Semantics for Action Renement

Since RWT Nets by denition are a subclass of WT Nets, all of the net semantics developed in Chapter 3 are well-dened on RWT Nets. This section shows that all of these semantics are compositional for action renement, except for [[]]^MUSTand [[]]^TEST.

Proposition 5.2.1

[[]]^MUST and [[]]^TEST are not compositional for RWT Nets as either targets or operators of action renement.

By Theorem 3.2.47, [[]]^TESTsplit--equality implies [[]]^TEST-equality. The proposition is then a simple consequence of Proposition 3.2.33 and Proposition 5.1.8.

The following denitions will be useful in proving the compositionality of the other seman-tics.

Denition 5.2.2

Let

p

be a pomset over an alphabet Act, let

A

Act^,fpg, and let

f

map every event

e

in

p

whose label is in

A

to some (possibly empty) pomset

p

eover Act. The pomset

q

=

p

[

A

:=

f

] is dened as:

Eventsq =^f(

e;

):

e

²Eventsp and

l

p(

e

)⁶²

A

^g

[f(

e;e

⁰):

e

²Eventsp

; l

p(

e

)²

A

and

e

⁰²Eventsp^eg.

l

q((

e;

)) =

l

p(

e

) and

l

q((

e;e

⁰)) =

l

p^e(

e

⁰).

For all (

e

1

;

1)

;

(

e

2

;

2) ² Eventsq, (

e

1

;

1)

<

q (

e

2

;

2) i either

e

1

<

p

e

2 or (

e

1 =p

e

2,

l

p(

e

1)²

A

, and

1

<

p^e1

2).

If

A

is a singleton set ^f

a

^g, we write

p

[

a

:=

f

] to denote

p

[^f

a

^g:=

f

].

Since non-maximal events in a pomset-trace of a target net represent \fully red" transitions, we must be careful to replace them only with \successfully terminated" pomset-traces of the renement nets. The following denition reects this fact:

Denition 5.2.3

Let

PT

and

PT

a be sets of pomsets over a common alphabet, Act, and let

a

²Act^,fpg. Then:

h

PT;

Actⁱ[

a

:=^h

PT

a

;

Actⁱ]^def= augment(^f

p

[

a

:=

f

]:

p

²

PT

and

f

maps every

a

-labeled event

e

in

p

to some pomset

p

e in

PT

a such that

if

e

⁶²max(

p

) then

p

e;^p2

PT

a^g)

Denition 5.2.4

Let

p

be a pomset over an alphabet Act, let

D

p be a (possibly empty) set of downward-closed subsets of Eventsp, and let

A

Act. Let

g

map every event

e

in

p

whose label is in

A

to some pair^h

p

e

;D

eⁱ, where

p

e is a (possibly empty) pomset over Act and

D

e is a (possibly empty) set of downward-closed subsets of Eventsp^e. Then ^h

q;D

qⁱ=^h

p;D

pⁱ[

A

:=

g

] is dened as:

q

=

p

[

A

:=

f

], where dom(

f

) = dom(

g

) and

f

(

e

) =

p

e(= fst(

g

(

e

))) for every event

e

²dom(

g

).

D

q =^fdown_q(^f(

e;

)²Eventsq:

e

²

d

^g):

d

²

D

p^g

[fdownq(^f

e

^g

d

):

e

²Eventsp

; l

p(

e

)²

A; d

²

D

e

;

and

d

⁶=^;g

[fdownq(^f(

e

⁰

;

)²Eventsq:

e

⁰

<

p

e

^g):

e

²Eventsp

; l

p(

e

)²

A;

and ^;2

D

e^g

Since

a

0-labeled events of dupl-split nets represent \fully red" transitions, we must be care-ful to replace them only with \successcare-fully terminated" pomset-traces of the renement net.

Similarly, since

a

1-labeled events of dupl-split nets represent \half red" transitions, we must be careful to replace them only with \non-terminated" pomset-traces of the renement net.

