Completeness

We shall now see that DEDδ is powerful enough to derive any ^<_∼a-relationship between two process.

Theorem 4.3.1 (Completeness)

DED_δ is complete w.r.t. ^<_∼a over P L. I.e.,

∀p, q∈P L. p ^<_∼a q implies `δ p≤q

Proof Follows from [[ ]]_δ being fully abstract w.r.t. ^<_∼a and the proposition below. 2 From theπ-inequations it appears that inDED_π statements concerning prefix (-closures) as well as more ordinary algebraic properties such as commutativity and associativity can be proved. With the extra inequation, δ.k it becomes possible to deal with δ-closures.

Looking at the inequation δ.k it is then tempting to replace it with υ.k a.xky≤a.(xky)

in order to obtain a complete proof system,DED_υ, for^<_∼r. However this inequation would not be sound as can be seen by considering the instantiation of υ.k:

a.b.N ILkc.N IL ≤a.(b.N ILkc.N IL)

Then we would have a.b.N ILkc.N IL may reject ({c}, a.>), buta.(b.N ILkc.N IL)may reject ({c}, a.>). This can just as easy be seen denotationally: c∈ [[a.b.N ILkc.N IL]]_υ, but c6∈[[a.(b.N ILkc.N IL)]]_υ.

We could obtain a more powerful proof system for ^<_∼r than DED_π by adding the sound inequations:

a.xky≤a.(xky) +a.N ILky a.xky≤a.(xky) +y

Still we would not be able to prove e.g., a.b.N ILkc.N IL ≤a.b.c.N IL+a.N ILkc.N IL.

Of course still more inequations could be added, but we have not been able to find a complete set, wherefore we stick toDED_π which is sound for all three preorders.

Proposition 4.3.2 DEDδ is complete w.r.t.≤δ over P L.

The proof can of course not be done so directly as the soundness proof and some auxiliary propositions are needed. To motivate these and the necessary extra definitions below we will at first outline the proof—the full proof is on page 108.

Proof (sketch)

The main idea for proving

p≤δq ⇒ `δp≤q (4.5)

is to reduce p (via `δ) to a sum, p⁰, of composition forms (terms without +) with the property that there is exactly ´one summand for each tree semiword in the denotation ofp in theM_δ model. If the same is done forq thereby obtainingq⁰ then the premise of (4.5)

and definition of ≤δ ensures that q⁰ can be proved equal to a term of the form p⁰ +q⁰⁰ and so the consequence of (4.5) follows by applying +5. The sum of composition forms with the desired property is obtained through more stages. At first a sum of composition forms is obtained essentially using the axioms for distributivity, .+ and k+. Then all prefixes of the composition forms are added by use of +3 whereupon the composition forms corresponding to the downwards closure of the sum are included via δ.k. Finally all duplicates (up to commutativity and associativity of k) of the composition forms are removed by means of +4 (idempotent) in order to get the ´one to ´one correspondence with

the denotation. 2

Definition 4.3.3

Letpbe a process from our process language (p∈P L). At first we define two fundamental sublanguages of P L.

p is a composition form (p∈cf) is inductively defined by:

N IL∈cf

a.p∈cf if p∈cf pkq∈cf if p, q∈cf

p is a sumnormal form (p∈snf) is defined by:

cf ⊆snf

p+q∈snf if p, q∈snf

We can now define the set of summands, S(p), of a sumnormal form p.

Let S:snf −→ P(cf) be defined by:

p7→ {p} if p∈cf p₁+p₂ 7→S(p₁)∪S(p₂)

p is a minimal sumnormal form (p∈msnf) is defined by:

cf ⊆msnf

p₁+p₂ ∈msnf if p₁, p₂ ∈msnf and S(p₁)∩S(p₂) = ∅

We denote the set ofsyntactic “deterministic” prefixes of a term p by P(p). Formally:

P:P L−→ P(cf) is defined by:

N IL7→ {N IL}

a.p7→a.P(p)∪ {N IL} p₁+p₂ 7→P(p₁)∪P(p₂)

p₁kp₂ 7→P(p₁)kP(p₂)

We define p is a prefix form (p∈pf) by

p∈pf iff

p∈snf and if this is the caseP(p) =S(p).

2 Notice

i) ∀p∈snf.S(p)6=∅. ii) p∈msnf ⇒p∈snf.

iii) (p∈snf, (p≡a.p⁰ orp≡p₁kp₂))⇒p, p⁰, p₁, p₂ ∈cf.

iv) a.P(p) in the definition of P shall be considered as the natural extension of the operator symbol a. to cover sets as well. I.e.,a.P(p) ={a.q|q ∈P(p)}.

2 Whereas the functions in the last definition mapped to sets of terms they will map to tree-semiwords and sets of these in the following.

Definition 4.3.4

We define θ :cf −→T SW by:

N IL7→ε a.p7→a.θ(p) p₁kp₂ 7→θ(p₁)kθ(p₂) and Θ :snf −→ P(T SW) by:

Θ(p) := {θ(q)|q ∈S(p)}=θS(p),

where θ is extended in the natural way to sets. 2

Notice that the ambiguity arising in using a. both for terms and for semiwords is solved in the definition of θ when fixing θ’s domain and codomain.

We introduce some notational convenience. We will say that two terms p, q are sum congruent written ` p =<sub>s</sub> q if we can show ` p = q by +1, +2 and the other inference rules. Similar`p=<sub>c</sub> qmeans that `p=q can be shown usingk1 andk2 and we say that p and q are composition congruent. Often we will omit ` and just write p=q instead of

` p = q. This has as consequence that we also write e.g., ` p =_s q as p =_s q. To avoid confusion we use≡for syntactic equality between terms instead of =. Furthermorep=_i q (i for idempotent) means only +4 together with the other inference rules are used in the proof ofp=q and p=n q(n for neutrality w.r.t.k) that only k3 is used. We will also use

combinations of these as e.g., p=_si q.

