more) g's will return their results
(~y) to the correct calling sequences - each of which is waiting on
yG z '.
There seems no natural solution to this probl~n in ~ as it now
stands. True, we may generously allow some fixed number of g's to
This could be be created, as separate resources, by the declaration.
done b y
? [PROC G(VALUE X, RESULT Y) IS CG~= gs, where
g s ~ I - ~ N g i' and for each i
% I (gs I \ L G b e f o r e G , i y ' g i ) )
with L G = {eG, i' Y G , i ' l-<i- < N} now.
135
Notice that each gi restores itself after cc~pletion; only the N
distinct gi can be concurrently active. The calling sequence must
also be adjusted:
[CALL G(E,Z) ~ = ~E~ result (px.1<Zl<_N~G,iX.YG,iz.~zZ.done)
This solution has one attraction; it may be realistic if w e ass~ne a
fixed bound N on the m m ~ e r of processors available. But w e are
looking for solutions at a level of abstraction at which implementation
is not yet considered.
Even so, the 'right' solution is suggested by what implementors
often do; that is, for each call of G to supply a return link along
with the argument. Each activation then knows which return link to use
in returning its result. But in CC~ this would mean passin 9 Labels (or
names) as values, which w e have excluded.
It is not trivial to give CCS this ability, and yet retain the theory
which w e have developed, but it may be possible (in exploratory discus-
sions with Mogens Nielsen w e have seen sGme chances). The fact that w e
have not met this need until now shows that much can be done without
name-passing, but its usefulness is certainly not limited to language
translations. W e tin/st leave the matter open.
Exercise 9.8 Generalise the (correct'.) translation of procedure declara-
tion to allow several procedures to be declared mutually recursively
(as a single resource) by
A N D - - -
c~ ( v A u ~ x k, R E S E T Yk) TS C k
9.5 Protection of resources
W e finish this chapter with sane tentative remarks about mutual
exclusion between commands in P which would otherwise run concurrently.
There is no doubt that we can, in CCS, represent same methods for pro-
viding rm/tual exclusion, but to provide m~hods which are robust, flexible
and elegant is a very hard problem of high-level language design which is
still not fully solved though it has been studied for about ten years.
136
S e e f o r e x a m p l e [ H o a i , ~ , [Bri i]. C C S i s u n p r e j u d i c e d , a n d i n t e n t i c n a l l y
so, t o w a r d s t h e prQblem; w h a t it c a n d o is t o p r o v i d e a m e a n s f o r r i g o r o u s -
ly a s s e s s i n g a p r o p o s e d solution.
I f a l l w e w a n t i s t o p r e v e n t o v e r l a p p e d e x e c u t i o n o f a s s i g n m e n t
c Q m k l n d s a s s i g n i n g t o t h e s a n e variable, i t is e a s y t o a d o p t t h e w e l l -
s e m a p h o r e m e t h o d . A s in 2.4, d e f i n e
S ~ 4 : { ~ , ~ } ~ ~ . ~ . S ~ 4
=
a n d r e d e f i n e
z o c x = ( ~ x . P ~ x ( X ) ) [ s m ~ x
T h e a c c e s s s o r t L x f o r r e s o u r e e X
L x= { ~ , ~ , ~ , ~ }
a n d t h e o n l y c h a n g e i n t r a n s l a t i o n is t o r e d e f i n e
~X:=E~ = ~.~E~ r e s u l t ( p x . ~ . $ . d o n e ) .
~
E x e r c i s e 9.9 R e - w o r k E x e r c i s e 9.4 w i t h this n e w t r a n s l a t i o n , g e t t i n g
A n alternative, t o a l l o w l a r g e r o c ~ a a n d s t o e x c l u d e e a c h other, is
t o a d o p t t h e p r o p o s a l o f H o a r e i n "Towards a t h e o r y o f p a r a l l e l p r o g r a m -
ruing" (referenced earlier). T n e i d e a is t o a l l o w t h e p r o g r a m m e r t o
d e c l a r e a r b i t r a r y a b s t r a c t r e s o u r c e s , b y a d d i n g a n e w d e c l a r a t i o n f o ~ m
D : : = . . . . I ~ R
(where R is a n a r b i t r a r y identifier) a n d a n e w c o m m a n d f o z m
C : : = .... I%~fH R D O C
F o r example, t h e p r o g r a m m e r m a y a s s o c i a t e a p a r t i c u l a r R w i t h t h e o u t p u t
device, a n d a d o p t t h e d i s c i p l i n e t h a t e v e r y O U T P U T c ~ s n a n d o c c u r s w i t h i n a
" W I T H R ... " context; h e c a n t h u s p r o t e c t a s e q u e n c e o f O U T P U T c c ~ m ~ n ~
f r c m interference. I n translation, R is j u s t a semaphore, s o w e s p e c i f y
[ R E S O U ~ 2 E R ~= ~ R (with access s o r t ~ = { ~ R , ~ R })
a n d
~ W I T H R D O C~ = ~R.~C] b e f o r e (~R.done)
H o a r e d i s c u s s e s t h e v i r t u e s a n d v i c e s o f t h i s discipline. I n p a r t i c u l a r ,
h e p o i n t s o u t t h e p o s s i b l i t y o f d e a d l y e ~ b r a c e , o r deadlock, as i n
137
(WITH R D O W I T H R' D O C) P A R (WITH R' D O WITH R D O C')
But he observes that a ocmpile-time check can prevent this; the program
m u s t b e such that any nesting of '~ITH R .... " e ~ m ~ n d s , w i t h distinct
R's, m u s t agree w i t h the declaration nesting of the R's. For our traD~-
lation w e m u s t add that, in '~ITH R D O C", C m u s t not contain '%rITH R ... "
for the same R. Also the check m u s t b e m o r e sophisticated in presence
of procedures, b u t can still be done b y flow-analysis techniques.
N o w w e can fozmally state d e a d l o c k - f r ~ for C as f o l l c ~ :
If ~C~ ~ B is a cc~piete derivation (44),
ie B ~ N I L , then s = r~ for sc~e r.
(C does not 'die' without signalling cfmpletion at ~). H e n the c~spile-
time check is satisfied, it should be ixgssible to prove this property of
o~s~mxis (or a stronger property w h i c h implies it) b y induction o n their
structure, though w e have not done it. But first w e w o u l d have to remove
a simple source of deadlock - narely the attempt to use an unassigned
variable. This can be done by, for exanlole, respecifying
~VAR X~ = R~Gx(0) (not LOC X) .
The proof w o u l d be a lot easier w i t h o u t procedures.
C H A P T E R i 0
D e t e r ' nacy~ a n d ~Conf l u e n c e
iO. 1 D i s c u s s i o n
I n CCS, n o n - d e t e r m i n a t e b e h a v i o u r s (in s a n e s e n s e o f detexminacy)
a r e t h e r u l e r a t h e r t h a n t h e exception. T h e o u t c o m e - o r e v e n t h e
c a p a b i l i t y - o f f u t u r e o b s e r v a t i o n s m a y n o t b e p r e d i c t a b l e , p a r t l y
b e c a u s e t h e o r d e r o f t w o i n t e r d e p e n d e n t i n t e r n a l c c ~ m u n i c a t i o n s m a y
a f f e c t it, a n d p a r t l y b e c a u s e o f t h e p r e s e n c e o f t w o o r m o r e i d e n t i c a l
g u a r d s in a s u m o f g u a r d s ( e . g . ~ . B I + T . B 2 o r ~ . B I + ~ . B 2) .
N e v e r t h e l e s s , w e w o u l d p r o b a b l y c l a s s i f y a l m o s t a l l o u r c a s e - s t u d i e s
as d e t e z n d n a t e in s a m e sense; t h e e x c e p t i o n is t h e r o o t - f L n d J m g a l g o r i t h m
o f C h a p t e r 4, w h e r e t h e r o o t f o u n d d e p e n d s u p o n t h e r e l a t i v e s p e e d s o f
c c ~ c u r r e n t f u n c t i o n e v a l u a t i o n s .
I n t h i s c h a p t e r w e m a k e p r e c i s e a n o t i o n o f D e t e r m i n a c y , a n d a
r e l a t e d c c n c e p t C o n f l u e n c e , a n d s h o w t h a t a c e r t a i n e a s i l y d ~ a r a c t e r i z e d
s u b c l a s s o f b e h a v i o u r p r o g r a m s i s g u a r a n t e e d t o b e d e t e r m i n a t e . T h i s c l a s s
a l s o a d m i t s a sir~ple p r o o f technique. I t is n o t a t r i v i a l class; f o r
e x a m p l e , t h e S c h e d u l i n g s y s t e m o f C h a p t e r 3 falls w i t h i n it, a n d i n 10.5
w e c o m p l e t e its c o r r e c t n e s s p r o o f u s i n g t h e s p e c i a l technique.
I n t h i s C h a p t e r w e s h a l l for s i n p l i c i t y r e v e r t t o p u r e s y n c h r o n i z a t i c n ;
t h a t is, n o v a r i a b l e s o r v a l u e e x p r e s s i o n s i n guards. T h e r e s u l t s h e r e
p r o b a b l y g e n e r a l i s e s ~ o o t h l y t o f u l l 0 C S b u t w e h a v e n o t s t u d i e d it.
A s a f i r s t a p p r o x i m a t i e n , o n e m a y t h i n k i t e n o u g h t o s a y t h a t B is
d e t e r m i n a t e if, w h e n e v e r B I B1 a n d B +I B2 f o r s a m e k , t h e n B I a n d B 2
a r e e q u i v a l e n t (e.g. ~ o r ~ ); o f c o u r s e w e w o u l d a g a i n r e q u i r e B 1 a n d
B 2 t o b e determinate. B u t this is n o t enough; f o r e x a m p l e B +T N I L m a y
a l s o hold, irsplying t h a t t h e c a p a b i l i t y o f a l - e x p e r i m e n t is n o t d e t e z m i n e d -
t h o u g h t h e o u t o o m e is: T h i s m o t i v a t e s o u r d e f i n i t i o n o f ccnfluence. W e
s h a l l t r e a t n o t i c n s o f s t r e n g c o n f l u e n c e a n d s t r o n g dete/mlinacy (so c a l l e d
b e c a u s e t h e y a r e a l l i e d t o s t r c ~ g equivalence) in d e t a i l f i r s t - t h e y w i l l
b e e n o u g h t o g i v e u s t h e r e s u l t s w e n e e d h e r e - a n d l a t e r w e o u t l i n e a m o r e
g e n e r a l n o t i o n w h i c h i s a l l i e d t o o b s e r v a t i o n e q u i v a l e n c e .
