ebook img

DTIC ADA386461: A Faster-than Relation for Asynchronous Processes PDF

33 Pages·0.39 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview DTIC ADA386461: A Faster-than Relation for Asynchronous Processes

NASA/CR-2001-210651 ICASE Report No. 2001-2 A Faster-than Relation for Asynchronous Processes Gerald Lüttgen The University of Sheffield, Sheffield, United Kingdom Walter Vogler Universität Augsburg, Augsburg, Germany ICASE NASA Langley Research Center Hampton, Virginia Operated by Universities Space Research Association National Aeronautics and Space Administration Langley Research Center Prepared for Langley Research Center Hampton, Virginia 23681-2199 under Contract NAS1-97046 January 2001 Form SF298 Citation Data Report Date Report Type Dates Covered (from... to) ("DD MON YYYY") N/A ("DD MON YYYY") 00JAN2001 Title and Subtitle Contract or Grant Number A Faster-than Relation for Asynchronous Processes Program Element Number Authors Project Number Gerald Lüttgen, Walter Vogler Task Number Work Unit Number Performing Organization Name(s) and Address(es) Performing Organization ICASE NASA Langley Research Center Hampton, Virginia Number(s) ICASE Report No. 2001-2 Sponsoring/Monitoring Agency Name(s) and Address(es) Monitoring Agency Acronym Monitoring Agency Report Number(s) Distribution/Availability Statement Approved for public release, distribution unlimited Supplementary Notes NASA/CR-2001-210651 Abstract Abstract. This paper introduces a novel (bi)simulation{based faster{than preorder which relates asyn- chronous processes with respect to their worst{case timing behavior. The studies are conducted for a conservative extension of the process algebra CCS, called TACS, which permits the speci cation of maximal time bounds of actions. TACS complements work in plain process algebras which compares asynchronous processes with respect to their functional reactive behavior only, and in timed process algebras which focus on analyzing synchronous processes. The most unusual contribution of this paper is in showing that the pro- posed faster{than preorder coincides with two other and at least equally appealing preorders, one of which considers the absolute times at which actions occur in system runs. The paper also develops the semantic theory of TACS: itcharacterizes the largest precongruence contained in the faster{than preorder, presents an axiomatization in a fragment of the algebra, and investigates a corresponding weak faster{than preorder. A small example relating two implementations of a simple storage system testi es to the practical utility of the new theory. Subject Terms Document Classification Classification of SF298 unclassified unclassified Classification of Abstract Limitation of Abstract unclassified unlimited Number of Pages 31 (cid:3) A FASTER{THAN RELATION FOR ASYNCHRONOUS PROCESSES GERALD LU(cid:127)TTGENy AND WALTER VOGLERz Abstract. This paper introduces a novel (bi)simulation{based faster{thanpreorderwhich relates asyn- chronous processes with respect to their worst{case timing behavior. The studies are conducted for a conservativeextensionoftheprocessalgebraCCS,calledTACS,whichpermitsthespeci(cid:12)cationofmaximal time bounds of actions. TACS complements work in plain process algebras which compares asynchronous processes with respect to their functional reactive behavior only, and in timed process algebras which focus onanalyzingsynchronousprocesses. Themostunusualcontributionofthispaperisinshowingthatthepro- posed faster{than preorder coincides with two other and at least equally appealing preorders, one of which considers the absolute times at which actions