Finally for A, B ∈ P(cf) we let A⊆nc B denote∀p∈A∃q ∈B. `p=_nc q.

Most of the following proofs will be induction on the structure of some closed termp con-sidered as a member ofP Lor as being a composition-, sumnormal- or minimal sumnormal form. We will then often just list the different cases to consider—of course starting with the basic cases.

But we will have some proofs which are by induction on the proof of some statement p ≤ q—actually on the length of the proof. To this end the following general lemma is useful.

Lemma 4.3.5 LetDED(E) be a proof system of inequations E. Furthermore let P be a proof of t ≤ t⁰. Then there exists a proof P⁰ of t ≤ t⁰ with the simple instantiation property.

Proof We will use induction on the length, |P|, of the proof P of t≤t⁰.

|P|= 1: Thent≤t⁰ is an inequation ofE ort=t⁰ and we cannot have used instantiation, so we can let P⁰ :=P.

|P|>1: Assume |P|=n and the proofP is

t₁ ≤t⁰₁, t₂ ≤t⁰₂,. . ., t_n ≤t⁰_n

Now look at the last inference rule used to obtain t_n ≤ t⁰_n. Two cases depending on whether t_n≤t⁰_n is obtained by instantiation or not.

No instantiation used:

Assumet_n ≤t⁰_n is obtained fromt_i1 ≤t⁰_i1,. . ., t_ik ≤t⁰_i

k,i_l ∈n−1,l∈k by some inference rule. Since |P_til≤t0

il| < |P| = n for l ∈ k we can use the hypothesis of induction to find proofs P_t⁰

il≤t⁰_il of ti_l ≤t⁰_il with the simple instantiation property. Let P⁰ :=P_t⁰_i

1≤t⁰_i

1,. . ., P_t⁰

ik≤t⁰_ik, t_n ≤t⁰_n

where the last statement is obtained by the inference rule. Clearly P⁰ is a proof oft_n ≤t⁰_n with the desired property.

Instantiation used:

Here we have two subcases.

t_n ≤t⁰_n is an instantiation of an axiom.

Assume this axiom is t_j ≤t⁰_j, j ∈n−1. We see that P⁰ :=t_j ≤t⁰_j, t_n≤t⁰_n is a proof of t_n ≤t⁰_n with the simple instantiation property.

t_n ≤t⁰_n is an instantiation, but not of an axiom.

Assume it is a ρ-instantiation of t_j ≤t⁰_j, j ∈n−1, i.e., t_n ≡t_jρ, t⁰_n ≡t⁰_jρ. Since t_j ≤t⁰_j is not an axiom some inference rule must have been used to derive t_j ≤ t⁰_j. We look at the different possibilities.

transitivity: Assume t_j ≤ t⁰_j is obtained from t_k ≤ t⁰_k and t_l ≤ t⁰_l where t_j ≡ t_k, t⁰_l ≡ t⁰_j, the case of transitivity we by substitutivity find a proof

P⁰ :=P_t⁰_i

kρ) with the simple instantiation property. Now since substitutionρis a homomorphism we seef(t_i1ρ,. . ., t_ikρ)≡(f(t_i1,. . ., t_ik))ρ≡

with the simple instantiation property. By the Substitution lemma (of Hennessy [Hen85a])tkρ◦ρ⁰ ≡(tkρ⁰)ρ≡ tjρ≡tn and similar t⁰_kρ◦ρ⁰ ≡t⁰_n. So

P⁰ :=P_t⁰

kρ◦ρ⁰≤t⁰_kρ◦ρ⁰

is a proof of t_n ≤t⁰_n with the desired property.

2 The advantage of this lemma is that when proving some property on the basis of the length of a proof of a statementp≤q wherep, q ∈P L we can assume that the proof has the simple instantiation property. Since p and q are closed terms the instantiation must be closed too. This means that we can leave out instantiation in our considerations if we instead consider closed instantiations of the axioms when dealing with these.

The first lemma shows that an action prefix of a sumnormal form within the proof system can be distributed over the summands thereby obtaining a sumnormal form.

Lemma 4.3.6 p⁰ ∈snf ⇒ ∃p∈snf. `p=a.p⁰,S(p) =a.S(p⁰)

Proof Induction on the structure ofp considered as a sumnormal form.

p⁰ ∈cf: Let p ≡ a.p⁰. Reflexivity gives ` p ≡ a.p⁰ = a.p⁰. We also have p⁰ ∈ cf ⇒ p ≡ a.p⁰ ∈cf and therebyp∈ snf. So since S(p⁰) ={p⁰} we haveS(p) ={p}={a.p⁰}= a.{p⁰}=a.S(p⁰).

p⁰ ≡p⁰₁+p⁰₂, p⁰₁, p⁰₂ ∈snf: By hypothesis of induction ∃pi ∈ snf. ` pi = a.p⁰_i,S(pi) = a.S(p⁰_i) for i∈2. Let p≡p₁+p₂. We have:

`p≡p₁ +p₂ =a.p⁰₁ +a.p⁰₂ by congruence

=a.(p⁰₁+p⁰₂) by .+

=a.p⁰

It only remains to show S(p) = a.S(p⁰). Notice p ∈ snf because p₁, p₂ ∈ snf.

So S(p) = S(p₁ +p₂) = S(p₁)∪S(p₂) = a.S(p⁰₁)∪a.S(p⁰₂) = a.(S(p⁰₁) ∪S(p⁰₂)) = a.S(p⁰₁ +p⁰₂) =a.S(p⁰).