139
10.2 Stron~ confluence
Our notion of strcng confluence will n o t imply d e ~ a c y in the
sense of the last section. W e separate it from d e ~ c y because, by
itself, it ir~plies a property of programs which supports our proof
technique. But d e ~ a c y will be needed as well w h e n w e show that all
programs written in a certain derived ~alculus of CCS are ccnfluent and
therefore admit the technique.
The following proposition can be read as a definiticn of strong
ccnfluence, except that it 'defines' the property in terms of itself:
Proposition i0. ! The behaviour program A is strongly confluent iff
(i) Whenever A ~+B and A ~+C then either u = v and B ~ C
o_~r there exist D and E such that B v+ D, C ~+E and
D ~ E .
(ii) Whenever A ~+ B , B is strongly confluent.
Proof: Immediate frc~n the definition to follow.
W e m a y picture condition (i) as
B B V ~ D
implies either ~ = v & B ~ C or
~ C C
Such diagrams will be useful in proofs. Note that if u = v we have
two possibilities; the case B ~ C represents intuitively that A ~+ B
and A ~ C are essentially the "same action". Our definition of
detexmdnacy w i l l demand that this m u s t b e the case for ~ e A , b u t w e
do n o t w a n t to demand this for ~ = ; A ~+ B and A T+ C m a y arise,
for example, fram two different internal ccmmunicaticns.
N o w for our fozmal definition. A s usual, w e have to resort to a
sequenoe of properties for k >- 0 .
140
D e f i n i t i o n A is a l w a y s s t r c ~ l y O - o o n f l u e n t
A is s t r o n g l [ (k + 1 ) - c o n f l u e n t i f f
B
(i) ~ i u p l i e s e i t h e r ~ = ~ a n d B ~ C
C
f o r s o m e D a n d E ;
(ii) A ~+ B implies B s t r o n g l y k-confluent.
A
B~D
O_. Z ).
C~E
is s t r c m ~ l y c c n f l u e n t i f f i t is s t r o n g l y k - c o n f l u e n t f o r a l l k-> O.
L e t u s a b b r e v i a t e " s t r o n g l y confluent", " s t r o n g l y k - c c n f l u e n t " b y SC,
S C k respectively. W e f i r s t w a n t t o k n o w t h a t S C is a p r o p e r t y o f s t r o n g
e q u i v a l e n c e classes, n o t j u s t o f progr~as.
P r o p o s i t i o n 10.2 I f A is S C a n d A ~ A ' t h e n A' i s SC.
P r o o f W e s h o w b y i n d u c t i o n o n k t h a t if A is ~ k a n d A ~ A ' t h e n
A' is ~ . A t k = O t h e r e i s n o t h i n g t o prove. A s s u r a e a t k ,
a n d a t k + l a s s ~ u e A is ~ + I a n d A ~ A ' .
F o r p a r t (ii) o f t h e d e f i n i t i o n , i f A' ~ B' t h e n b y T h e o r e ~ 5.6
A ~ B ~ B ' f o r s a n e B ; b u t B is ~-k' h e n c e b y i n d u c t i v e h y p o t h e s i s
s o is B' .
F o r p a r t (i) , s t p p o s e
S !
A , /
, y i e l d i n g f o r s o m e B , C
B !
u S
U ..-~ B
A' I-,i A /
C !
~ n e n (since A is
o r f o r s o m e D , E
~ + 1 ) e i t h e r
a n d D' ,E'
B ' ~ " D'
B ~ D
C P > E
C' P > E'
s o
~ = ~
a n d B ~ C , so B ' ~ C ' ,
B' ~ > D'
C' ~ > E'
141
c
H o w e v e r , S C is n o t p r e s e r v e d b y z o r ~ ; f o r e x a m p l e
c
~ . ~ . N I L + 6.~.HIL ~ ~ . 6 . N I L + B . T . ~ . N I L
w h i l e t h e f i r s t is SC, t h e s e c o n d i s not. W e t a k e u p t h i s q u e s t i o n
later.
F o r o u r m a i n p r o p e r t y o f S C w e f i r s t n e e d a l e m m a t o d o w i t h
l o n g e r d e r i v a t i c n s .
L e s m a iO.3 If A is S C
e i t h e r ~ = ~i (some i) a n d
B
a n d A ~ t h e n
/ . l
H 2
C C ~ E
P r o o f B y i n d u c t i o n o n n . F o r n = O , C is A a n d t a k e D , E t o b e
A t n + l w e h a v e
A f B
~ A ~2" "~-
2 ""u n +
s o e i t h e r ~ = H I a n d A 1 ~ B , w h e n c e B .I>D~ C b y T h e o r e m 5.6,
o r (first c a s e o f i n d u c t i v e h y p o t h e s i s f o r A I) ~ = ~ i ( i > 2 ) a n d
~ I ~2" "Wi-l~i+l" ' " ~ n + l > D
B ~ B i
B f 2 " "~i-lUi+l ' "~n+l D'
A >
2"" "~n+l > C
B.
142
finding first B ,B' since A is SC , then D'
then D , or (second case of inductive hypothesis)
since
A 1 is
SC,
PJ[ ]~2" "Pn+l
B > B I > D
A B' ~2"'~n+l ~ D'
A ..~n+l ~ C ~ ~ E
N o w w e can deduce our main property as an important special case.
Theorem iO. 4 (Strcng Confluence). If A is SC and A - ~ B then
A = B .
Proof W e show that if A is SC and A - ~ B then A Z k B, by induction
on k. Trivial at k--0; asstnne it at k, and at k+l ass~ne A is
SC and A - ~ B.
(i) If B ~ B ' clearly A ~ B ' also.
(ii) Let A ~ A ' . Then frcm L~lua 10.3 w e have, for sane B',
either B ~ B ' or B ~ B'
A' A' T~A"
In the second case, since A' is SC (Proposition iO.!), A' = k A'' by
inductive hypothesis; b u t ~ implies Z k (Theorem 7.2) so in either
case A' ~ k B' as required.
The usefulness of the Strong Confluence Theorem is simply this: a
program A m a y admit m a n y actions, and so m a y its derivatives, but to
find a B such that A ~ B w e need only follow an e-derivation (a sequence
of z-actions ) starting frcm A, provided w e know A to be SC.
To follow all other derivaticns (as, in effect, the Expansion Theorem
would do when repeatedly applied to A, ~ , . . . ) would often be heavy
w o r k - and is unnecessary in this case.
In the next section w e illustrate this saving on a toy example, which
w e ass~ne to be confluent (later it will be seen to be so on general
grounds). But w e first need to define a class of derived behaviour
operations, called ommposite action.
143
iO. 3 C c ~ i t e 9uards, a n d t h e u s e o f c c ~ f l u e n c e
F o r ~ i ~ A u {T}, ( ~ l J . . - J ~ n) i s a c c ~ s i t e g u a r d ( n _ > l ) w h o s e
a c t i o n s a r e g i v e n a s follows, i n t h e s t y l e o f 5.3 ( s e e E x e r c i s e 10.2,
e n d o f 10.4, f o r r i c h e r czm~posite guards):
n > l (Z1 j...j~n ) . B ~ (~1 j . . . l ~ i _ l j ~ i ~ I . . . j ~ n ) . B
f o r e a c h i, 1 _<i_< n
n = l ( ~ I ) . B , I ~ B
F r a m t h i s i t i s e a s y t o d e d u c e t h e f o l l o w i n g s t r o n g equivalences:
P r o p o s i t i o n 1 0 . 5
(I) ( ~ i ) . B ~ ~ I . B
(2) F o r n > l , ( ~ l j . . . J u n ) . B ~ ~ U i ' ( P l I'''j~i-I I~i+I j'''I~n)'B
i_< i _ < n
(3) F o r a n y p e n m u t a t i c ~ p o f {i .... , n } , (~lJ...I~n).B~(~p(1)J...l~p(n)).B
P r o o f Omitted.
F o r e x a m p l e ( ~ J s J y ) . B ~ a . (SIy).B + 8. (~Iy).B + y . ( ~ J S ) . B ~ (~jyJa).B;
i t j u s t m e a n s t h a t ~ , 8 , 7 c a n b e d o n e i n a n y order. N o t e t h a t w e d o n o t
r e q u i r e ~I'""" '~n t o b e distinct.
I n s a m e p r o o f s i t is o 0 n v e n i e n t t o d e f i n e ( ~ l J . . . J ~ n ) . A t o b e A ,
w h e n n = 0 .
W e n o w w a n t t o e x a m i n e t h e t o y s y s t e m b u i l t f r a m t h e c y c l e r o f
S
" 2
% !
\
E x e r c i s e 2 . 7 ; n o t i c e t h a t c I is c y c l i n g clockwise, w h i l e c 2 a n d c 3
a r e c y c l i n g anticlockwise. B e f o r e g o i n g f u r t h e r y o u m i g h t t r y t o g u e s s
i t s b e h a v i o u r (as t h e a u t h o r d~d, f o r f i v e m i n u t e s , a n d g o t i t w r o n g ) .
144
We have
c I 4= ~1.~.~.Cl
c 2
c a 4= ~ 3 . y . 6 . c 3
and
s i s ( c I I c 2 1 c 3 ) \ A . ( A = { S , ~ , ~ } )
W e asst~ne S strongly confluent. N c ~ b y expansion
S ~ a l . S 2 3 + e2.S13 + ~3.S12
where S23 is (8.6.clIc21c3)\A,
and
B y expansion again,
and
s 1 3 i s ( c 1 1 L Y . c 2 1 c 3 ) X A
s12 i s ( c l l c 2 1 ~ . ~ . % ) \ A .