occur in system runs. The paper also develops the semantic theory of TACS: it characterizes the largest precongruence contained in the faster{than preorder, presents anaxiomatizationina fragmentofthe algebra,and investigatesacorrespondingweakfaster{thanpreorder. A small example relating two implementations of a simple storagesystem testi(cid:12)es to the practical utility of the new theory. Key words. asynchronoussystems,bisimulation,faster{thanpreorder,processalgebra,timingbehavior Subject classi(cid:12)cation. Computer Science 1. Introduction. Process algebras [7, 8, 18, 21, 26] provide a widely studied framework for reasoning aboutthe behaviorofconcurrentsystems. Earlyapproaches,includingMilner’s Calculus of Communicating Systems (CCS)[26],focusedonsemanticissuesofasynchronousprocesses,wheretherelativespeedsbetween processes running in parallel are not bounded, i.e., one process may be arbitrarily slower or faster than another. Thisleadstoasimpleandmathematicallyelegantsemantictheoryanalyzingthefunctionalbehavior ofsystemsregardingtheircausalinteractionswiththeirenvironments. Toincludetimeasanaspectofsystem behavior, timed process algebras [5, 19, 28, 32, 34, 38] were introduced. They usually model synchronous systems where processes running in parallel are under the regime of a common global clock and have a (cid:12)xedspeed. A well{knownrepresentativeofdiscretetimedprocessalgebrasisHennessyand Regan’sTimed Process Language (TPL) [19] which extends CCS by a timeout operator and a clock pre(cid:12)x demanding that exactly one time unit must pass before activating the argument process. Research papers on timed processalgebrasusuallydonotrelateprocesseswithrespecttospeed;themostnotableexceptionisworkby Moller and Tofts [29] which considers a faster{than preorder within a CCS{based setting, where processes are essentially attached with lower time bounds [28]. In practice, however, often upper time bounds are known to a system designer, determining how long a process may delay its execution. These can be used to comparetheworst{casetimingbehavior ofprocesses. Theassumptionofuppertimeboundsforasynchronous processesalreadyisexploitedindistributedalgorithms[24]andwasinvestigatedbythesecondauthorinthe (cid:3) ThisworkwassupportedbytheNationalAeronauticsandSpaceAdministrationunderNASAContract No.NAS1{97046 whiletheauthorswereinresidenceatICASE,NASALangleyResearchCenter,Hampton,Virginia23681{2199, USA. y DepartmentofComputerScience,TheUniversityofShe(cid:14)eld,RegentCourt,211PortobelloStreet,She(cid:14)eldS14DP,U.K., e{mail: [email protected]. z Institut fu(cid:127)rInformatik,Universit(cid:127)atAugsburg,D{86135Augsburg,Germany,e{mail: [email protected]. 1 setting ofPetrinets [9, 22, 35, 36]. The latter workadaptedDeNicolaand Hennessy’snotionof testing [16], where the derived must{preorder is interpreted as faster{than relation. Recently, these results have been transferred to a process{algebraicsetting [23, 37] whose semantics, however, is still based on testing. In this paper we developa novel(bi)simulation{based approachto compareasynchronoussystems with respect to their worst{case timing behavior. To do so, we extend CCS by a rather speci(cid:12)c notion of clock pre(cid:12)xing \(cid:27):", where (cid:27) stands for one time unit or a single clock tick. In contrastto TPL, we interpret (cid:27):P as a process which may delay at most one time unit before executing P. Similar to TPL, however, we view the occurrence of actions as instantaneous. This results in a new process algebra extending CCS, to which we refer as Timed Asynchronous Communicating Systems (TACS). To make our intuition of upper{ bound delays more precise, consider the processes (cid:27):a:0 and a:0, where a denotes an action or port as in CCS. While the former processmay delay an enabled communication on port a by one time unit, the latter process must engagein the communication. In this sense, action a is non{urgent in (cid:27):a:0 but urgent in a:0. However,if acommunicationonport aisnotenabled,then processa:0maywaituntilsomecommunication partner is ready. Technically, we allow a:P to wait in any case; to enforce a communication resulting in the internal action (cid:28), a time step in TACS is preempted by an urgent (cid:28). This is similar to timed process algebras employing the maximal progress assumption [19, 38]; however, in these algebrasand in contrast to TACS,anyinternalcomputationisconsideredtobeurgent. ForTACSweintroducea(bi)simulation{based faster{than preorder which exploits the knowledgeof upper time bounds: a process is faster than another if both are linked by a relation which is a strong bisimulation for actions and a simulation for time steps. The main contribution of this paper is the formal underpinning of our preorder which justi(cid:12)es why it is a good candidate for a faster{than relation on processes. There are at least two very appealing alternative de(cid:12)nitions for such a preorder. First, one could allow the slower process to perform extra time steps when simulating an action or time step of the faster process. Second and probably even more important is the question of how exactly the faster process can match a time step and the subsequent behavior of the slower one. Forillustratingthisissue,considertherunsa(cid:27)(cid:27)band(cid:27)a(cid:27)bwhichmightbeexhibitedbysomeprocesses. One can argue that the (cid:12)rst run is faster than the second one since action a occurs earlier in the run and since action b occurs at absolute time 2 in both runs, measured from the start of each run. With this observationin mind, we de(cid:12)ne a second variantof our faster{thanpreorder,where a time step of the slower process is either simulated immediately by the faster one or might be performed later on. As a main result, we prove that both variants coincide with our faster{than preorder that has a more elegant and concise de(cid:12)nition. Thisjusti(cid:12)esourfaster{thanpreorderasareferencepreorderforrelatingasynchronousprocesses with respect to their worst{case timing behavior. In addition, this paper develops the semantic theory of thefaster{thanpreorder: wecharacterizethecoarsestprecongruencecontainedinourpreorder,demonstrate thatTACSwiththisprecongruenceisaconservativeextensionofCCSwithbisimulation,andaxiomatizeour precongruence for (cid:12)nite sequential processes. We also study the corresponding weak faster{than preorder, which abstracts from internal computation, and its semantic theory. To testify to the utility of our novel framework, we apply it to a small example dealing with two implementations of a simple storage system. The remainder of this paper is organized as follows. The next section presents the process algebra TACS, while Sec. 3 introduces three variants of a faster{than preorder and shows all of them to coincide. Sec.4developsthe semantictheoryofourpreorderandits\weak"correspondence,whichis then appliedto an example in Sec. 5. Finally, Secs. 6 and 7 discuss related work and present our conclusions, respectively. 