2 In the next lemma a composition form parallel composed with a sumnormal form is distributed in over the summands.

Lemma 4.3.7 p₁ ∈cf, p₂ ∈snf ⇒ ∃p∈snf. `p=p₁kp₂,S(p) = {p₁} kS(p₂).

Proof The proof is here by induction on the structure ofp₂ p₂ ∈cf: Let p≡p₁kp₂. We have `p≡p₁kp₂ =p₁kp₂.

p₁, p₂ ∈cf ⇒p₁kp₂ ∈cf ⊆snf and thereby alsop∈cf. As p, p₂ ∈cf we have S(p) = {p} and S(p₂) ={p₂}. Then S(p) ={p}={p₁kp₂}={p₁} k {p₂}={p₁} kS(p₂).

p₂ ≡q₁+q₂, q₁, q₂ ∈snf: By hypothesis of induction:

∃p⁰_i ∈snf. `p⁰_i =p₁kq_i, S(p⁰_i) = {p₁} kS(qi) fori∈2.

Letp≡p⁰₁+p⁰₂. We have: `p≡p⁰₁+p⁰₂ =p₁kq₁+p₁kq₂ by congruence

=p₁k(q₁+q₂) by k+

≡p₁kp₂

Noticep∈snf, becausep⁰₁, p⁰₂ ∈snf, soSis defined onp. ThenS(p) =S(p⁰₁)∪S(p⁰₂) = ({p₁} kS(q₁))∪({p₁} kS(q₂)) ={p₁} k(S(q₁)∪S(q₂)) ={p₁} kS(p₂).

2

The last lemma easely generalize to sumnormal forms.

Lemma 4.3.8 p₁, p₂ ∈snf ⇒ ∃p∈snf. `p=p₁kp₂,S(p) =S(p₁)kS(p₂).

Proof

p₁ ∈cf: Use the last lemma to find p. From p₁ ∈ cf it follows S(p₁) = {p₁}, so S(p) = {p₁} kS(p₂) =S(p₁)kS(p₂).

p₁ ≡q₁+q₂, q₁, q₂ ∈snf: We can use the hypothesis of induction on q₁, q₂ to get q₁⁰, q₂⁰ ∈ snf such that `q_i⁰ =q_ikp₂ andS(q⁰_i) =S(qi)kS(p₂) fori∈2. Letp≡q₁⁰ +q₂⁰. Then:

`p≡q₁⁰ +q₂⁰ = q₁kp₂ +q₂kp₂ by congruence

=_c p₂kq₁ +p₂kq₂

= p₂k(q₁+q₂) by k+

≡ p₂kp₁ =_c p₁kp₂

FurthermoreS(p) =S(q⁰₁)∪S(q⁰₂) = (S(q₁)kS(p₂))∪(S(q₂)kS(p₂)) = (S(q₁)∪S(q₂))k S(p₂) =S(p₁)kS(p₂).

2

We are now in a position to show that any term can be reduced to as sumnormal form.

Proposition 4.3.9 p∈P L⇒ ∃q ∈snf. `p=q.

Proof We use induction on the structure ofp considered as a member of P L.

p≡N IL: N IL ∈snf by definition so choseq≡N ILand we have the result by reflexivity.

p≡a.p⁰: By hypothesis of induction∃q⁰ ∈snf. `p<sup>0</sup> =q<sup>0</sup>. By congruence`p≡a.p⁰ =a.q⁰. From lemma 4.3.6 we find a q ∈ snf such that ` q =a.q⁰ and the result follows by transitivity.

p≡p₁+p₂: ∃q_i ∈snf. `q<sub>i</sub> =p<sub>i</sub> for i∈2 by hypothesis of induction. Letq≡q<sub>1</sub>+q<sub>2</sub>. By congruence then `p≡p₁+p₂ =q₁+q₂ ≡q.

p≡p₁kp₂: From the hypothesis we get ∃qi ∈ snf. ` qi = pi for i ∈ 2. By congruence

`q₁kq₂ =p₁kp₂ ≡p. The result then follows from lemma 4.3.8.

2 The next lemma merely states that no extra terms are gained by applying P more than once.

Lemma 4.3.10 Forp∈P L we have PP(p) =P(p).

IfDis a set of terms,PD, is as usual to understand as the natural extension ofP(defined on single terms) to sets of terms. We will writeP(p) for a single term and e.g.,P{p}when considering sets of terms.

Proof By induction on the structure ofp∈P L.

p≡N IL: P(p) =P(N IL) ={N IL}=P{N IL}=PP(p).

p≡a.p⁰: Here we have:

P(p) =P(a.p⁰) ={N IL} ∪a.P(p⁰)

={N IL} ∪a.PP(p⁰) (by hypothesis of induction)

={N IL} ∪^Sq∈P(p⁰)a.P(q)

={N IL} ∪^Sq∈P(p⁰)(a.P(q)∪ {N IL})

=P{N IL} ∪^Sq∈P(p⁰)P(a.q)

=^S_q∈a.P(p0)∪{N IL}P(q)

=^S_q∈P(a.p0)P(q)

=PP(a.p⁰) =PP(p).

p≡p₁+p₂: P(p) = P(p₁ +p₂) = P(p₁)∪P(p₂) = (by hypothesis) PP(p₁)∪PP(p₂) = P(P(p₁)∪P(p₂)) = PP(p₁+p₂) =PP(p).

p≡p₁kp₂: We deduce:

P(p) =P(p₁)kP(p₂)

=PP(p₁)kPP(p₂) (by hypothesis)

={p⁰₁kp⁰₂ |(p⁰₁, p⁰₂)∈PP(p₁)×PP(p₂)}

={p⁰₁kp⁰₂ |(p⁰₁, p⁰₂)∈^S₍q₁,q₂)∈P(p₁)×P(p₂)P(q₁)×P(q₂)}

=^S_{(q1,q2)∈P(p1)×P(p2)}{p⁰₁kp⁰₂ |(p⁰₁, p⁰₂)∈P(q₁)×P(q₂)}

=^S_{(q1,q2)∈P(p1)×P(p2)}P(q₁)kP(q₂)

=^S_{(q1,q2)∈P(p1)×P(p2)}P(q₁kq₂)

=^S_{q∈P(p1)kP(p2)}P(q)

=^S_q∈P(p1kp2)P(q) = PP(p).