Furthermore, in order to be sure that the failure sets corresponding to these non-terminated pomset-traces remain valid after renement, we require that these failure sets contain ^p; this ensures that new actions do not become ready by \looking through" the

-transition corre-sponding to successful termination. As in the semantic denition of CSP-style parallel com-position, we only rene 1-2-respecting pomsets to avoid confusion between \non-matching"

a

1

and

a

2-labeled actions.

As evidenced by Proposition 5.1.8, hiding is denable from action renement. More gener-ally, rening

a

-labeled transitions with any net that can successfully terminate after ring some

nite sequence of

-transitions will have the possible eect of hiding the

a

-labeled transitions, and hence may create additional divergences. In order to simplify our denition of action rene-ment on sets of pomset-failures and pomset-divergences, we rst dene a replace operator that ignores the eects of hiding on pomset-divergences (but does account for the independent eects on pomset-failures). Using this replace operator, we then dene a semantic action renement operator that properly accounts for all the eects of hiding.

Denition 5.2.5

Let Act be a nite alphabet containing the distinguished symbol ^p, let Act⁰ = ^f

a

i:

a

²Act^,fpgand 0

i

2^g[f

;

^pg, and let

a

² Act^,fpg. Let

PF;PF

a be sets of pomset-failures over Act⁰, and let

PD;PD

a be sets of pomset-divergences over Act⁰. Then:

h

PF;PD;

Act⁰ⁱ[

a

replace ^h

PF

a

;PD

a

;

Act⁰ⁱ]^def= ^h

PF

⁰

;PD

⁰

;

Act⁰ⁱ

;

where

PF

⁰⁰ = ^fh

p

[^f

a

0

;a

1^g:=

f

]

;F

⁰ⁱ:^h

p;F

pⁱ²1-2-respect(

PF

) for some

F

p

;

and

f

maps every event

e

in

p

with

l

p(

e

)^2f

a

0

;a

1^g

to some pomset-failure ^h

p

e

;F

eⁱin

PF

a such that if ^hp

;

^;i2

PF

a then

a

0²

F

p

;

if

l

p(

e

) =

a

0 then^h

p

e;^p

;

^;i2

PF

a

;

if

l

p(

e

) =

a

1 then^p2

F

e and

p

e contains no ^p-labeled events, and

F

⁰(

F

p^[

X

)^\Tf

F

e:

l

p(

e

) =

a

1^g

;

where

X

=^f

a

0

;a

1

;a

2^g,init(

PF

a)^g

PD

⁰⁰ = ^fh

p;D

pⁱ[^f

a

0

;a

1^g:=

g

]:^h

p;D

pⁱ²1-2-respect(

PF

)^[1-2-respect(

PD

)

;

D

p is a (possibly empty) set of downward-closed subsets of Eventsp

; g

maps every event

e

in

p

with

l

p(

e

)^2f

a

0

;a

1^g

to some ^h

p

e

;D

eⁱin

PF

a^[

PD

a such that

D

e is a (possibly empty) set of downward-closed subsets of Eventsp^e

; D

p^[Sf

D

e:

e

²dom(

g

)^gis non-empty

;

and if

l

p(

e

) =

a

0 then^h

p

e;^p

;

^;i2

PF

a^g

PF

⁰ = augment(0-split(

PF

⁰⁰))^[implied-failures^Act0(

PD

⁰)

PD

⁰ = augment(extend^Act0(0-split(

PD

⁰⁰)))

We now dene the semantic action renement to reect the hiding behavior of action re-nement:

Denition 5.2.6

Let Act be a nite alphabet containing the distinguished symbol ^p, let Act⁰ = ^f

a

i:

a

²Act^,fpgand 0

i

2^g[f

;

^pg, and let

a

² Act^,fpg. Let

PF;PF

a be sets of pomset-failures over Act⁰, and let

PD;PD

a be sets of pomset-divergences over Act⁰. Furthermore, let

a

⁰be an action not in Act^[Act⁰. The following denitions use the operations presented in Denition 3.2.45 and Denition 5.2.5.