2 2. TimedAsynchronous CommunicatingSystems. Thissectionde(cid:12)nesthesyntaxandsemantics of our novel process algebra Timed Asynchronous Communicating Systems (TACS) which conservatively extends CCS [26] by a concept of global, discrete time. This concept is introduced by a non{standard interpretation of clock pre(cid:12)xing \(cid:27):" as mentioned in the introduction. Intuitively, a process (cid:27):P can at most (but mustnot) delayonetime unit beforehavingtoexecute processP, providedthat P canengagein acommunicationwiththeenvironmentorinsomeinternalcomputation. Thesemanticsof TACSisbasedon a notion of transition system that involvestwo kinds of transitions, action transitions and clock transitions. Actiontransitions,likeinCCS,arelocalhandshakecommunicationsinwhichtwoprocessesmaysynchronize to take a joint state change together. A clock represents the progress of time, which manifests itself in a recurrentglobalsynchronizationevent,theclocktransition. Asindicatedabove,actionandclocktransitions arenotorthogonalconcepts,sinceaclocktransitioncanonlyoccuriftheprocessunderconsiderationcannot engage in an urgent internal computation. Syntaxof TACS.Let(cid:3)beacountablesetofactions,orports,notincludingthedistinguishedunobservable, internal action (cid:28). With every a 2 (cid:3) we associate a complementary action a. We de(cid:12)ne (cid:3) =df faja2(cid:3)g and take A to denote the set (cid:3)[(cid:3)[f(cid:28)g of all actions. Complementation is lifted to (cid:3)[(cid:3) by de(cid:12)ning a=df a. As in CCS [26], an action a communicates with its complement a to produce the internal action (cid:28). We let a;b;::: range over (cid:3)[(cid:3) and (cid:11);(cid:12);::: over A and, moreover, we represent (potential) clock ticks by the symbol (cid:27). The syntax of our language is then de(cid:12)ned as follows: P ::= 0 j x j (cid:11):P j (cid:27):P j P +P j PjP j P nL j P[f] j (cid:22)x:P where x is a variable taken from a countably in(cid:12)nite set V of variables, L (cid:18) Anf(cid:28)g is a restriction set, and f : A ! A is a (cid:12)nite relabeling. A (cid:12)nite relabeling satis(cid:12)es the properties f((cid:28)) = (cid:28), f(a) = f(a), and jf(cid:11)jf((cid:11))6=(cid:11)gj < 1. The set of all terms is abbreviated by P and, for convenience, we de(cid:12)ne L =df b faja2Lg. Moreover,weusethestandardde(cid:12)nitionsforthesemanticsort sort(P)(cid:18)(cid:3)[(cid:3)ofsometermP, free and bound variables (where (cid:22)x binds x), open and closed terms, and contexts (terms with a \hole"). A variable is called guarded in a term if each occurrence of the variable is in the scope of an action pre(cid:12)x. Moreover, we require for terms of the form (cid:22)x:P that x is guarded in P. We refer to closed and guarded terms as processes, with the set of all processes written as P, and denote syntactic equality by (cid:17). Semantics of TACS. The operational semantics of a TACS term P 2 P is given by a labeled transition b system hP;A[f(cid:27)g;(cid:0)!;Pi where P is the set of states, A[f(cid:27)g the alphabet, (cid:0)!(cid:18)P(cid:2)A[f(cid:27)g(cid:2)P the b b b b transition relation, and P the start state. Beforewe proceed, it is convenientto introduce sets U(P), for all terms P 2 P, which include the urgent actions, as discussed in the introduction, in which P can initially b engage. Thesesetsareinductivelyde(cid:12)nedalongthestructureofP,asshowninTable2.1. Strictlyspeaking, U(P) doesnotnecessarilycontainall urgentactions. Forexample,forP =(cid:28):0+(cid:27):a:0wehaveU(P)=f(cid:28)g, although action a is also urgent, because the clock transition of P is preempted according to our notion of maximalprogress. However,inthesequelweneedtheurgentactionsetofP onlyfordeterminingwhetherP can initially perform an urgent (cid:28). For this purpose, our syntactic de(cid:12)nition of urgent action sets is just (cid:12)ne since (cid:28) 2U(P) if and only if (cid:28) is