2

Lemma 4.3.11 p∈snf ⇒P(p) =PS(p).

Proof Induction on the structure ofpconsidered as a sumnormal form.

p∈cf: Then S(p) ={p} wherefore P(p) =P{p}=PS(p).

p≡p₁+p₂, p₁, p₂ ∈snf: We seeP(p) =P(p₁)∪P(p₂) = (by hypothesis)PS(p₁)∪PS(p₂) = P(S(p₁)∪S(p₂)) =PS(p₁ +p₂) = PS(p).

2

From the last to lemmas we get:

Lemma 4.3.12 Ifp∈snf and there exists a q∈P Lsuch that S(p) = P(q) then p∈pf.

That is if pis a sumnormal form with summands equal to the prefixes of some other term then the summands of p are already closed under prefix.

Proof p∈snf so we only have to show S(p) =P(p). But this is easely seen:

S(p) = P(q) by assumption

=PP(q) by lemma 4.3.10

=PS(p) by assumption again

=P(p) by lemma 4.3.11 and the fact that p∈snf.

2

Lemma 4.3.13 p⁰ ∈pf ⇒ ∃p∈pf. `p=a.p⁰.

Similar as the lemmas leading to proposition 4.3.9 we shall now see how different operators can be distributed in over prefix forms to obtain new prefix forms.

Proof As p⁰ ∈ pf implies p⁰ ∈ snf we can use lemma 4.3.6 to find a q ∈ snf such that

`q=a.p⁰ and

S(q) =a.S(p⁰) (4.6)

Now letp≡q+N IL. By +3 we have `p≡q+N IL=q =a.p⁰. It just remains to show p∈pf. Notice that because q∈snf we have p≡q+N IL∈snf. We show S(p) = P(a.p⁰).

S(p) = S(q)∪S(N IL)

=a.S(p⁰)∪ {N IL} by (4.6)

=a.P(p⁰)∪ {N IL} because p⁰ ∈pf

=P(a.p⁰)

Since p∈snf we can deducep∈pf from S(p) = P(a.p⁰) and lemma 4.3.12. 2 Lemma 4.3.14 p₁, p₂∈pf implies ∃p∈pf. `p=p₁kp₂.

Proof p₁, p₂ ∈pf implies p₁, p₂ ∈ snf so we can use lemma 4.3.8 to find a p ∈ snf such that `p=p₁kp₂ and

S(p) =S(p₁)kS(p₂) (4.7)

To get the result it remains to show p ∈ pf. Since S(p) = (by (4.7)) S(p₁)kS(p₂) = (because p₁, p₂ ∈ pf) P(p₁)kP(p₂) =P(p₁ kp₂) and p ∈ snf we obtain p ∈ pf by lemma

4.3.12. 2

Lemma 4.3.15 p∈cf implies∃q ∈pf. `p=q.

Proof Induction on the structure ofp considered as a composition form.

p≡N IL: Let q ≡ N IL. P(N IL) = {N IL} =S(N IL) and by reflexivity `p ≡N IL = N IL≡q.

p≡a.p⁰, p⁰ ∈cf: By hypothesis there exists aq⁰ ∈pf. `p⁰ =q⁰. Using congruence we get

` p ≡a.p<sup>0</sup> =a.q<sup>0</sup>. As q<sup>0</sup> ∈ pf lemma 4.3.13 gives us a q ∈ pf such that ` q = a.q⁰. We see`p=q and q ∈pf,

p≡p₁kp₂, p₁, p₂ ∈cf: There exists p⁰₁, p⁰₂ ∈ pf such that ` p<sub>1</sub> = p<sup>0</sup><sub>1</sub> and ` p₂ = p⁰₂ by hypothesis of induction. By congruence then `p≡p<sub>1</sub>kp<sub>2</sub> =p<sup>0</sup><sub>1</sub>kp<sup>0</sup><sub>2</sub>. As p<sup>0</sup><sub>1</sub>, p<sup>0</sup><sub>2</sub> ∈pf lemma 4.3.14 gives us aq ∈pf with `q =p⁰₁kp⁰₂ from which the result follows.

2

It now easely follows that any sumnormal form can be reduced to a prefix form.

Proposition 4.3.16 p∈snf implies ∃q∈pf. `p=q.

Proof Induction on the structure ofp considered as a sumnormal form.

p∈cf: By the last lemma.

p≡p₁+p₂, p₁, p₂ ∈snf: By hypothesis and congruence we find q₁, q₂ ∈ pf such that

`p≡p₁+p₂ =q₁+q₂. Let q≡q₁+q₂. q₁, q₂ ∈pf ⇒q₁, q₂ ∈snf whereforeq∈snf.

We just have to show S(q) =P(q) in order to have q ∈pf.

S(q) =S(q₁)∪S(q₂)

=P(q₁)∪P(q₂) because q₁, q₂ ∈pf

=P(q₁+q₂) =P(q).