$23 ~c~2. S 3 + ~ 3 . $ 2
~ l e r e $3
a n d S
2
S 1 3 ~ ~ I . $ 3 + ~3.$1
where $1
S12 ~ ~1" $2 + a 2 "$1"
is ( S . ~ . c 1 1 L ~ . c 2 1 % ) X A
i s ( ~ . ~ . 5 1 c 2 1 9 . ~ . % ) \ A ,
is (c I I L Y . c 2 l{.~.c3)\A,
N o w w e need to consider S 0
where S O is (8.~.ClIS.Y.c218.~.c3)\A ,
and w e find
s o & (~.c I j ~ . c 2 I ~ . L % ) \ A
(6.clJc 2 I L % ) \
A s (t)
whence b y confluence S0 = S. A l s o
S 1 ~ al.S0 (by Expansion) ~ al.S,
S2 ~ ~2"S0 ~ a2"S
S w e have s ~ e t h i n g different:
3
~hile for
~
2
Y
145
s 3 A ( ~ . c 1 1 y . c 2 1 c 3 ) \ A
~a3.(6.ClIY.C21~.~.c3)\A by Expansion
~3"S by the same derivation as for
whence by confluence S 3 ~ a3.S.
So finally w e get
s l 2 c ( % 1 % ) . s , s l 3 c ( % 1 % ) . s , s 2 3 c ( % 1 % ) . s
and at last
s c ( ~ l~ 2 1 ~ p .s
S O above,
which specifies our system. It was only at (%) that w e were able to
ignore other actions in following a c-derivation, but such opportunities
will abound in even slightly bigger systems.
Here, w e used oampf~ite actions only to abbreviate expressions which
w e obtained. Later, w e will see that ccmi0osite guarding prese~Jes confluence.
One final r~mark: in the above calculaticn we were careful only to asstm~
strong confluance of S, its derivatives, and expressions strongly equi-
valent to the~. All this is justified by Propositifms IO.i and 10.2, but
we could well have wished to assume confluence of an expressicn which is
only observation equivalent to scmething confluent. As we said earlier,
observation equivalence does not preserve strcr~ oonfluence; but it does
preserve a weaker form as w e shall see, and fortunately Theorem i0.4 applies
also to the w~aker fozm - so all is well.
Exercise iO.i Use ccnfluence to find the behaviour of other system%s with
the same shape as S, or as Exercise 2.7(i), but with different cycling
directions and/or different starting states (initial capabilities).
Is the disjoiner d of Exercise 2.7 strongly confluent? What
about the behaviour s in Exercise 2.7 (ii) ?
146
10.4 Stron~ determinacy; Confluent Detexminate CCS
The natural definition of detexaiinacy is as follows:
Definition Let ~ ~ A, and let A be a program. Then A is strongly
l-determinate (I-SD) iff for all k A is strongly l-k-detemainate
(l-SDk) , where:
Every A is I-SD 0;
A is I-SDk+ I iff
(i) implies B ~ C
"~ " C
(ii) A--~B inplies B is I-SD k.
Definition A is strongly k-detemainate (S~) iff it is l - S ~ for
all IEA. A is strpn~ly determinate (SD) iff it is SD k for all ko
l-detenainacy for partian/lar l may have some use, but we will only
consider determinacy for all I.
Proposition io. 6
A is SD iff
l B
(i) A ~ inplies B ~ C ;
C
(ii) A-~)B ~ l i e s B is SD.
Proof Immediate.
As usual, w e have had to make an inductive definition and then prove
a more usable property. W e also have that SD is a property of strong
equivalence classes:
Proposition iO.7 If A ~ A ' and A is SD, them so is A'.
Proof Analogous to Proposition 10.2 but simpler.
We use the abbreviation SCD ( ~ ) for "strongly (k-)cx~nfluent
l!
and strongly (k-)determinate. W e look for behaviour operations which
preserve SCD, and first eliminate same which do not.
1 4 7
Clearly both ~.NIL and ~.B.NIL are SCD, but
~.NILI~.S.NIL ~ = . ( ~ . S . N I L ) + = . ( ~ I 6 ) . N I L
is not SD, since ~.B.NIL + (~IB).NIL. W e shall have to forbid BIIB 2
except when BI:L i, B2:L 2 and L I nL2=~. B u t this is n o t enough; ~.NIL
and e.6.NIL are SCD, b u t
~.NILIe.8.NIL ~ T.B.NIL + ~. (s.6.NIL) + .....
is not SC, since 8 . N I L ~ B is ~ p o s s i b l e . The problem here is that
the ~-action of ~.NIL m a y be observed either b y ~.8.NIL or externally.
In effect (thinking o f pictures) w e shall have to prevent the sharing of
ports, i . e . cne port supporting two links.
In s ~ m a z y , w e will forbid BIIB2, b u t allow BII IB 2 when
BI:L 1 , B2:L 2 , L 1 n L2=~; w e m a y call this operation r d - e c ~ s i t i o n
(rd = "restricted disjoint").
(Note: w e have mostly avoided the operaticn I I, and indeed its definition
needs sQme care. Precisely, it is given b y BII ]B 2 = (BIIB2)\A where
A = names (L(BI) n L(B2) ) ; w e can get a different result if w e take
A = nanes (L l n . L 2 ) for arbitrary sorts LI,L 2 for w h i c h BI:L i and
B2:L 2. Strictly therefore, in each use of If w e should make explicit the
names which are restricted; but in m o s t cases these w i l l b e implied b y the
sorts of the argument expressions. )
Also w e will forbid B 1 + B 2 ( s e e remark in iO.i) but allow (ull...Ipn).B,
ccmposite guarding, w h i c h includes (simple) guarding as a special case.
W e denote b y DCCS the derived calculus whose operaticns are:
Inaction(NIL), ~ s i t e Action, r d - C c ~ s i t i o n , Restriction and
Relabelling; w e n o w show that every DCCS program is S C D . (Skip to
10.5 if you are not interested in the proof.)
Propositicn 10.8 Inacticn, Restricticn and Relabelling preserve both
the properties ~ and SDk, for all k.
Proof Clearly N I L is S C ~ . Let us just prove that if A is ~ ,
so is A\~; the r~mainder are equally simple. For the inductive step
on k, suppose A is S ~ + 1 and
~ B\ e B
A \ ~ / , S O A " ~ 2
C\~ " ~ C
148
Then either ~=~ and B ~ C , whence B \ ~ ~ C \ ~ also, or for same D
and E , since ~,~j ~{~,~},
B - ~ D B ~ - ~ D \ ~
, so also [
C~--~E C\a ~--~E\~
(We have of ~o~rse used that ~ is a cc~gruence, Theorem 5.4).
Also if
~ i s sc k.
F o r Cc , ~ 9 o s i t e A c t i o n we c a n p r o v e mo r e ( wh i c h we n e e d i n h a n d l i n g
recursion later), namely that an n-ccmpcment guard raises the level of
SC and SD b y n:
A \ m - ~ B \ ~ then A~--~B, so B is S ~ , whence also (by induction)
~ (respectively S ~ )
for fixed k. For n =0 there is nothing to
is just A in this case. N o w let A' be
and let us show that A' is ~ k e n + l "
B' C' , are both
B' ~ C ' b y
Propositic~ 10. 9 If A is
~ k + n (respectively SDk+n).
Proof B y induction on n,
prove, sinoe (~I I.-. I P n) .A
(~11... [~n+l ) .A,
Assume
~ '
A , /
~ c '
Then ~ , ~ E {u1,...,un+l }. Either ~--~' = ~n+i say, and
(ulI...I~n).A u p to a pe~mutaticn of the guard, whence
Proposit/~n 10.5(3), or ~--~n' ~=~n+l say, and then
B'
A , Y N ~ - . ~ ( Z l t . . . [ U n 1 )'A
Also, if A' ~-~B' the_~ P = ~ n + i say, and B'
~ + n by inductive hypothesis, Hence A'
SD part to the reader.
i s (~11 I~ n) . A wh i c h i s
i s ~ - k e n + l " We l e a v e t h e
149
Corollar~, i0.iO If A is ~ (resp. SD k) and n -> 1 , then
(pll...l~n).A is ~ + 1 (resp. SDk+I).
Proof ~ t e , since ~ + n implies SCk+ i if n - > I .
Thus far, the operations preserve SC and SD separately. W e
can only show that rd-Camposition preserves them tcgether.
~ s i t i o n iO.ii If A 1 and A 2 are ~ , with AI:L1,A2:L 2 and
L In L2 = ~ ' then A IlIA 2 is SCD k .
Proof Take the inductive s t e p ; assume A 1 ,A 2 are S C ~ + I and show
f ~ s t that A ill ~2 i s S C k + i . Suppose
A i ti A 2 ~
%~nere are essentially four cases:
(i) B is B III ~ , C is ~ I I C 2 (an ~ action and an ~ action), and
A B i B l i l ; ~
A 2 . ~ ~ C2 , y i e l d i n g ~ II c = ~ ~ B1 I I c2
( i i ) B i s B I l I A 2 , C i s C l l I A 2 ( t w o A 1 acti cr, s ) , a n d
/
C1
T h e n e i t h e r U = v a n d B 1 ~ C 1 , , n e n c e a l s o B 1 II ~ ~ c~ 11 N , o r
150
(i) B is B l l I ~ , ~ = ' ~ , c is c 1 1 1 ; ' 2 ( a c ~ , ~ , o n i c a t i o n a n d an
action), a n d
C 1
But then v ~ t , since
Hence
Bi--~ D 1
I Z , whence also
C i--~ E 1
and A2---~ B 2 ( I ~ L 1 n [ ' 2 )
II ; ` 2 ~ c is impossible.
B i l l B 2 ~ o 1 1 1 B 2
c i 1 1 ~ E l l t B 2
(iv) B is B ljl B 2, C is C III C 2, ~ = v = T (two ccmmunications), and
al A2 4 < (l,l' ~ h ~ L2)
C 1 C 2
If l = l ' then l = l ' also, and since A I , ~ are SDk+ I w e m u s t
have B 1 ~ C 1 , B 2 ~ C 2, whence also BIll B 2 ~ C I N C 2 .
Otherwise
B ~ a B ~ D B l t I B 2 ~ D l l t D 2
1 I I and 2 12, whence
e l & ~i c ~ ~2 c i I I c 2 ~ E~ 11 ~ ,2
Only in the fourth case ~ w e need determinacy of A 1 , A 2 .
To camplete the SC part : if A IlIA 2 ~-~B Ill B 2 then, for i = 1,2
B. is either A. or a ~- or l-derivative of A. , hence
l l l
is ~ k and S ~ , so SCDk, so b y induction Bll I B 2 is also
SCD k .