urgent in P. Now, the operationalsemanticsfor action transitions and clocktransitions can be de(cid:12)ned via structural operational rules which are displayed in Tables 2.2 and 2.3, respectively. For action transitions, the rules areexactlythe same asforCCS, with the exception of ournew clock{pre(cid:12)xoperator. Forclocktransitions, 3 Table2.1 Urgentaction sets U(0) =df ; U(x) =df ; U(P nL)=df U(P)n(L[L) U((cid:11):P)=df f(cid:11)g U(P +Q)=df U(P)[U(Q) U(P[f]) =df ff((cid:11))j(cid:11)2U(P)g U((cid:27):P) =df ; U(PjQ) =df U(P)[U(Q)[f(cid:28)jU(P)\U(Q)6=;g U((cid:22)x:P) =df U(P) Table2.2 Operational semantics for TACS(action transitions) (cid:11) 0 (cid:0)(cid:0) P (cid:0)!P Act (cid:11) Pre (cid:11) 0 (cid:11):P (cid:0)!P (cid:27):P (cid:0)!P (cid:11) 0 (cid:11) 0 P (cid:0)!P Q(cid:0)!Q Sum1 (cid:11) 0 Sum2 (cid:11) 0 P +Q(cid:0)!P P +Q(cid:0)!Q (cid:11) 0 (cid:11) 0 a 0 a 0 P (cid:0)!P Q(cid:0)!Q P (cid:0)!P Q(cid:0)!Q Com1 (cid:11) 0 Com2 (cid:11) 0 Com3 (cid:28) 0 0 PjQ(cid:0)!P jQ PjQ(cid:0)!PjQ PjQ(cid:0)!P jQ (cid:11) 0 (cid:11) 0 (cid:11) 0 P (cid:0)!P P (cid:0)!P P (cid:0)!P Rel f((cid:11)) Res (cid:11) 0 (cid:11)2= L[L Rec (cid:11) 0 0 P nL(cid:0)!P nL (cid:22)x:P (cid:0)!P [(cid:22)x:P=x] P[f](cid:0)!P [f] our semantics is set up such that, if (cid:28) 2 U(P), then a clock tick (cid:27) of P is inhibited, in accordance with (cid:13) 0 our adapted variant of maximal progress. For the sake of simplicity, let us write P (cid:0)! P instead of 0 0 hP;(cid:13);P i2(cid:0)!, for (cid:13) 2A[f(cid:27)g, and say that P may engage in (cid:13) and thereafter behave like P . Sometimes (cid:13) 0 (cid:13) 0 it is also convenient to write P (cid:0)! for 9P :P (cid:0)!P . Accordingtoouroperationalrules,the action{pre(cid:12)x term (cid:11):P mayengagein action(cid:11) andthen behave like P. If (cid:11) 6= (cid:28), then it may also idle, i.e., engage in a clock transition to itself, as process 0 does. The clock{pre(cid:12)x term (cid:27):P can engage in a clock transition to P and, additionally, it can perform any action transition that P can since (cid:27) represents a delay of at most one time unit. The summation operator + denotes nondeterministic choice such that P +Q may behave like P or Q. Time has to proceed equally on both sides of summation, whence P +Q can engage in a clock transition and delay the nondeterministic choiceif and only if both P and Q can. As a consequence, e.g., process (cid:27):a:0+(cid:28):0 cannotengagein a clock transition;inparticular,aisnoturgent,butneverthelessithastooccurwithoutdelayifitoccursatall. The restriction operator nLprohibitsthe execution of actions in L[L and, thus, permits the scopingof actions. P[f] behaves exactly as P where actions are renamed by the relabeling f. The term PjQ stands for the parallel composition of P and Q according to an interleaving semantics with synchronized communication on complementary actions resulting in the internal action (cid:28). Again, time has to proceed equally on both sides of the operator. The side condition ensures that PjQ can only progress on (cid:27), if it cannot engage in anyurgentinternalcomputation,inaccordancewith ournotion ofmaximalprogress. Finally,(cid:22)x:P denotes recursion, i.e., (cid:22)x:P behaves as a distinguished solution of the equation x=P. TheoperationalsemanticsforTACSpossessesseveralimportantproperties,inanalogytomanytemporal process algebras[19, 38]. First, it is time{deterministic, i.e., processesreact deterministically to clock ticks, (cid:27) 0 (cid:27) 00 re(cid:13)ecting the intuition that progress of time does not resolve choices. Formally, P (cid:0)! P and P (cid:0)! P 0 00 0 