2 With the next lemma it is possible (by commutativity and associativity) to bring any summand of a sumnormal form, p, to the front ofp.

Lemma 4.3.17 Letp∈snf. Then q∈S(p) implies p≡q or∃q⁰ ∈snf. `p=_sq+q⁰. Proof

p∈cf: In this case we have S(p) ={p} so q∈ {p}implies p≡q.

p≡p₁+p₂, p₁, p₂ ∈snf: Here we haveS(p) =S(p₁)∪S(p₂) soq∈S(p) gives us two cases to consider.

q∈S(p₁): Using the hypothesis of induction we also have two possibilities to con-sider here. p₁ ≡q₂: Chose q⁰ ≡p₂. By reflexivity `p≡p₁+p₂ ≡q+q⁰.

∃q⁰⁰ ∈snf: `p₁ =_s q+q⁰⁰: Choseq⁰ ≡q⁰⁰+p₂. We have:

`p≡p₁+p₂ =_s (q+q⁰⁰) +p₂ by p₁ =_s q+q⁰⁰ and congruence

=q+ (q⁰⁰+p₂) by +1

≡q+q⁰

q⁰ ∈snf follows from q⁰⁰∈snf and p₂ ∈snf.

q∈S(p₂): Similar but with additional use of +2.

2 Any two sumnormal forms which are equal up to idempotents, commutativity and asso-ciativity have the same summands. Formally:

Lemma 4.3.18 Letp, q∈snf. Then`p=_si q impliesS(p) =S(q).

Proof For the purpose of this proof it is convenient to extend S defined on snf to S⁰ defined on P L. Let S⁰ :P L−→ P(cf) be defined by:

N IL7→ {ε} a.p7→a.S⁰(p)

p₁+p₂ 7→S⁰(p₁)∪S⁰(p₂) p₁kp₂ 7→S⁰(p₁)kS⁰(p₂)

A number of subproofs are necessary, but they are all inductive and quite trivial so we only give the principal line.

S⁰ well-defined i.e., S⁰(p)∈cf for all p∈P Lis proved by induction on the structure of p.

That S⁰ coincide with S onsnf is shown by first proving p∈cf ⇒S⁰(p) = S(p) (4.8)

by induction on the structure ofp considered as a member of cf and next p∈snf ⇒S⁰(p) = S(p)

also by structural induction, but this time with pconsidered as a sumnormal form, using (4.8) in the basis.

Finally for p, q∈P L:

`p=_siq ⇒S⁰(p) = S⁰(p)

is shown by induction on the number of inferences used to provep=_si q. SinceS⁰ coincide with S onsnf the lemma then follows as a special case.

The reason that we need the extension is that if we tried to prove the lemma directly by induction on the inferences we would get the following problem by transitivity:

If p, q ∈ snf and p =_si q was proved using p =_si r and r =_si q we cannot be sure that

r∈snf and therefore could not use the hypothesis. 2

By the definition of Θ we then have:

Corollary 4.3.19 Ifp, q ∈snf then `p=_si q implies Θ(p) = Θ(q).

Lemma 4.3.20 p∈msnf and `p=_s q implies q∈msnf.

Proof Shown by induction on the number of inferences used to infer p=sq. At first we consider the axioms.

Reflexivity: Evident since then p=q.

+1: p ≡ p₁ + (p₂ +p₃) = (p₁ +p₂) + p₃ ≡ q. p ∈ msnf implies p₁, p₂, p₃ ∈ msnf, S(p₁)∩S(p₂+p₃) =S(p₁)∩(S(p₂)∪S(p₃)) =∅ and S(p₂)∩S(p₃) =∅. Clearly then also S(p₁ +p₂)∩S(p₃) =∅ and S(p₁)∩S(p₂) =∅ soq ∈msnf.

+2: Similar arguments using ∩ commutative.

Inferences:

Transitivity: Assume ` p =<sub>s</sub> q is obtained from ` p =_s r and ` r =<sub>s</sub> q. Using the hypothesis of induction on ` p=_s r we have r ∈ msnf so we can use the induction once more to get q∈msnf.

Congruences:

a.: Assume p⁰ =s q⁰ is used to show p≡a.p⁰ =s a.q⁰ ≡ q. Now p≡a.p⁰ ∈msnf implies p⁰ ∈ cf. Since p⁰ =_s q⁰ it then follows that q⁰ ∈cf and thereby q ≡a.q⁰ ∈cf. Hence q∈msnf.

+: W.l.o.g. assume p⁰ =_s q⁰ is used to infer p≡p⁰+r=_sq⁰+r≡q. p≡p⁰+r∈msnf implies p⁰, r∈msnf and S(p⁰)∩S(r) =∅. By hypothesis of induction we then from p⁰ =_s q⁰ get q⁰ ∈ msnf. Then since msnf ⊆ snf: p⁰ =_s q⁰ by lemma 4.3.18 implies S(p⁰) =S(q⁰). Hence S(q⁰)∩S(r) =∅ and we conclude q ∈msnf.

k: Similar arguments as in the a.-case.

2 We now show that any sumnormal form can be minimalized.

Proposition 4.3.21 For p∈snf there exists a q∈msnf such that `p=_si q.