If^hp

;

^;i62

PF

a, then

h

PF;PD;

Act⁰ⁱ[

a

:=^h

PF

a

;PD

a

;

Act⁰ⁱ]^def= ^h

PF;PD;

Act⁰ⁱ[

a

replace^h

PF

a

;PD

a

;

Act⁰ⁱ]

Otherwise, if ^hp

;

^;i2

PF

a, then

h

PF;PD;

Act⁰ⁱ[

a

:=^h

PF

a

;PD

a

;

Act⁰ⁱ]

def=

(((

choice

(a;a;a⁰)(^h

PF;PD;

Act⁰ⁱ

grow

^f

a

^0g))

hide a

⁰)

shrink

Act⁰)[

a

replace^h

PF

a

;PD

a

;

Act⁰ⁱ] We now show that our [[]]^MAY, [[]]^MUSTsplit-, and [[]]^TESTsplit- semantics are compositional for nets as targetsand operators of action renement. As discussed in the Introduction, this is in contrast to the semantics of [47], which is not compositional for nets as action renement operators.

Theorem 5.2.7

[[]]^MAY, [[]]^MUSTsplit-, and [[]]^TESTsplit- are compositional for RWT Nets as targets and operators of action renement.

Proof.

Let Act be a nite alphabet containing^p, let

a

²Act^,fpg, and let^h

N;

Actⁱ

;

^h

N

a

;

Actⁱ be RWT Nets.

To prove compositionality of the [[]]^MAY semantics, we rst observe that as a simple conse-quence of Lemma 5.1.5, Lemma 5.1.6, and the denition of pomset-traces and pomset-runs,

pomset-traces(^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]) =

f

p

[

a

:=

f

] :

p

²pomset-traces(^h

N;

Actⁱ) and

f

maps every

a

-labeled event

e

in

p

to some pomset

p

e in pomset-traces(^h

N

a

;

Actⁱ) such that

if

e

⁶²max(

p

) then

p

e;^p2pomset-traces(^h

N

a

;

Actⁱ)^g The details are straightforward and are left to the reader.

It is now easy to see that

[[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MAY= [[^h

N;

Actⁱ]]^MAY [

a

:=[[^h

N

a

;

Actⁱ]]^MAY]

;

where the action renement operation on the right-hand side of the equation is that given in Denition 5.2.3.

We now prove compositionality of the [[]]^MUSTsplit- semantics. For the rst case, suppose that

h

p

;

^;i62fst([[^h

N

a

;

Actⁱ]]^MUSTsplit-). As a consequence of Lemma 5.1.5, Lemma 5.1.6, and the deni-tion of pomset-runs, pomset-traces, pomset-failures, and pomset-divergences, we have

pomset-failures(^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]) =

0-split(^fh

p

[^f

a

0

;a

1^g:=

f

]

;F

⁰ⁱ : ^h

p;F

pⁱ²1-2-respect(pomset-failures(^h

N;

Actⁱ)) for some

F

p

;

and

f

maps every event

e

in

p

with

l

p(

e

)^2f

a

0

;a

1^g

to some pomset-failure^h

p

e

;F

eⁱof ^h

N

a

;

Actⁱ such that if

l

p(

e

) =

a

0 then^h

p

e;^p

;

^;i2pomset-failures(^h

N

a

;

Actⁱ)

;

if

l

p(

e

) =

a

1 then^p2

F

e and

p

e contains no ^p-labeled events, and

F

⁰(

F

p^[

X

)^\Tf

F

e:

l

p(

e

) =

a

1^g

;

where

X

=^f

a

0

;a

1

;a

2^g,init(pomset-failures(^h

N

a

;

Actⁱ))^g)

pomset-divergences(^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]) =

0-split(^fh

p;D

pⁱ[^f

a

0

;a

1^g:=

g

]:

D

p is a (possibly empty) set of downward-closed subsets of Eventsp

;

h

p;D

pⁱ²1-2-respect(pomset-failures(^h

N;

Actⁱ))^[1-2-respect(pomset-divergences(^h

N;

Actⁱ))

; g

maps every event

e

in

p

with

l

p(

e

)^2f

a

0

;a

1^g

to some ^h

p

e

;D

eⁱin pomset-failures(^h

N

a

;

Actⁱ)^[pomset-divergences(^h

N

a

;

Actⁱ) such that

D

e is a (possibly empty) set of downward-closed subsets of Eventsp^e

; D

p^[Sf

D

e:

e

²dom(

g

)^gis non-empty

;

and if

l

p(

e

) =

a

0 then^h

p

e;^p

;

^;i2pomset-failures(^h

N

a

;

Actⁱ)^g) The details are straightforward but tedious and are left to the reader.

We now show that for the case when^hp

;

^;i62fst([[^h

N

a

;

Actⁱ]]^MUSTsplit-),

[[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MUSTsplit- = [[^h

N;

Actⁱ]]^MUSTsplit- [

a

:=[[^h

N

a

;

Actⁱ]]^MUSTsplit-]

;

where the action renement operation on the right-hand side of the equation is that given in Denition 5.2.6.

One direction is a simple consequence of the denition of [[]]^MUSTsplit-, Denition 5.2.6, and the highlighted equality above for the pomset-failures and pomset-divergences of the rened net.

For the other direction, let ^h

r;D

r^{i 2} snd([[^h

N;

Actⁱ]]^MUSTsplit-[

a

:=[[^h

N

a

;

Actⁱ]]^MUSTsplit-); then ^h

r;D

r^{i 2}

augment(extend^Act(^h

q;D

qⁱ)) for some pomset-divergence ^h

q;D

qⁱ such that ^h

q;D

qⁱ =

h

q

1

;D

q¹ⁱ[^f

a

0

;a

1^g:=

g

] for some ^h

q

1

;D

q^{1i 2} [[^h

N;

Actⁱ]]^MUSTsplit- and some

g

mapping

a

0-labeled and

a

1-labeled events

e

of

q

1to [[^h

N

a

;

Actⁱ]]^MUSTsplit-. In turn, ^h

q

1

;D

q¹ⁱ²augment(extend^Act(^h

p

1

;D

p¹ⁱ)) for some ^h

p

1

;D

p¹ⁱ that is a pomset-divergence/pomset-failure of

N

, and each

g

(

e

)

2augment(extend^Act(^h

p

e

;D

p^ei)) for some ^h

p

e

;D

p^ei that is a pomset-divergence/pomset-failure of

N

a. It is easy to show that^h

q;D

qⁱ²augment(extend^Act(^h

p

1

;D

p¹ⁱ[^f

a

0

;a

1^g:=

g

⁰]), where

g

⁰ is the restriction of

g

to

a

0-labeled and

a

1-labeled events

e

of

p

1. Hence, the highlighted fact above together with the denition of [[]]^MUSTsplit- implies that^h

q;D

qⁱ²snd([[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MUSTsplit-).

It now follows from Proposition 3.2.18 that^h

r;D

r^{i 2}snd([[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MUSTsplit-). The proof for pomset-failures in ^h

r;D

r^{i 2}fst([[^h

N;

Actⁱ]]^MUSTsplit-[

a

:=[[^h

N

a

;

Actⁱ]]^MUSTsplit-]) is similar and is left to the reader.

The other case, when^hp

;

^;i2fst([[^h

N

a

;

Actⁱ]]^MUSTsplit-), then follows from the above proof, De-nition 5.2.6, Theorem 3.2.46, and the following easily proved fact: if^hp

;

^;i2fst([[^h

N

a

;

Actⁱ]]^MUSTsplit-), then

[[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MUSTsplit-

(((

choice

(a;a;a⁰)([[^h

N;

Actⁱ]]^MUSTsplit-

grow

^f

a

^0g))

hide

=

a

⁰)

shrink

Act⁰)[

a

replace[[^h

N

a

;

Actⁱ]]^MUSTsplit-] The details are left to the reader.