00 implies P (cid:17)P , for all P;P ;P 2P. Second, according to our variant of maximal progress, a term P can b 4 Table2.3 Operational semantics for TACS(clock transitions) (cid:27) 0 (cid:27) 0 (cid:27) 0 (cid:0)(cid:0) P (cid:0)!P Q(cid:0)!Q P (cid:0)!P tNil (cid:27) tSum (cid:27) 0 0 tRes (cid:27) 0 0(cid:0)!0 P +Q(cid:0)!P +Q P nL(cid:0)!P nL (cid:27) 0 (cid:27) 0 (cid:27) 0 (cid:0)(cid:0) P (cid:0)!P Q(cid:0)!Q P (cid:0)!P tAct (cid:27) tCom (cid:27) 0 0 (cid:28) 2= U(PjQ) tRel (cid:27) 0 a:P (cid:0)!a:P PjQ(cid:0)!P jQ P[f](cid:0)!P [f] (cid:27) 0 (cid:0)(cid:0) P (cid:0)!P tPre (cid:27) tRec (cid:27) 0 (cid:27):P (cid:0)!P (cid:22)x:P (cid:0)!P [(cid:22)x:P=x] (cid:27) engage in a clock transition exactly if it cannot engage in an urgent internal transition. Formally, P (cid:0)! if and only if (cid:28) 2= U(P), for all P 2P. b We conclude this section by two simple lemmas which will be used in the next sections. The (cid:12)rst one highlights the implications of guardedness in our calculus. As with the abovementioned properties of time determinism and maximal progress, it can be proved via induction on the structure of P. 0 Lemma 2.1. Let P;P ;Q2P, let x2V be guarded in P, and let (cid:13) 2A[f(cid:27)g. b (cid:13) 0 (cid:13) 0 1. P (cid:0)!P implies P[(cid:22)x:Q=x](cid:0)!P [(cid:22)x:Q=x]. (cid:13) 0 00 (cid:13) 00 0 00 2. P[(cid:22)x:Q=x](cid:0)!P [(cid:22)x:Q=x] implies 9P 2P:P (cid:0)!P and P [(cid:22)x:Q=x](cid:17)P [(cid:22)x:Q=x]. b The second lemma concerns the sort of a term P, which is the set of labels of all transitions reachable in the transitionsystem with startstate P,i.e., sort(P)=df f(cid:11)2Aj9P0:P (cid:0)!(cid:3) P0 (cid:0)(cid:11)!g,where (cid:0)!(cid:3) denotes the re(cid:13)exive and transitive closure of (cid:0)! (when abstracting from transition labels). Lemma 2.2. The set sort(P) of any term P 2P is (cid:12)nite. b Thisstatementfollowsfromthefactsthattermshave(cid:12)nitelengthandthatrelabelingsf satisfythecondition jf(cid:11)jf((cid:11))6=(cid:11)gj <1. The above lemma establishes the well{de(cid:12)nedness of some terms constructed below, whichincludeageneralizationofthesummationoperatorindexedoveractionscontainedinsorts. Notethat TACS just provides a binary summation operator, i.e., only (cid:12)nite summations can be expressed. 3. Design Choices for (Bi)Simulation{basedFaster{than Relations. Inthefollowingwede(cid:12)ne a reference faster{than relation, called naive faster{than preorder, which is inspired by Milner’s notions of simulation and bisimulation [26]. Our main objective is to convince the reader that this simple faster{than preorder with its concise de(cid:12)nition is not chosen arbitrarily. This is done by showing that it coincides with two other preorders which formalize a notion of faster{than as well and which are possibly more intuitive. The semantic theory of our faster{than relation will then be developed in the next section. Definition 3.1 (Naive faster{than preorder). A relation R(cid:18)P(cid:2)P is a naive faster{than relation if the following conditions hold for all hP;Qi2R and (cid:11)2A. (cid:11) 0 0 (cid:11) 0 0 0 1. P (cid:0)!P implies 9Q:Q(cid:0)!Q and hP ;Qi2R. (cid:11) 0 0 (cid:11) 0 0 0 2. Q(cid:0)!Q implies 9P :P (cid:0)!P and hP ;Qi2R. (cid:27) 0 0 (cid:27) 0 0 0 3. P (cid:0)!P implies 9Q:Q(cid:0)!Q and hP ;Qi2R. A We write P (cid:24)nQ if hP;Qi2R for some naive faster{than relation R. 5 A Note that the behavioral relation (cid:24)n, as well as all other behavioral relations on processes de(cid:12)ned in the sequel, can be extended to open terms by the usual means of closed substitution [26]. It is fairly easy to A A see