Proof At first we prove:

q₁, q₂ ∈msnf ⇒ ∃q∈msnf. `q₁+q₂ =si q (4.9)

by induction on the number n=|S(q₁)∩S(q₂)|

n = 0: I.e.,S(q₁)∩S(q₂) =∅ and q₁, q₂ ∈msnf. Let q ≡q₁+q₂. Clearlyq ∈msnf and by reflexivity `q₁+q₁ =q.

n >0: Chose a q⁰ ∈ S(q₁)∩S(q₂). By lemma 4.3.17 we obtain for i ∈ 2: q_i ≡ q⁰ ∨ ∃q_i⁰ ∈ snf. `q_i =_sq⁰+q_i⁰, so there are four subcases to consider.

q₁ ≡q⁰ ≡q₂: `q₁+q₂ ≡q⁰+q⁰ =_i q⁰. As q⁰ ≡q₁ ∈msnf we can chose q≡q⁰.

q₁ ≡q⁰, (∃q⁰₂ ∈snf. `q<sub>2</sub> =s q<sup>0</sup> +q<sub>2</sub><sup>0</sup>): We get ` q₁ + q₂ ≡ q⁰ + q₂ =s q⁰ + (q⁰ +q⁰₂) =s

(q⁰+q⁰) +q₂⁰ =_i q⁰+q⁰₂ =_s q₂. Chose q ≡q₂ and the result follows since q₂ ∈msnf.

(∃q⁰₁ ∈snf. `q₁ =_s q⁰+q₁⁰), q₂ ≡q⁰: Symmetric.

∃q⁰_i ∈snf. `qi =s q<sup>0</sup> +q<sub>i</sub><sup>0</sup> for i∈2: We get`q₁+q₂ =s(q⁰+q₁⁰) + (q⁰+q⁰₂) =s (q⁰+q⁰) + (q⁰₁+q₂⁰) =_i q⁰+ (q₁⁰ +q₂⁰) =_s (q⁰ +q⁰₁) +q⁰₂ =_s q₁+q₂⁰. According to lemma 4.3.20 we have q⁰+q₂⁰ ∈ msnf because q₂ ∈msnf and `q₂ =_s q⁰+q⁰₂. q⁰ +q₂⁰ ∈msnf gives us S(q⁰)∩S(q₂⁰) =∅. Hence |S(q₁)∩S(q₂⁰)| < n. q⁰+q₂⁰ ∈msnf also gives q⁰₂ ∈msnf so we can use the hypothesis of induction on q₁, q₂⁰ to find a q ∈ msnf such that

` q<sub>1</sub>+q<sub>2</sub><sup>0</sup> =<sub>si</sub> q. All together we then have ` q₁ +q⁰₂ =_si q thereby completing the inductive step in proving (4.9).

With (4.9) we can now prove the proposition by induction on the structure ofpconsidered as a sumnormal form.

p∈cf: We then also have p∈msnf and can chose q ≡p.

p≡p₁+p₂, p₁, p₂ ∈snf: Using the hypothesis of induction on p₁, p₂ we can find q₁, q₂ ∈ msnf such that `p<sub>1</sub> =<sub>si</sub> q<sub>1</sub> and`p₂ =_si q₁. By congruence`p≡p<sub>1</sub>+p<sub>2</sub> =<sub>si</sub> q<sub>1</sub>+q<sub>2</sub> and from (4.9) we find a q ∈ msnf. ` q₁ +q₂ =si q. The result then follows by transitivity.

2

The next lemma establish the first connection to the denotations of terms.

Lemma 4.3.22 Forp∈P L we have [[p]]_π =θP(p).

Proof Induction on the structure ofp considered as a member ofP L.

p≡N IL: We see [[p]]_π =N IL_π ={ε}={θ(N IL)}=θ{N IL}=θP(N IL).

p≡a.p⁰: [[p]]_π =a.[[p⁰]]_π∪{ε}= (induction and the definition ofθ)a.θP(p⁰)∪{θ(N IL)}= {a.θ(q)|q∈P(p⁰)}∪{θ(N IL)} = (definition ofθ){θ(a.q)|q∈P(p⁰)}∪{θ(N IL)}= θa.P(p⁰)∪θ{N IL}=θ(a.P(p⁰)∪ {N IL}) =θP(a.p⁰) =θP(p).

p≡p₁+p₂: [[p]]_π = [[p₁]]_π∪[[p₂]]_π = (hypothesis of induction) θP(p₁)∪θP(p₂) = (because θ is extended to sets in the natural way) θ(P(p₁)∪P(p₂)) = θP(p).

p≡p₁kp₂: [[p]]_π = [[p₁]]_π k[[p₂]]_π = (by induction) θP(p₁)kθP(p₂) ={θq₁kθq₂ |(q₁, q₂)∈ P(p₁)× P(p₂)} = (by definition of θ) {θ(q₁ k q₂) | (q₁, q₂) ∈ P(p₁) ×P(p₂)} = θ(P(p₁)kP(p₂)) =θP(p).

2 From the last lemma, the definition of Θ and the fact that p∈pf impliesP(p) =S(p) we have:

Corollary 4.3.23 Ifp∈pf then [[p]]_π = Θ(p).

Lemma 4.3.24 If`p=q<sup>0</sup> and q<sup>0</sup> ∈S(q) for a q ∈snf then `q =p+q.

Proof By lemma 4.3.17 it is enough to consider the following two possibilities:

q⁰ ≡q: By +4 we have ` q ≡ q<sup>0</sup> = q<sup>0</sup> +q<sup>0</sup> ≡ q<sup>0</sup> +q. As ` p = q⁰ we get by congruence

`q⁰+q =p+q from which the result follows.

∃q⁰⁰ ∈snf. `q=<sub>s</sub> q<sup>0</sup>+q<sup>00</sup>: Again by +4 we have ` q⁰ = q⁰ +q⁰ so by congruence ` q = (q<sup>0</sup>+q<sup>0</sup>) +q<sup>00</sup>=s q<sup>0</sup>+ (q<sup>0</sup>+q<sup>00</sup>) =sq<sup>0</sup> +q. From `p=q⁰ and congruence we now get

`q<sup>0</sup>+q =p+q and thereby`q =p+q.