For the SD part it only remains to show that
h l l ; ` 2 . 1
C
implies B ~ C (l e A).
151
N o w either both actions are frcrn ~ or both frGm A2, since
L l n L 2 = (our first use o f disjointness). In the first case
B I
A I ~ C1
, whence B I ~ C I , whence B(i.e. BIII ~ ) ~ C ( i . e . CI!IA2).
Similarly in the second case.
It remains to show that defLnition b y recursion in DCCS guarantees
that the behaviour identifiers are SCD.
Prop. 10.12 Every behaviour identifier b in DCCS is ~ I ~ for all k.
Proof. B y induction on k . By guarded well-definedness, ( 5.4),
the definition b0 ~ = ~ 0 m a y be expanded (by substituting ~ for any
b w h e r e necessary) until every behaviour identifier is guarded.
Fozmally, w e apply KSnig's l~mma to find
b 0 ~ B ' b o
containing no b unguarded. Assuming then that every b is SCD k ,
w e deduce that B' b is SCDk+ I frcm Props 10.8, i0.Ii and Cor I O . i O -
the latter being c-zO0cial in raising k to k + ! . It follows that b 0
and similarly each other behaviour identifier - is SCDk+ I .
Exercise 1 0 . 2 W e can also allow guard sequences in cfmposite guards,
e.g. (~.8)Iv o r even (a.(BI7)) !8 . %Zqese still preserve SCD.
Prove the analogue of Prop 10.9 and Cor iO.iO for ccmposite guards defined
as follows:
(i)
(ii) If
is a ccrgposite guard
gl,...,g n are composite guards (n>-l), so are
(gl'''''gn) and (g!l...Ign).
152
10.5 P r o o f i n DC~S; t h e s c h e d u l e r a ~ a i n
W e a r e i n t e r e s t e d i n s y s t e m s d e f i n a b l e i n DCCS. T h e t ~ ! s y s t e m
o f ~IO.3 is a n exanple; e a c h c i t h e r e is d e f i n e d i n DCCS, a n d t h e
s y s t e m S is a l s o d e f i n a b l e i n D O C S b y
c 1 !1 c 2 I I c 3
Of c o u r s e we we r e a b l e t o u s e t h e f oz m S ~ ( C l l C 2 1 C 3 ) \ A s i n c e ~
p r e s e r v e s SCD, and a l s o S ~ S l " $23 + e2" S13 + e3" $12 ; n e i t h e r o f t h e s e
a r e DCCS e x p r e s s i c r s , b u t t h e f a i t h f u l n e s s o f ~ t o SCD j u s t i f i e s t h e i r
u s e i n t h e p r o o f .
L e t u s r e t u r n t o t h e s c h e d u l e r p r o b l e m o f 3.1 ;
w e h a d
[ c ~ ~ . ~ . c ~ l ~ ) . c l
a n d d e f i n i n g I ' C' I ' ~ C[ O~. 8, ' / , ~. _. / c ~6" f ~] I we g e t
I i J . ~. ~. J . - ~ . L I
c i
W e a l s o h a d
~ " ~ i . ~ i ~ ' i I % . + ~ ) . %
s ~ ~ = ( s l c ~ l . . . . I c ) \ - q . . . V r n
a n d t h e s e c o n d p a r t o f o u r s p e c i f i c a t i o n d e m a n d e d
S c h II ( n ~ I = ~ ) = (~181) ~
j~l 3 j~l 3
N O W - g e t t i n g r i d o f t h e s t a r t b u t t o n - w e h a v e
s c ~ = ~ - ( ~ I ; 2 ) - % 1 1 c 2 1 1 . - - I I c
N o w w e m a y d e f i n e , f o r 2 _ < j < _ n
i i
w h e n c e e a s i l y
c ' ~ - . c '
3 YJ "T'(wlYj+l) 3
W e s h a l l show, then, t h a t
S c h I ~ l . g l . S C h 1
(ccmioare e q u a t i o n (2) i n 3~4, a n d n o t e t h e r e m a r k s there)
w h e r e
I s~1~-- ~1"%J~2)'cltlc~ jj'" lien I
( * )
( i )
( * )
( 2)
i0.6
t 53
C l e a r l y S c h I = t h e l e f t s i d e o f e q u a t i o n (i) above. N o t i c e t h a t a l l
o u r d e f i n i t i o n s - i n b o x e s a b o v e - a r e i n DCCS. S i n c e S C D is a p r o p e r t y
o f ~ e q u i v a l e n c e classes, w e c a n u s e t h e e q u i v a l e n c e s (*) freely.
a n d
S C h l ~ ; 1 " ( ( ~ 1 l ~ 2 ) " c l l J c ~ l l . . . . 1 1 % )
( 8 1 t ~ ' 2 ) - a l l t c ~ l l . . . l i c A
3
~ 1 " e l H V 3 - % 1 1 0 ; I I . . . . 11 c n
- - ~ > ~ 1 - e i I I ~ 1 1 % 1 1 . 1 1 % _ 1 1 ~ , . % ( * )
~ ~ 1 ( c I l l c ~ I i . . . . l i C ' n _ ~ I I " 7 1 . % )
while c l J 1 % 1 1 ' - t l c n _ 1 I I ~ 1 - " % '
Pu t t i n g t h i s t oget her , usi ng Theorem 10. 4 and known p r o p e r t i e s o f = ,
we get Sd~ 1 = ~l . t ~l . SCh as r e q u i r e d .
T h e c r u c i a l p a r t w a s t h e l o n g --~> d e r i v a t i o n (%) i n w h i c h t h e ~I
a c t i o n c o u l d b e p e r s i s t e n t l y ignored; w i t h o u t S C D w e w o u l d h a v e h a d t o
d e a l w i t h t h i s a c t i o n b y absorption, as w e d i d f o r t h e f i r s t p a r t o f t h e
s c h e d u l e r s p e c i f i c a t i o n i n 3.4. T h u s S C D i n e f f e c t g u a r a n t e e s absorption.
O n e p o i n t is w o r t h n o t i n g . F r o m c'.3 ~ 7j .T. (T 1-79+ 1) .c'.3 w e c a n
e a s i l y g e t c'. ~ 7j - ' 3 .Yj+l.C~ , a n d t h i s t r a n s f o r m a t i o n w o u l d s l i g h t l y
c l a r i f y o u r proof. B u t w e d o n ' t k n o w t h a t S C D is p r e s e r v e d b y
(in f a c t w e k n e w i t i s not, i n g e n e r a l ) . O u r p r o o f s w i l l t h e r e f o r e
b e less d e l i c a t e w h e n w e h a v e a w e a k e r p r o p e r t y O C D w h i c h is p r e s e r v e d
b y m , a n d w h i c h a l s o a l l o w s a v e r s i o n o f %~neorem iO. 4. W e n ~ t u r n t o
t h i s q u e s t i o n .
O b s e r v a t i o n C o n f l u e n c e a n d D e t e r m i n a c y
H o w s h o u l d w e a r r i v e a t a p r o p e r t y OCT), w e a k e r t h a n S C D b u t s u p p o r t i n g
o u r p r o o f m e t h o d (based o n T h e o r e ~ IO. 4) a n d p r e s e r v e d b y ~ ? F o r
d e ~ c ~ , w e w o u l d p r o b a b l y l o o k a t
IS4
A t c
i m p ~ e s B = C
as a possibility.
this property by
Prop. 10.2. So w e might try
~ B
B u t the use of ~--~ will prevent preservation of
; y o u will see this if y o u try diagrams as in
implies B ~ C
This is closer to w h a t w e will adopt, b u t notice that it already entails
a sort of confluence, for if B ~-~B' then w e w o u l d have B'= C also,
whence B ~ B ' (this is because A ~ B ' also holds) .
Since w e want to harmonize w i t h our definition of ~ w e do w i s h to
use ~ rather than --> ; if w e cannot separate detemniD~cy from confluence
then a definition w h i c h covers both seems necessary. W e should also deal
with ~ (s e A*) rather than just ~ (k E A).
W h a t should confluence say about
r B
A~//~s , r,s e A* ?
C
It should imply sane oa,,~mtativity of observations, in so far as r and s
differ; B should admit an abservation w h i c h is in scme sense the excess
of s over r , w r i t t e n s/r , and C should admit r/s , in such a w a y
that the two results are suitably related:
B B~ D
r
i olies r/%E
c
w e shall need to adjust "~" slightly, b u t first w e define r/s .
w e get it b y working through r frQm left to right, deleting in r
any symbol w h i c h occurs in (what remains of) s . ~hus r/s
b y a pemT~tation of s , but depends upon the order of r .
Intuitively
a n d i n s
is unchanged
155
D e f i n i t i o n F o r r, s e A * , r / s , t h e e x c e s s o f r o v e r s
i s g i v e n r e c u r s i v e l y b y
g / S ~- E
( l . r ) / s = i. (r/s) i f 1 i s n o t i n
r / ( s / l ) o t h e r w i s e .
Exar~oles: r s r / s s / r
W e l i s t s o m e o f t h e p r o p e r t i e s o f "/" w i t h o u t p r o o f (we w r i t e
t o m e a n r
(i) I f
(ii) I f ~
(iii) I f r a n d
r / s = r
(iv) I f r p e r m
i s a p e / m ~ t a t i o n o f s) :
r s t h e n r / s = s / r = e .
s s' t h e n r / s = r/s',
s / r p e ~ n s ' / r .
s h a v e n o ~ i n c o m m o n t h e n
s / r : s .
ss' , t h e n r / s ~ s' a n d s / r ~ ~
r
(V) r. (s/r) p e z m s. (r/s).
(vi) r / s l s 2 = (r/s I ) / s 2 , r l r 2 / s = (rl/s) . ( r 2 / ( s / r l ) ) .
T h e r e a r e m a n y o t h e r s , s c m e n e e d e d i n p r o v i n g t h e p r o p o s i t i o n s b e l o w ,
b u t w e w i l l n o t g i v e t h o s e p r o o f s h e r e .