that (cid:24)n is a preorder, i.e., it is transitive and re(cid:13)exive; moreover, (cid:24)n is the largest naive faster{than relation. Technically speaking, the naive faster{than preorder re(cid:12)nes bisimulation on action transitions by A requiring simple simulation on clock transitions. Intuitively, P(cid:24)nQ holds if P is faster than (or at least as fast as) Q, and if both processes are functionally equivalent (cf. Clauses (1) and (2)). Here, \P is faster than Q"meansthe following: if P maylettime passandtheenvironmentofP hastowait,then this should alsobethecaseifoneconsiderstheslower(orequallyfast)processQinstead(cf.Clause(3)). However,ifQ lets time pass, then P is not required to match this behavior. Intuitively, we use bounded delays and are, accordingly,interestedinworst{casebehavior. Hence, clocktransitionsofthefastprocessmustbematched, butnotthoseoftheslowprocess;behaviorafteranunmatchedclocktransitioncanjustaswelloccurquickly without the time step, whence it is catered for in Clause (2). We come back to this issue shortly. As the naive faster{than preorder is the basis of our approach, it is very important that its de(cid:12)nition is intuitively convincing. There are two immediate questions which arise from our de(cid:12)nition and are dealt with separately in the following two sections. 3.1. Question I. The (cid:12)rst question emerges from the observationthat Clauses (1) and (3) of Def. 3.1 requirethat anactionoratime step ofP mustbe matched with just thisactionortime stepby Q. What if we areless strict? Maybe weshould allowthe slowerprocessQ to perform someadditional time steps when matchingthebehaviorofP. Thisideaisformalizedinthefollowingde(cid:12)nitionofavariantofourfaster{than (cid:27) + (cid:27) (cid:3) preorder, which we refer to as delayed faster{than preorder. Here, (cid:0)! and (cid:0)! stand for the transitive (cid:27) and the transitive re(cid:13)exive closure of the clock transition relation (cid:0)!, respectively. Definition 3.2(Delayedfaster{thanpreorder). Arelation R(cid:18)P(cid:2)P isa delayedfaster{thanrelation if the following conditions hold for all hP;Qi2R and (cid:11)2A. (cid:11) 0 0 (cid:27) (cid:3) (cid:11) (cid:27) (cid:3) 0 0 0 1. P (cid:0)!P implies 9Q:Q(cid:0)!(cid:0)!(cid:0)! Q and hP ;Qi2R. (cid:11) 0 0 (cid:11) 0 0 0 2. Q(cid:0)!Q implies 9P :P (cid:0)!P and hP ;Qi2R. (cid:27) 0 0 (cid:27) + 0 0 0 3. P (cid:0)!P implies 9Q:Q(cid:0)! Q and hP ;Qi2R. A We write P (cid:24)dQ if hP;Qi2R for some delayed faster{than relation R. A As usual, one can derive that (cid:24)d is a preorder and that it is the largest delayed faster{than relation. In A A the following we will show that both preorders (cid:24)n and (cid:24)d coincide. The proof of this (cid:12)rst coincidence resultis basedona syntacticrelation(cid:31) onterms, which is de(cid:12)ned next and whichis similartothe progress preorder used in [23]. The objective for its de(cid:12)nition is to provide a useful technical handle on the relation between clock transitions and speed, analogue to the \up to"{techniques employed for reasoning about (cid:27) 0 bisimulation [33]. Thus, the relation (cid:31) is constructed such that we have property ((cid:3)): P (cid:0)! P implies 0 0 P (cid:31)P, for any P;P 2P (cf. Prop. 3.7(1)). b Definition 3.3. The relation (cid:31) (cid:18) P (cid:2)P is de(cid:12)ned as the smallest relation satisfying the following 0 0 b b properties, for all P;P ;Q;Q 2P. b Always: (1) P (cid:31)P (2) P (cid:31)(cid:27):P 0 0 0 0 0 0 P (cid:31)P and Q (cid:31)Q implies: (3) P jQ (cid:31)PjQ (4) P +Q (cid:31)P +Q 0 0 (5) P nL(cid:31)P nL (6) P [f](cid:31)P[f] 0 0 P (cid:31)P and x is