2 Proposition 4.3.25 Suppose p ∈ msnf and q ∈ snf. Then S(p) ⊆nc S(q) implies ` p+q=q.

Proof Induction on the quantity n=|S(p)|.

n = 1: Fromp∈msnf followsS(p) ={p}. Now{p} ⊆nc S(q) means∃q⁰ ∈S(q). `p=_nc q⁰. The result then follows from the last lemma.

n >1: Chose ap₁ ∈S(p). As |S(p)|>1 lemma 4.3.17 gives us that there exists ap₂ ∈snf such that`p=_s p₁+p₂. By lemma 4.3.20 we getp₁+p₂ ∈msnf fromp∈msnf. According to the definition of msnf we then also have p₁, p₂ ∈ msnf and S(p₁)∩S(p₂) = ∅. Since S(p₁) 6= ∅ 6= S(p₂) then |S(pi)| < |S(p₁)∪S(p₂)| = |S(p₁ +p₂)| = |S(p)| = n for i ∈ 2.

Because p₁, p₂ ∈ msnf and S(p₁),S(p₂)⊆S(p₁)∪S(p₂) =S(p)⊆nc S(q) the hypothesis of induction gives us

`p<sub>1</sub>+q=q and `p₂+q=q.

(4.10)

Then `p+q =_s (p₁+p₂) +q

= (p₁+p₂) + (q+q) by +4

=_s (p₁+q) + (p₂+q)

= q+q by congruence and (4.10)

= q by +4.

2

Lemma 4.3.26 θ(p) =ε, p∈cf ⇒`p=_nN IL Proof

p≡N IL: Trivial.

p≡a.p⁰: Then θ(p) =a.θ(p⁰)6=ε so the premise is not fulfilled.

p≡qkr: Then θ(p) =θ(q)kθ(r). corollary_T 1.2.14.c) gives us: ε=θ(q)kθ(r)⇒θ(q) = ε=θ(r). So we can use the hypothesis of induction to getq =n N ILandr=nN IL.

Then: `p≡qkr=_nN ILkN IL by congruence

=_nN IL by k3.

2 Lemma 4.3.27 If p ∈ cf and θ(p) = a.s then there exists a p⁰ ∈ cf such that θ(p⁰) = s and `p=na.p⁰.

Proof

p≡N IL: θ(p) =ε6=a.s so the premise is not fulfilled.

p≡b.q: θ(p) = b.θ(q). From corollary_T 1.2.3.b) we get a = b and s =θ(q). So p ≡ a.q.

Then just chosep⁰ ≡q. Asp∈cf it follows thatp⁰ ≡q∈cf. By reflexivityp=_na.p⁰. p≡qkr: θ(p) =θ(q)kθ(r) so by corollary_T 1.2.14.a) we then get w.l.o.g. θ(q) =a.s and θ(r) =ε. Now p∈ cf ⇒ q ∈cf so we can use the hypothesis of induction to find a p⁰ ∈ cf such that ` q =<sub>n</sub> a.p<sup>0</sup> and θ(p<sup>0</sup>) = s. By lemma 4.3.26 θ(r) = ε ⇒ ` r =_n N IL. Then by congruence and k3: `p≡qkr =_n qkN IL=_nq =_n a.p⁰.

2 Lemma 4.3.28 Ifp ∈cf then θ(p) =skt implies that there exists p₁, p₂ ∈cf such that θ(p₁) =s, θ(p₂) = t and `p=_nc p₁kp₂.

Proof

p≡N IL: θ(p) = ε and skt = ε⇒ s =ε =t. Letp₁ ≡p₂ ≡ N IL∈ cf. It is seen that θ(p₁) =s and θ(p₂) =t. The result then follows by k3.

p≡a.p⁰: θ(p) =a.θ(p⁰). By corollary_T 1.2.14.a) we from a.θ(p⁰) =skt get either a) s=a.θ(p⁰), t=ε or

b) s =ε, t=a.θ(p⁰).

We look at the two possibilities separately.

a) Let p₁ ≡ a.p⁰ ∈ cf and p₂ ≡ N IL ∈ cf. We have θ(p₁) = a.θ(p⁰) = s, θ(p₂) =θ(N IL) =ε =t and `p≡p₁ =_np₁kN IL by k3

≡p₁kp₂.

b) Symmetric with the addition that k2 is used too.

p≡q₁kq₂: θ(p) =θ(q₁)kθ(q₂). By corollary_T 1.2.14.b) θ(q₁)kθ(q₂) =skt implies that there exists s⁰, s⁰⁰, t⁰, t⁰⁰ such that s=s⁰ks⁰⁰, t =t⁰ kt⁰⁰, θ(q₁) =s⁰kt⁰, θ(q₂) =s⁰⁰kt⁰⁰. Using the induction on the last two equations we find q₁⁰, q⁰⁰₁, q⁰₂, q⁰⁰₂ ∈cf such that

q₁ =_nc q⁰₁kq₂⁰, q₂ =_nc q⁰⁰₁ kq⁰⁰₂ (4.11)

andθ(q⁰₁) =s⁰, θ(q₁⁰⁰) =s⁰⁰, θ(q⁰₂) =t⁰, θ(q₂⁰⁰) =t⁰⁰. Now letp_i ≡q_i⁰kq⁰⁰_i, i∈2. Evidently θ(p₁) =θ(q₁⁰)kθ(q₁⁰⁰) =s⁰ks⁰⁰=s and similar θ(p₂) = t. We also have:

`p≡q₁kq₂ =_nc (q₁⁰ kq₂⁰)k(q₁⁰⁰kq⁰⁰₂) by congruence and (4.11)

=c (q₁⁰ kq₁⁰⁰)k(q₂⁰ kq⁰⁰₂) by k1 and k2

≡ p₁kp₂

As q⁰₁, q₁⁰⁰, q₂⁰, q₂⁰⁰∈cf it follows that p₁, p₂∈cf. This concludes the inductive step.