W e n o w d e f i n e O C D b y a s e q u e n c e { ~ ; k > _ O } :
D e f i n i t i o n . A i s a l w a y s O C D
o
A i s 0 C D k + I i f f
B
(i) A y
%c
(ii) A r > B
A i s C ~ D i f f i t i s
~iies
i m p l i e s
f o r a l l
N o t e t h e u s e o f ~ r a t h e r t h a n ~ ;
p r e s e r v e s O C D .
I~ k f o r s c ~ e D , E ;
C r / s > E
B i s 0 C D k
k > O .
t h i s i s e s s e n t i a l i n s h o w i n g t h a t
156
T h u s if A
A ~ r
C
A U Ba
s B
r B
/ r s
is O C D w e h a v e f o r e a c h
C
B ---~. D
k, f o r example:
(determinacy) ;
C
B ~ D
~ k
i m p l i e s C ~ E ;
S
B ~ D
Ilk
i m p l i e s C = - ~ E ;
B . , s D
C ~ E
in,plies
T h e f o l l o w i n g r e s u l t s hold:
P r o p o s i t i o n ! O . 1 3 I f A is 0 C D a n d A ~ A ' t h e n A' is OCD.
I E x e r c i s e 10.3. P r o v e t h i s s h o w i n g t h a t i f A is a n d A
by
O C D k
~ 2 k A'
t h e n A' is O C D k .
g
T h e o r e m 10.14 (Confluence) If A is 0 C D a n d A ~ B t h e n A ~ B.
p r o o f w e s h o w i t f o r ~ k b y i n d u c t i o n Q n k . F o r t h e i n d u c t i v e step,
S
asst~ne A i s 0( 3) a n d A ......... -'- B .
s ,
(i) If B ~ B ' , t h e n c l e a r l y A ~ B also.
s
( i i ) I f A > A' t h e n , b e c a u s e A i s 0CD,
s
B~B'
~ k f o r s c m e B', C
E
A' = = = ~ C
B u t A' is OCD, so b y i n d u c t i o n A' ~ k C , w h e n c e A' ~ k B' as required.
P r o p o s i t i o n iO.15 I f A is S C D t h e n i t is OCD.
F r c ~ t h i s w e i m m e d i a t e l y k n o w t h a t DCCS, a n d a n y t h i n g ~ t o a D C C S p r o g r a m w
is OCDo A l t h o u g h t h e s e facts d o n o t i m p l y i t immediately, w e a l s o h a v e
P r c ~ o s i t i o n 10.16 T h e o p e r a t i o n s o f D C C S a l l p r e s e r v e t h e propel-ty OCD.
157
T w o r e m a r k s s h o u l d b e m a d e . First, w e d o n o t k n o w o f a n y d e r i v e d
c a l c u l u s o f C C S w h o s e p r o g r a m s a r e a l l O C D b u t n o t a l l SCD. I t w o u l d b e
v e r y i n t e r e s t i n g t o f i n d one, p a r t i c u l a r l y i f i t c o n t a i n e d s y s t e m s
w h i c h a r e i n t u i t i v e l y dete_~ninate i n s c m e sedge, l i k e e a r l i e r c a s e - s t u d i e s
i n t h e s e notes, b u t c a n n o t b e e x p r e s s e d i n DCCS. F i r s t o f c o u r s e w e w o u l d
w a n t t o e x t e n d t h e p r e s e n t n o t i o n s , a n d DCCS, t o a l l o w v a l u e - p a s s i n g o
S e c o n d , t h e r e a d e r m a y w o n d e r w h y w e i n t r o d u c e d S C D a t all, s i n c e
C C D h a s t h e p r o p e r t y w h i c h w e u s e d i n p r o o f s a n d p r e s e r v e s ~ ; O C D
h a s t h e a d v a n t a g e t h a t i t is a p r o p e r t y o f b e h a v i o u r s ( ~ c o n g r u e n c e classes),
n o t o n l y o f p r o g r a m s . T h e r e a s o n i s p a r t l y t e c h n i c a l ; t h e c r u c i a l p r o p e r t y
o f S C D (Cot iO.iO), w h i c h p r o v i d e d f o r r e c u r s i v e l y d e f i n e d be/laviours i n
DCCS, c a n n o t b e e s t a b l i s h e d f o r OCD. A l s o o f c o u r s e t h e s t r o n g e r n o t i o n
m a y y i e l d s t r o n g e r m e t h o d s .
I n conclusion: w e h a v e f o u n d a d e r i v e d c a l c u l u s o f C C S w h i c h p o s s e s s e s
a n i n t e r e s t i n g p r o p e r t y , a n d i t is p o s s i b l e t h a t o t h e r d e r i v e d c a l c u l i m a y
b e f o u n d w i t h u s e f u l p r o p e r t i e s . F o r c o n f l u e n c e a n d detensainacy, t h e r e is
a s t r o n g c o n n e c t i o n - s t i l l t o b e ~_xplored - w i t h n o t i o n s i n P e t r i ' s N e t
Theory, p a r t i c u l a r l y t h e n o t i o n s o f (absence of) C o n f l i c t a n d C o n f u s i o n
a n d t h e s u b c l a s s o f n e t s c a l l e d M a r k e d G r a p h s ECoH]. O t h e r a u t h o r s h a v e
e x p l o r e d c o n f l u e n c e i n v a r i o u s settings. T h e o r i g i n o f t h e i d e a a p p e a r s
t o b e t h e C h u r c h - R o s s e r t h e o r e m f o r t h e l-calculus; C h u r c h - R o s s e r p r o p e r t i e s
a r e d i s c u s s e d b y R o s e n [Ros] . H u e t [Hue] s t u d i e d c o n d i t i o n s u n d e r w h i c h
t e z m - r e w r i t i n g s y s t e m s a r e c o n f l u e n t ; t h e p r i n c i p a l d i f f e r e n c e h e r e is t h a t
o u r r ~ r i t i n g r e l a t i c n s ~--> a n d s
a r e i n d e x e d b y l a b e l s a n d sequences.
K e l l e r [Kel] i n t r o d u c e s a c o n f l u e n c e n o t i o n i n t o p a r a l l e l o c ~ p u t a t i O n ~
h i s r e w r i t i n g r e l a t i o n s a r e inde~xed, b u t h i s d e f i n i t i o n o f c o n f l u e n c e d o e s
n o t e x p l o i t t h e i n ~ _ n g .
T h e a u t h o r ' s i m p r e s s i o n is t h a t c o n f l u e n c e is a d e e p n o t i o n w h i c h (as
w i t h m o s t d e e p notions) m a n i f e s t s i t s e l f v e r y d i f f e r e n t l y i n d i f f e r e n t
fozn~al o r m a t h e m a t i c a l settings W e h a v e n o t i n v e n t e d it, b u t o n l y f o u n d
i t scrne n e w clothes
C o n c l u s i o n
C H A P T E R ii
i i . i W h a t h a s b e e n a c h i e v e d ?
W e h o p e t o h a v e s h o w n t h a t o u r c a l c u l u s is b a s e d o n f e w a n d s i m p l e
ideas, t h a t i t a l l o w s us t o d e s c r i b e s u c c i n c t l y a n d t o m a n i p u l a t e a w i d e
v a r i e t y o f c c ~ p u t i n g agents, t h a t i t o f f e r s r i c h a n d v a r i o u s p r o o f
t e c ~ m i q u e s , t h a t i t u n d e r l i e s a n d e x p l a i n s s o m e c o n c u r r e n t progrannair~
concepts, a n d t h a t i t a l l o w s t h e p r e c i s e f o r m u l a t i o n o f q u e s t i o n s w h i c h
r e m a i n t o b e a n s w e r e d ( e . g . w h i c h e q u i v a l e n c e r e l a t i o n t o e~ploy). It
a l s o appears t o h a v e s o m e i n t r i n s i c m a t h e m a t i c a l interest. T h u s w e
c l a i m t o h a v e achieved, t o s c m e extent, t h e aims o f a r t i c u l a c y a n d
c o n c e p t u a l u n i t y e x p r e s s e d in C h a p t e r O.
I n t h e n e x t f e w s e c t i o n s w e e x a m i n e C C S c r i t i c a l l y (though briefly)
i n o n e o r t w o respects; i n d o i n g s o s a m e s u g g e s t i o n s f o r f u r t h e r w o r k
a r i s e v e r y clearly. I n t h e f i n a l s e c t i o n w e p r o p o s e s a m e o t h e r d i r e c t i o n s
f o r t h e future.
11.2 I s C C S a p r o g r a m m i n g language?
I t is n o t u n i v e r s a l l y a g r e e d w h a t q u a l i f i c a t i o n s j u s t i f y t h e t i t l e
" p r o g r a m m i n g language". L e t u s t r y t o e x a m i n e C C S c r i t i c a l l y w i t h r e s p e c t
t o s c ~ e p o s s i b l e q u a l i f i c a t i o n s .
First, w e h a v e n o t s a i d h o w t o inpler~hnt i t o n a c c ~ p u t e r (with o n e
o r m a n y p r o c e s s o r s ) . Inlolementation o f c o n c u r r e n t p r o g r a r s r a i s e s a h o s t
o f d i f f i c u l t q u e s t i o n s . T o s t a r t w i t h , s u c h a p r o g r a m is o f t e n (at l e a s t
i n o u r case) n o n - d e t e r m i n a t e ; s h o u l d its ' ~ p l e n ~ n t a t i o n ' b e a b l e t o
f o l l o w a n y p o s s i b l e e x e c u t i o n , b y h a v i n g t h e p o w e r t o toss a c o i n f r c m
t i m e t o t i m e o r b y u s i n g a m a c h i n e w h o s e p a r t s r u n a t u n p r e d i c t a b l e
r e l a t i v e s p e e d s ? O r is i t m o r e c o r r e c t t o t a l k of, n o t a s i n g l e implen, en-
tation, b u t a s e t o f inlol~nentations f o r e a c h p r o g r a m , e a c h i m p l e m e n t a t i o n
b e i n g d e t e a m i n a t e ?
A g a i n , w o u l d o n e a l l o w a n ir~plementation w h i c h is, i f n o t s e q u e n t i a l ,
c o n d u c t e d u n d e r s a m e c e n t r a l i s e d c o n t r o l ? ~ h i s w o u l d b e r a t h e r u n s a t i s f a c t o r y ,
s i n c e t h e c a l c u l u s is d e s i g n e d t o e x p r e s s h e t e r a r c h y a m o n g c o n c u r r e n t l y
159
active omponents. But since it can express systems which generate
unboundedly many such ecr~ponents, it is natural to expect an impler~m-
tation to administer (not necessarily in a hierarchic manner) the
allocation of a fixed nunber of processors in executing the cc~ponents.