guarded in P implies: (7) P [(cid:22)x:P=x](cid:31)(cid:22)x:P 6 Notethatrelation(cid:31)isnottransitiveandthatitisnotonlyde(cid:12)nedforprocessesbutforarbitrary,especially (cid:27) 0 for open terms. The crucialclauses of the abovede(cid:12)nition are Clauses (2) and (7). Since we wantP (cid:0)!P 0 to imply P (cid:31) P, we clearly must include Clause (2). Additionally, Clause (7) covers the unwinding of (cid:27) recursion; for its motivation consider, e.g., the transition (cid:22)x:(cid:27):a:(cid:27):b:x(cid:0)!a:(cid:27):b:(cid:22)x:(cid:27):a:(cid:27):b:x. To establish the desired property ((cid:3)) of (cid:31), we need to state and prove some technical lemmas. The (cid:12)rst two lemmas are concerned with the preservation of (cid:31) under substitution and with the preservation of substitution by (cid:31), respectively. 0 0 Lemma 3.4. Let P;P ;Q2P such that P (cid:31)P, and let y2V. Then: b 0 1. y is guarded in P if and only if y is guarded in P . 0 2. P [Q=y](cid:31)P[Q=y]. 0 Proof. Both statements can be proved by induction on the inference length of P (cid:31) P. The only interestingcaseconcernsCase(7) of Def. 3.3, where,forboth parts, wecan assumey 6=x, since x is neither 0 0 0 free in P [(cid:22)x:P=x] nor in (cid:22)x:P. Now assume P [(cid:22)x:P=x](cid:31)(cid:22)x:P due to P (cid:31)P. 1. If there exists an unguardedoccurrenceof y in (cid:22)x:P, then there is alsoone in P and, by induction, 0 inP . Thelatteroccurrenceisalsopresentaftersubstituting(cid:22)x:P forx. Otherwise,y isguardedin 0 0 (cid:22)x:P, in P, and, by induction, in P . Hence, every free occurrence of y in P [(cid:22)x:P=x] either stems 0 0 from P and is guarded in P , or it is in a subterm of (cid:22)x:P, where it is guarded. 2. ByBarendregt’sAssumption,wemayassumethatthereisnofreeoccurrenceofxinQand,byinduc- 0 0 0 tion, P [Q=y] (cid:31) P[Q=y]. Hence, (P [(cid:22)x:P=x])[Q=y] (cid:17) (P [Q=y])[(cid:22)x:(P[Q=y])=x] (cid:31) (cid:22)x:(P[Q=y]) (cid:17) ((cid:22)x:P)[Q=y]. The other cases are straightforwardand, thus, are omitted here. 0 0 0 Lemma 3.5. Let P;Q;Q;R 2P and x 2V guarded in Q such that P (cid:31)Q (cid:17)Q[(cid:22)x:R=x]. Then there 0 b0 0 0 exists some P 2P satisfying P (cid:17)P [(cid:22)x:R=x] and P (cid:31)Q. b 0 0 Proof. The proofis byinduction on the sizeof Q, including a caseanalysison the structureof Q. The 0 only interesting case is Q (cid:17)(cid:22)y:S for some y 2V and S 2P, where we can assume P 6(cid:17)Q as well as y 6=x, b 0 0 and that y is not free in R. Now, Q (cid:17) (cid:22)y:(S[(cid:22)x:R=x]) and P (cid:17) S [(cid:22)y:S[(cid:22)x:R=x]=y] with S (cid:31) S[(cid:22)x:R=x]. 0 00 00 00 By induction hypothesis we can write S as S [(cid:22)x:R=x] for some S satisfying S (cid:31) S. We can further 00 write P as S [(cid:22)y:S=y][(cid:22)x:R=x] since y is not free in R. Finally, we may conclude this case by setting 0 00 P (cid:17)S [(cid:22)y:S=y]. This second lemma will become especially important in the next section (cf. Lemma 3.15). The following lemma relates (cid:31) to our notion of urgent action sets. Lemma 3.6. Let P;Q2P. b 1. If x is guarded in P, then U(P[Q=x])=U(P). 2. If Q(cid:31)P, then U(Q)(cid:19)U(P). Proof. The proof of Part (1) is an easy induction on the structure of P. Part (2) follows by induction on the inference length of Q(cid:31)P. Here, one needs to use Part(1) for Case (7) of Def. 3.3; observe that x is 0 guarded in P by Lemma 3.4(1). Now we have established the machinery which we need to provethe aboveproperty ((cid:3)) and, equally impor- tant, to prove that (cid:31) is a naive faster{than relation. 7

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.