2

Proposition 4.3.29 Let p, q∈cf. Then θ(p) = θ(q) implies `p=nc q.

Proof

p≡N IL: θ(p) =θ(N IL) =ε. By lemma 4.3.26 it is seen thatθ(q) =εimpliesq=_nN IL and thereby `p=nc q.

p≡a.p⁰: By lemma 4.3.27 and θ(q) = a.θ(p⁰) = θ(p), q ∈ cf we can find a q⁰ ∈ cf such that q =_n a.q⁰ and θ(q⁰) = θ(p⁰). As p ∈ cf ⇒ p⁰ ∈ cf and q⁰ ∈ cf we can use the induction to get q⁰ =_nc p⁰. By congruence then a.q⁰ =_nc a.p⁰ ≡p. As q =_n a.q⁰ we have `q =_ncp.

p≡p₁kp₂: From lemma 4.3.28 and θ(q) = θ(p₁)kθ(p₂), q ∈ cf we see that there exists q₁, q₂ ∈ cf such that q =_nc q₁ kq₂ and θ(q₁) = θ(p₁), θ(q₂) = θ(p₂). As p ∈ cf ⇒ p₁, p₂ ∈ cf we can use the hypothesis of induction to get ` p_i =_nc q_i, i ∈ 2. By congruence then q=_nc q₁kq₂ =_nc p₁kp₂ ≡p.

2 It should be noticed that we up til now only have been using the π-inequalities. To emphasise this we will write `π p = q whenever this is the case. So we could actual rewrite all the previous properties with this addition. If in addition to the π-inequalities also δ.k is used in proving p=q we write `δp=q.

Proposition 4.3.30 Let q∈ cf, θ(q) =t and s∈ T SW. Then s≺·t ⇒ ∃p∈cf. `δp≤ q, θ(p) =s

Proof Recall propositionT 2.3.44:

s≺·t implies ∃u∈γ(s), D⊆γ(t). γ(s)\ {u}=γ(t)\D and for some a, b∈Act, s⁰, s⁰⁰, t⁰ ∈T SW either

a) u=a.(s⁰ kb.s⁰⁰), D={a.s⁰, b.s⁰⁰} or

b) u=a.s⁰, D={a.t⁰}, s⁰ ≺·t⁰

This natural suggests to make the proof in the size of A_θ(s). Letting t=θ(q) we see from above that there is two cases to consider.

a) Then t can be written as a.s⁰kb.s⁰⁰k(kγ(t)\D). Since θ(q) = t we can use lemma 4.3.28 to find q₁, q₂, q₃ ∈cf such that

`π q=q₁ kq₂kq₃ (4.12)

and θ(q₁) = a.s⁰, θ(q₂) = b.s⁰⁰, θ(q₃) = (kγ(t)\D). We can then by lemma 4.3.27 find q₁⁰, q₂⁰ such that

`π q<sub>1</sub> =a.q<sub>1</sub><sup>0</sup>,`π q₂ =b.q₂⁰ (4.13)

and θ(q₁⁰) =s⁰, θ(q⁰₂) =s⁰⁰. Let p:=a.(q₁⁰ kb.q₂⁰)kq₃. We have:

`δ p≡ a.(q₁⁰ kb.q₂⁰)kq₃

≤ a.q₁⁰ kb.q⁰₂kq₃ by δ.k and congruence

=_π q₁ kq₂kq₃ by (4.13) and congruence

=_π q by (4.12)

We also haveθ(p) =θ(a.(q₁⁰ kb.q⁰₂)kq₃) =a.(θ(q₁⁰)kb.θ(q₂⁰))kθ(q₃) =a.(s⁰kb.s⁰⁰)k(kγ(t)\ D) = uk(kγ(t)\D) =uk(kγ(s)\{u}) =kγ(s) = s. In the proof of this case we actually did not use the inductive hypothesis.

b) In this case we can writetasa.t⁰k(kγ(t)\{a.t⁰}). As in the a)-case we findq₁, q₂, q₁⁰ ∈cf such that

`π q=q<sub>1</sub> kq<sub>2</sub>,`π q₁ =a.q₁⁰ (4.14)

and θ(q₁) =a.t⁰, θ(q₂) =kγ(t)\ {a.t⁰}, θ(q₁⁰) =t⁰.

Clearly |A_s0|<|A_s| so we can use the inductive assumption to find p⁰ ∈cf such that

`δ p⁰ ≤q₁⁰ (4.15)

and θ(p⁰) =s⁰. Let p:=a.p⁰kq₂. We have:

`δ p≡ a.p⁰ kq₂

≤δ a.q₁⁰ kq₂ by (4.15) and congruence

=π q₁ kq₂ by the second part of (4.14)

=_π q by the first part of (4.14)

Finally: θ(p) =a.θ(p⁰)kθ(q₂) =a.s⁰k(kγ(t)\ {a.t⁰}) =uk(kγ(s)\ {u}) =s.

This also completes the inductive step. 2

Proposition 4.3.31 Let q∈snf. Then ∃p∈snf. `δ p=q,Θ(p) =δΘ(q)

Proof At first we prove an intermediate result. Notice that since≺·⁺ =≺ we see s≺t

Proof At first we prove an intermediate result. Notice that since≺·⁺ =≺ we see s≺t

In document View of Partial orders and fully abstract models for concurrency (Sider 99-142)