A n implementation problem arises, even with CCS programs with a
fixed number of o o n ~ t ~ t s , and even if there are enough
processors to go round. In the general case where the components are
arbitrarily linked and where each one may have at ead% rfcment an arbitrary
set of (rmmunication capabilities, our primitive notion of synchronised
ccmarmication does not admit direct realisation by hardware (at least by
current techniques) as far as the author knows. Jerry Schwarz [Sch] has
exposed the difficulty and proposed a solution, which can indeed became
simple in special cases but is not so in g~neral. So CCS does not (yet)
have the property that its primitives have primitive realisatioD~. We
claim rather to have found a communication primitive which allows other
disciplines of o ~ m ~ n i c a t i o n (e.g. by shared variables, or by bounded or
unbounded buffers) to be defined, and which can b e handled mathematically.
There is no a priori reason that any such primitive should also be
simple to realise. But w e may cc~oare the primitives of the l-calculus
(functional abstraction and application), or of cc~binatory logic (the
ccmbinators and combination) ; ten years ago these may have beem thought
to require very indirect realisation, even via software, but they are
now being realised directly by hardware.
Let us look at another qualification usually expected of a practical
programling language. It should not only have a powerful and not too
redundent set of constructs, but should also encourage disciplined and
lucid programming. This can mean that its constructs are conceptually
rather non-primitive; consider the sophisticated array manipulations of
ALGOL 68, or - closer to concurrency - the mcnitors of Hoare. On the
other hand a calculus, as distinct from a programming language, should
oontain only a small set of conceptually primitive constructs (it will
be hard to theorize about it otherwise), and should remain largely
i~partial with respect to design decisions which aim at 'good' progran-
ming. Then the calculus can serve as a basis for defining practical
languages, or for building practical hardware configurations. Of course
one cannot distinguish sharply between the aims of ~nceptual parsimony
and practical utility, but it is fairly certain that a language for
1 8 0
w r i t i n g g o o d large p r o g r a m s w i l l i t s e l f b e t o o l a r g e to s e r v e as a
t h e o r e t i c a l tool, a n d its d e s i g n m a y w e l l b e m o t i v a t e d b y c u r r e n t
i n p l ~ t a t i o n techniques; w h e n t h e s e c h a n g e i t c a n g r o w obsolete.
R e t u r n i n g t o t h e l - c a l c u l u s a s a p r i m e example, i t is n o w w i d e l y
a c c e p t e d as a mediL~n w h i c h c a n b e u s e d t o d e f i n e a n d d i s c u s s s e q u e n t i a l
algorithms, a n d r i c h e r languages f o r them. A l t h o u g h C C ~ is n o t as s m a l l a n d
simple, i t is i n t e n d e d as a s t e p t o w a r d s s u c h a mediu~n f o r c o n c u r r e n t
syst~ns. W e a l s o h o p e t o h a v e s h o w n t h a t a t l e a s t s a n e c o n c u r r e n t
systems c a n b e e x p r e s s e d l u c i d l y in CCS; p e r h a p s this is b e c a u s e it
is n o t y e t s m a l l enough:
ii. 3 T n e q u e s t i o n o f f a i r n e s s
I n t e x m s o f C C S w e m a y s t a t e a property, w h i c h is a r g u a b l y a
p r o p e r t y o f r e a l s y s t ~ r s a n d s h o u l d t h e r e f o r e b e r e f l e c t e d in a model:
i f a n a g e n t p e r s i s t e n t l y o f f e r s a n e x p e r L T e n t , a n d i f a n o b s e r v e r
p e r s i s t e n t l y a t t e m p t s it, t h e n it w i l l e v e n t u a l l y succeed. A m o d e l
w h i c h r e f l e c t s this p r o p e r t y is s c m e t i m e s c a l l e d fair. Is C C S fair?
C o n s i d e r t h e p r o g r a m
B = T~II.NIL, w h e r e T ~ m a y b e d e f i n e d b y b ~ T . b
T h e o n l y a c t i o n s o f B a r e
S l~>y~ I N I L a n d B ~ - / - ~ B 0
S o B h a s n o E - d e r i v a t i v e w h i c h d o e s n o t o f f e r a l-experiment; t h i s
m a y p l a u s i b l y b e t a k e n t o m e a n t h a t B p e r s i s t e n t l y o f f e r s t h e e m p e r i m e n t .
N o w if w e c o n s i d e r o n l y t h e d e r i v a t i o n s o f B, t h e i n f i n i t e d e r i v a -
t i o n B T > s u g g e s t s t h a t t h e e z q ~ r i m e n t is n o t b o u n d t o s u c c e e d e v e n i f
a t t e s t e d b y a n observer; h e n c e w e m a y c h o o s e t o i n f e r t h a t C C S is n o t
fair.
O n t h e o t h e r h a n d if w e c o n s i d e r o b s e r v a t i o n equivalence, w e c a n
e a s i l y d e d u c e
B ~ ~ .NIL
a n d w e a r g u e d i n C h a p t e r 1 t h a t i f a n a g e n t o f f e r s a n e x p e r ~ t a n d
h a s n o a l t e r n a t i v e a c t i o n - as h e r e I . N I L h a s n o a l t e r n a t i v e to its
o f f e r o f a n l ~ i m e n t - t h e n a n o b s e r v e r ' s a t t e m p t a t t h e e x p e r i m e n t
is b o u n d t o succeed. I t t h e r e f o r e s e e ~ s t h a t t h e i n s e n s i t i v i t y o f
t o i n f i n i t e u n o b s e r v a b l e a c t i o n m a k e s C C S fair, a t l e a s t f o r t h i s o n e
example. T h i s is s l i g h t l y s t r e n g t h e n e d b y n o t i c i n g t h a t t h e a g e n t s
161
B I = 1 . N I L + ~ , B 2 = 1 . N I L + T ( I . N I L + T ~), ...
w h i c h d o n o t p e r s i s t e n t l y o f f e r a l-experiment, a r e n o t e q u i v a l e n t t o B
(though a l l e q u i v a l e n t t o e a c h other).
Indeed, w e m a y t e n t a t i v e l y f o z ~ a l i s e "B p e r s i s t e n t l y o f f e r s I"
f o r a r b i t r a r y B a s follows:
D e f i n i t i o n B m u s t I i f f B ~ B ' i ~ p l i e s ~ B " . B ' I ;~B" .
%~nen i t is e a s y t o p r o v e t h a t
B ~ C ~ p l i e s ~ I . ( B m u s t I ~. ~.-C tin/st i)
s h o w i n g that, u n d e r t h i s d e f i n i t i o n , o b s e r v a t i o n e q u i v a l e n c e r e s p e c t s
t h e p e r s i s t e n c e o r ncn-pexsiste~nce o f o f f e r s .
B u t t h i s is v e r y f a r f r o m a d e m o n s t r a t i o n t h a t C C S is fair; f o r
e x a m p l e , t h e r e a r e a l t e r n a t i v e s t o t h e a b o v e d e f i n i t i o n , a n d a m u d %
m o r e d e t a i l e d i n v e s t i g a t i o n s e e m s n e c e s s a r y t o d e c i d e w h i c h is correct.
E v e n if w e c o u l d c c n c l u d e t h a t C C S is fair, w i t h t h e p r e s e n t n o t i o n o f
o b s e r v a t i o n equi%-alence, t h e f a c t r e m a i n s t h a t o t h e r e q u i v a l e n c e s (see
t h e ~ k s i n 7 . 2 ) w h i c h r e s p e c t t h e p r e s e n c e o f i n f i n i t e u n o b s e r v a b l e
a c t i o n - a n d a r e t h e r e f o r e u n f a i r i n v i e w o f t h e a b o v e d i s c u s s i c n - m a y
h a v e o t h e r f a c t o r s i n t h e i r favour. W e m u s t l e a v e t h e q u e s t i o n _open.
O t h e r a u t h o r s h a v e f o c u s s e d m o r e d i r e c t l y o n t h e f a i r n e s s issue.
P n u e l i [ P n u i, 2], f o r e x a m p l e , s h c ~ s h o w " e v e n t u a l l y " (closely a l l i e d
t o fairness, as s e e n f r o m t h e f i r s t p a r a g r a p h o f t h i s section) c a n b e
r e p r e s e n t e d i n a t e m p o r a l logic. I t w o u l d b e i n t e r e s t i n g t o c o m b i n e
s u c h a t r e a t m e n t w i t h o u r a l g e b r a i c m e t h o d s .
ii. 4 T h e n o t i o n o f b e h a v i o u r
'Ibis w o r k h a s b e e n c o n c e r n e d t h r o u g h o u t w i t h e ~ p r e s s i n g b e h a v i o u r .
W e h a v e t r i e d n o t t o p r e j u d g e w h a t a b e h a v i o u r is, b u t r a t h e r r e g a r d i t
a s a c o n g r u e n c e b y c c n s i d e r i n g w h i d % e x p r e s s i o n s c a n b e d i s t i n g u i s h e d b y
o b s e r v a t i o n . A t f i r s t w e h o p e d t h i s a p p r o a d ~ w o u l d l e a d u s t o c n e o b v i o u s l y
b e s t c o n g r u e n c e relation, a n d e n t i t l e u s t o s a y t h a t - w i t h i n o u r c h o s e n
m ~ d e o f e x p r e s s i o n - w e h a v e d e f i n e d b e h a v i o u r . ~ s h a s n o t transpired;
t h e d i s c u s s i o n i n 7.2 s h o w s t h a t t h e r e is s t i l l l a t i t u d e f o r c h o i o e i n
t h e d e f i n i t i o n o f o b s e r v a t i o n e q u i v a l e n o e , a n d s a m e (though n o t all) o f
t h e c h o i c e s i n d u c e d i f f e r e n t c o n g r u e n c e s .
H c ~ e v e r , w e h a v e p r o v i d e d a s e t t i n g i n w h i c h t h e l a t i t u d e f o r c h o i c e
is n o t e m b a r r a s s i n g l y great, a n d i n w h i c h t h e c o n s e q u e n c e s o f e a c h c h o i c e
162
c a n b e examined. I t is n o t i m p r o b a b l e t h a t a b e s t c h o i c e w i l l thus
emerge. F u r t h e x m o r e , a l t h o u g h t h e c a l c u l u s i t s e l f c a n n o t c l a i m t o b e
c a n o n i c a l s i n o e a l t e r n a t i v e s e x i s t f o r t h e b a s i c o p e r a t i o n s a n d t h e i r
d e r i v a t i o n a l m e a n i n g , t h e s a n e a p p r o a c h t o b e h a v i o u r c a n b e t a k e n f o r
m a n y a l t e r n a t i v e s .
O u r m e t h o d s s h o u l d b e c o n t r a s t e d w i t h w h a t h a s o f t e n b e e n
d Q n e i n p r o v i d i n g a d e n o t a t i o n a l s e m a n t i c s f o r p r o g r ~ n i n g languages,
f o l l o w i n g t h e w o r k o f S c o t t a n d S t r a c h e y [SS]. T h e m e t h o d - a v e r y
f r u i t f u l o n e - is t o d e f i n e o u t r i g h t o n e o r s e v e r a l s e s ~ n t i c dcmains,
b u i l t f r c m s i n p l e d c m a i n s b y s u c h s t a n d a r d m e a n s as C a r t e s i a n p r o d u c t ,
f u n c t i o n s p a c e c o n s t r u c t i o n a n d (for nondeterminism) a powerdcrnain
c o n s t r u c t i o n [ P l o i, Stay]; t h e n t h e s e m a n t i c i n t e r p r e t a t i o n o f p h r a s e s
i n t h e s e d Q m a i n s is s p e c i f i e d b y i n d u c t i o n o n p h r a s e structure. T h e
a p p r o a c h h a s g i v e n L T m e m s e insight, a n d y e t i t w a s f o u n d t h a t t h e m a t c h
b e t w e e n d e n o t a t i o n a l a n d o p e r a t i o n a l m e a n i n g w a s s Q m e t i u ~ s imperfect;
t h i s m i s m a t c h w a s f i r s t e x p o s e d b y P l o t k i n f o r a t y p e d k - c a l c u l u s [ P l o 2].
W e f o u n d a m i s m a t c h a g a i n f o r t h e m o d e l o f c o n c u r r e n t p r o c e s s e s p r e s e n t e d
i n [MM]. T h e r e is n o r e a s o n t o expect, a p r i o r s t h a t a n e x p l i c i t l y
p r e s e n t e d d e n o t a t i o n a l m o d e l w i l l m a t c h t h e o p e r a t i o n a l m e a n i n g ; t h e
l a t t e r s h o u l d s e r v e as a c r i t e r i o n f o r t h e c o r r e c t d e n o t a t i o n a l m o d e l ,
n o t v i c e v e r s a (see a l s o 0.4). O f course, i t w o u l d b e s a t i s f y i n g t o
f i n d a n e x p l i c i t p r e s e n t a t i o n o f a m o d e l w h i c h d o e s m e e t t h e criterion;
this m a y e n t a i l e x t e n d i n g o u r r e p e r t o i r e o f d G m a i n s a n d ~ / ~ c o n s t r u c -
tions, as f o u n d i n [ H P i] w h e r e s o - c a l l e d n o n d e t e ~ m i n i s t i c d G m a i n s a n d a
t e n s o r p r o d u c t is used.
W e c a n s ~ m a r i s e o u r a p p r o a c h , then, as a n a t t e s ~ t o c a l c u l a t e w i t h
b e h a v i o u r s w i t h o u t k n o w i n g w h a t t h e y a r e e x p l i c i t l y ; t h e c a l c u l a t i o n s
a r e j u s t i f i e d b y o p e r a t i o n a l m e a n i n g , a n d m a y h e l p t o w a r d s a b e t t e r
u n d e r s t a n d i n g - e v e n a n e x p l i c i t f o m ~ u l a t i o n - o f a d c ~ a i n o f b e h a v i o u r s .
11.5
( i )
D i r e c t i c n s f o r f u r t h e r w o r k
I n C h a p t e r 9 ~ e e x p l a i n e d a s i m p l e h i g h - l e v e l l a n g u a g e i n t e r m s o f
CCS. I t w i l l b e i n t e r e s t i n g t o s e e h o w f a r s u c h l a n g u a g e s c a n b e
s o e x p l a i n e d , a n d h o w C C S m a y h e l p i n t h e i r design. F o r exanple,
i n t h a t ~ h a p t e r w e ~ e d a n a p p a r e n t d e f i c i e n c y o f t h e calculus,
w h i c h c o u l d b e r ~ r ~ v e d i f w e a l l o w e d labels t o b e p a s s e d as v a l u e s
163
in ~m~dnication. What effect would suc~ an extension have on our
theory? A n d is the extension really necessary, or can we find a
way of simulating label-passing with CCS as it stands? (An analogy
is that the l-calculus does not take the notions of rmm~ory and
assignment as primitive, but can simulate them.)
(ii) Although hardware devices can be described abstractly as in 8.2,
it is not clear how to extend the calculus to deal with detailed
timing ocnsiderations, or to bring it into hazm0ny with existing
description methods which deal with timing. We have some grounds
for hope here; for example, Luca Cardelli [Car] has recently con-
structed an algebra of analog processes (whose c ~ n i c a t i o n signals
are time functions) and has shown it to be a Flow Algebra [Mil 2]
that is, it satisfies the laws presented in Theorem 5.5. However,
Flow Algebra deals only with our static operaticns (Cc~position,
Restriction, Relabelling) and it is the dynamic operations (Action,
S~mlmation) which are more c~mlitted to the idea of discreteness
and synd~onisation in cuL,~nication. I ~ not e ~ p e t e n t to judge
whether it is desirable, frcrn the engineering point of view, to build
hardware ~ n e n t s which realize these dynamic operations. A n
alternative may be to try to find a ccntinuous version of CCS, but
how to de it is unclear.
(iii) In Chapters 9 and i0 w e were able to find two interesting derived
calculi. In particular DOCS, dete/mtix~te CCS, has ~ simple
properties which facilitate proof. (Sinoe Chapter i0 was written,
Michael Sanderson has with little difficulty extended DCCS to allow
value-passing.) It is ~ p o r t a n t to isolate other subclasses of
behaviour, characterised by intuitively sin~le properties, and to
find for any such subclass a derived calculus which can express
only its mes~0ers. Of particular interest, for ~ l e , would be a
calculus of deadlock-free behaviours. Again, it would be illuminating
to find that certain known models correslx~d to derived calculi;
possible cases are Kahn/MacQueen networks of processes [KMQ], and
the Data Flow model of Dennis et al [DFL].
(iv) A s far as proof methods for CCS are cQncerned, we appear only to
have made a beginning. On the theoretical side, w e should look
for cc~plete axic~atizations for subcalculi, where these are
possible; the results in [HM] and [HP 2] go scme way towards this.
184
On the more practical side, completeness (whidl may not be possible
for the full calculus anyway) is less important than a repertoire
powerful and manageable techniques. In our examples w e have found
a few useful techniques; in particular w e found it useful to work
not just with congruence (c) but with equivalence (=) also, and
this immediately suggests that other predicates of behaviour may be
used with advantage. Further, we often wish to show that an agent
meets an inc~splete specification, i.e. one whidl does not determine
a unique ~ i o u r ; this was illustrated by the examples of Chapters
3 and 8. In these exanples the inczmplete specification could be
expressed within the tezn~ of CCS, and w e weuld like to discover
how far this is possible in general, and whether - when possible -
it is natural.
More particularly, cc~cerning proof techniques, the question of
recursive definitions and induction principles needs further study.
For our definition of observation equivalence and congruence we are
able to identify a class of recursive definiticns which possess
unique solutions (up to ~ or c ); see Exercise 7.7. W e believe
this class can be considerably widened. It was this uniqueness
which allowed us to do certain proofs, e.g. the scheduler proof
in Chapter 3, without appealing to any induction principle. But
as we r ~ a r k e d at the end of 7.5, we believe that the Cc~outation
Induction principle of Scott will apply in the presence of a finer
version of observation equivalence. The strength of this principle
is that it works without assim~ing unique solutions of recursive
definitions; it allows us to deduce properties of least solutions
with respect to a partial ordering of behaviours. But it remains
to be seen how inloortant the principle will be in practice; moreover~
since the finer observation equivalence appears to be unfair (in the
sense of 11.3) there is a delicate and difficult problem in relating
proof theory to the conceptual correctness of the model.
We are not discouraged by the emergence of this problem. On the
contrary, w e believe it to be intrinsic to concurrent computing, not
merely a defect of our approach, and are rather pleased to see it
emerge in a sharp fozm.
t 65
(vi) Finally, and fundamentally, however successful w e may ~ in
working within CCS, its primitive constructs deserve re-examination.
Are they the smallest possible set? Are other constructs needed
to express a richer class of behaviours? How can w e relate Petri
Net Theory to the ideas of observaticn and synchrcr~zed c~mLunication?
By repeatedly returning to such basic questions we may hope to get
closer to an underlying theory for distributed ccmputation.
APPENDIX
Properties of congruence and equivalence
Direct equivalence
Strong congruence ~
Cbservaticn equivalence
c
Observation congruence
B - C implies B ~ C implies B C c ~ l i e s B = C
Observation congruence ,,c,, is also denoted b y equality
"=", though m a n y laws (as their names indicate) hold for
strong congruence "~" or even direct equivalence "_=".
Except where indicated, the laws are those of Tneorers
5.3 and 5.5 generalised b y Theor~n 5.7 .
Simmation
Su~ - (i) B 1 + B 2 = B 2 + B 1
(2) B 1 + (B 2 + B 3) = (B 1 + B2)+ B 3
(3) B + N I L = B
(4) B + B = B
Action
A c t _= ~ . B = ~ . B { y / x }
where y is a vector of distinct variables
n o t in B .
Ccr~0osition
C a m = Let B and C be sL~s of guards. %~en
B I C = [ { g . ~ ' I C ) ; g.B' a s ~ m ~ n d o f B}
+ [{g.(BIC') ; g.C' a s l m ~ n d of C}
+ [{y.(B'{E~}IC') ; ~x.B'a s~s~and of
B and ~ . C ' a simmand of C}
+ [ { ~ . ( B ' I C ' { F ~ } ) ; ~ . B ' a sLm~and of
B and ax.C' a simm~nd of C}
provided that in the first (second) ~ d
n o free variable of C (B) is bound b y g.
... 5.6
~.. 5.7
... 7.2
... 7.3
... E X 5.2, Cor 7.6
167
C a m ~ (i)
(2)
(3)
B I I B 2 = B 2 1 B 1
B I ( B 2 1 B 3) = ( B I I B 2 ) I B 3
B I N ~ = B
R e s t r i c t i o n
R e s - (i)
(2)
(3)
R e s ~ (1)
(2)
(3)
NI L\ 8 = NIL
(B 1 + B2 ) \ 6 = BI \ ~ + B2\ 8
( g . B ) \ 8 = [ NI L i f ~=name(g)
I
g . (B\ 8 ) o t h e r w i s e
B \ ~ = B ( B : L , a % n a m e s ( L ) )
B \ a \ 6 = B k S \ a
(B 1 I B2 ) \ a = BlXa t B2\ ~
( B I : L I , B 2 : L 2 : a ~ n a n e s ( L i n L 2 ) )
R e l a b e l l i n g
R e l _= (1)
(2)
(3)
R e l ~ (i)
(2)
(3)
(4)
(5)
N I L [ S ] =
(B I + B 2 ) [ S ] = B I [ S ] + B 2 [ S ]
( g . B ) [ S ] = S ( g ) . (B[S])
B [ I ] = B ( I : L L t h e i d e n t i t y m a p p i n g )
B [ S ] = B [ S ' ] ( B : L a n d S ~ L = S ' r L )
B [ S ] [ S ' ] = B [ S % S ]
B [ S ] \ 6 = B \ a [ S ] (8 = n a m e (S (~)) )
( B 1 } B 2 ) [ s ] = B I [ S ] I B 2 [ S ]
I d e n t i f i e r
I d e - L e t b ( x ) 4== ~ ; t h e n
b(~.) = B b { ~ / ~ }
C o n d i t i o n a l
C o n _-- (i) I_ff t r u e t h e n B 1 els___ee B 2 = B I
(2) i f f a l s e t h e n B 1 e l s e B 2 = B 2
U n c ~ s e r v a b l e a c t i o n T
(I) g . T . B = g . B
(2) B + T . B = y . B
(3) g . ( B + T . C ) + g . C = g . (B + T . C )
(4) B + r . ( B + C ) = T . ( B + C)
1
... T h e o r ~ n 7 . 1 3
... C o r . 7 . 1 4
168
O b s e r v a t i o n E q u i v a l e n o e
(i) B = T . B ... Prop_. 7 . 1
(2) ~ is p r e s e r v e d b y a l l o p e r a t i o n s e x c e p t + ... T h e o r e m 7 . 3
(3) B = C ~ l i e s B = C w h e n B , C s t a b l e ... Prop. 7 . 1 1
(4) B ~ C i ~ p l i e s g . B = g . C ... Prop. 7.12
E x p a n s i o n
L e t B = (B I I.. IB m) hA, w h e r e e a c h
B. is a s u m o f guards. T h e n
I
B = [ { g . ( ( B I I . . . I B i' I . . . I B m ) h A ) ;
g . B i a s u m m a n d o f B i, n a m e (g) % A }
+ [ { ~ ( ( B I IB' {E/x}I...IB~' I...IB~)\A);
1 ' " i _ ~ .i,
~ . B . ~ a s u m m a n d o f B i, ~ . B j ' a s t m m a n d
o f Bj, i # j}
p r o v i d e d t h a t i n t h e f i r s t t e r m n o f r e e v a r i a b l e
i n ~ ( k # i) is b o u n d b y g.
.. T h e o r e ~ 5.8
References
(In these references, I/~CSn stands for Lecture Notes in Cc~puter
Science, Vol n, Springer Verlag.)
~ r i l ]
[Bri2 ]
[Call ]
[ C a r ]
[COIl]
[ D F L ]
[Dij ]
[EBJ]
[ ~ T ]
[HAL]
[HM]
[ Hoal]
[Hoa2]
[Hoa3]
P. Brinch Hansen, Operating Systems Principles, Prentice Hall,
1973.
P. Brinch Hansen~ "Distributed processes; a concurrent programming
concept", Ccmm. A C M 21, ii, 1978.
Ro Campbell and A. Haben?ann, "The specification o f process
synchronization b y Path Expressions", ~ 16, 1974.
L. Cardelli, "Analog Processes", To appear in Proc 9th MFCS,
Poland, 1980.
F. Ccr~noner and A. Holt, "Marked directed graphs", JCSS 5, 1971.
J. Dennis, J. Fosseen and J. Linderman, "Data flew schemas",
I/~CS 5, 1974.
E. Dijkstra, "Guarded ccmnands, nondetexndnacy and formal
derivation of programs", O3mm. A ~ 4 18, 8, 1975.
P. van Erode Boas and T. Janssen, "The impact of Frege's principle
o f ~ s i t i o n a l i t y for the s~mantics o f programming and natural
languages", Report 79-07, Dept. o f Mathematics, University o f
Amsterdam, 1979.
H.J. Genrich, K. Lautenbach and P.S. Thiagarajan, "An overview
of N e t Theoryl; Proc. Advanced Course on General Net Theory of
Processes and Systems, to appear in IxNCS, 1980.
C. Hewitt, G. Attardi and H.Liebezmann, "Specifying and proving
properties of guardians for distributed systems", ~ 70, 1979.
M. Hennessy and R. Milner, "On observing n o n d e t e r m i n i ~ and
concurrency", to be presented at 8th ICALP at Amsterdam, and
appear in I/NCS, 1980.
C.A.R. Hoare, "Towards a theory o f parallel programming", in
Operating Systems Techniques, Acaaemic Press, 1972.
C.A.R. Hoare, "Monitors: an operating system structuring
concept", Cc~m. A C M 17, iO, 1974.
C.A.R. Hoare, "C~L,[mm_icating Sequential Processes", Comm. A C M
21, 8, 1978.
[HPI ]
[HP2 ]
[Hue ]
[Kel ]
[KM0]
F m m ]
[Mill ]
[Mil2]
[Mil3]
[Mil4]
[Mil5 ]
[Mln]
[ ~ ]
[Mos]
[ ~ ]
[ ~. ~]
170
M. Hennessy and G. Plotkin, "Full abstraction for a s ~ l e
parallel progranmling language", Proc 8th MFCS, Czechoslovakia,
INCS 74, 1979.
M. Hennessy and G. Plotkin, "A te~m model for CCS", to appear
in Proc 9th MFCS, Poland, 1980.
G. Huet, ,Confluent reductions: abstract properties and
applications to term-rewriting syste~gs", Report No. 2 5 0 , IRIA
Laboria, Paris 1977.
R. Keller, "A fundamental theorem of asynchronous parallel
computation", Parallel Processing, ed. T.Y. Feng, Springer, 1975.
G. Kahn and D. MacQueen, "Coroutines and networks of parallel
processes", Proc. IFIP Congress, North Holland, 1977.
H.T. Kung, "Synchronized and asynchronous algorithms" in
Algorithms and Conlolexity , e d J.F. Traub, Academic Press, 1976.
R. Milner, "Processes; a mathematical model of cc~puting agents",
Proc Logic Colloquium '73, ed. Rose and Shepherdson, North
Holland, 1973.
R. Milr~__r, "Flowgraphs and flow algebras", J. AflM 26, 4, 1979.
R. Milner, "Synthesis o f ccmT~nicating behaviour", Proc 7th
MFCS, Poland, I/NCS 64, 1978.
R. Milner, "Algebras for communicating syst~ns", Report CSR-25-78,
Cc~puter Science Dept., Edinburgh University, 1978.
R. Milner, "An algebraic theory of synchronization", LNCS 67,
1979.
G. Milne, "A mathematical model of concurrent cc~putation",
Ph.D. Thesis, C c ~ u t e r Science Dept, University of Edinburgh, 1978.
G. Milne and R. Milner, "Concurrent processes and their syntax",
J. A(IM, 26, 2, 1979.
P. Mosses, "SIS, Semantic Implementation System", DA/_MI Report
~D-33, Aarhus University, 1979.
D. MacQueen, "Models for distributed computing", Report No. 351,
IRIA-lalx)ria, Paris, 1979.
T. M[ildner, "On sync/ironizing tools for parallel prograns",
Report 3 5 7 , Inst. of Ccmputer Science, Polish Acadermy of Science,
Warsaw, 1979.
[ ~ W ]
[Pet]
[Plo~]
[Plo23
~Pnu2 ]
[Ros]
[Sch]
[ ~s]
[Wad]
[wir ]
171
A Maggiolo-Schettini, H. Wedde and J. Winkowski, "Modelling a
Solution for a cc~trol problem in distributed systems b y
restrictions, I/NCS 70, 1979.
C.A. Petri, "Introduction to General N e t Theory", Proc. Advanced
Course o n General N e t Theory of Processes and Systems, to appear
in INCS, 1980.
G. Plotkin, "A powerdomain construction", SIAM J. Ccm!0 5, 1976.
G. Plotkin, "LCF considered as a prograrmting language", TCS 5,
3, 1977.
A. Pnueli, "The temporal logic o f programs", 19th Annual Syrup.
on Foundations of C(mputer Science, Providence R.I., 1977.
A. Pnueli I "The temporal semantics of concurrent programs",
70, 1979.
B. Rosen, "Tree manipulation systems and Church-Rosser Theorems",
J. A C M 20, i, 1973.
J. Schwarz, "Distributed synchronization of processor communication",
Internal Report, Dept. of Artificial Intelligence, University
o f Edinburgh, 1978.
M. Smyth, "Powerdc~ains", JCSS 16, 1978.
D. Scott and C. Strachey, "To%~rds a mathematical semantics for
computer languages", Proc. Syrup. on Computers and Autcraata,
Microwave Res. Inst. Symposia Series, Vol 21, Polytechnic Inst.
of Brooklyn, 1972.
W. Wadge, "An extensional treatment of dataflc~ deadlock",
I/qCS 70, 1979.
N. Wirth, "MODULA: A language for modular multiprogramming",
Report 18, ETH Zurich, 1976.