In order to prove compositionality of the corresponding interval semantics, we will need the following facts about rening interval pomsets and interval pomset-divergences:

Proposition 5.2.8

Let

q

be an interval pomset such that

q

²augment(

p

[

a

:=

f

]) for some pom-set

p

and function

f

mapping

a

-labeled events in

p

to pomsets. Then

q

²augment(

p

⁰[

a

:=

f

⁰]) for some interval pomset

p

⁰

p

and some function

f

⁰mapping

a

-labeled events in

p

⁰to interval pomsets such that

f

⁰(

e

)

f

(

e

) for all

e

²dom(

f

).

Proposition 5.2.9

Let^h

q;D

qⁱbe an interval pomset-divergence such that

h

q;D

qⁱ²augment(^h

p;D

pⁱ[

A

:=

g

]) for some pomset-divergence ^h

p;D

pⁱ and function

g

mapping events in

p

with labels in

A

to pomset-divergences. Then^h

q;D

q^{i 2}augment(^h

p

⁰

;D

p⁰ⁱ[

A

:=

g

⁰]) for some interval pomset-divergence^h

p

⁰

;D

p^0ih

p;D

pⁱand some function

g

⁰mapping events in

p

⁰ with labels in

A

to interval pomset-divergences such that

g

⁰(

e

)

g

(

e

) for all

e

²dom(

g

).

Using Lemmas 3.3.7 and 3.3.8 to account for the possible hiding eect of action renement, the proofs of the propositions are straightforward and left to the reader.

We now have:

Theorem 5.2.10

The [[]]^MAYintvl, [[]]^MUSTintvl-, and [[]]^TESTintvl- are compositional for RWT Nets as targets and operators of action renement.

Proof.

Let Act be a nite alphabet containing^p, let

a

²Act^,fpg, and let^h

N;

Actⁱ

;

^h

N

a

;

Actⁱ be RWT Nets.

We show that the following identities hold, where operations on the right-hand side of the equations are those given in Denition 5.2.3 and Denition 5.2.6.

[[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MAYintvl = intervals([[^h

N;

Actⁱ]]^MAYintvl [

a

:=[[^h

N

a

;

Actⁱ]]^MAYintvl]) [[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MUSTintvl- = intervals([[^h

N;

Actⁱ]]^MUSTintvl- [

a

:=[[^h

N

a

;

Actⁱ]]^MUSTintvl-])

The identity for [[]]^MAYintvl is a simple consequence of the augmentation-closure of the [[]]^MAY semantics, Theorem 5.2.7, and Proposition 5.2.8.

It is easy to see that one direction of the equation for [[]]^MUSTintvl- follows easily from Theo-rem 5.2.7 and the monotonicity of the action renement operation. For the other direction, let

h

r;D

rⁱ²snd([[^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]]]^MUSTintvl-); then^h

r;D

rⁱ²intervals(augment(extend^Act(^h

p;D

pⁱ))) for some pomset-divergence^h

p;D

pⁱof^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ]. By Lemma 3.2.15and Lemma 3.3.9, there is some interval pomset-divergence^h

q;

^f

d

^0ggisuch that^h

r;D

rⁱ²augment(extend^Act(^h

q;

^f

d

^0gi)),

q

is an augmentation of a prex of

p

and

d

⁰

d

for some

d

²

D

p. By Proposition 3.2.14,

h

q;

^f

d

^0gi2extend^Act(augment(pomset-divergences(^h

N;

Actⁱ[

a

:=^h

N

a

;

Actⁱ])))

:

It then follows easily from the highlighted fact in the proof of Theorem 5.2.7 that ^h

q;

^f

d

^0gi2 extend^Act(augment(0-split(^h

p

⁰

;D

p⁰ⁱ))) for some ^h

p

⁰

;D

p^0i2h

p

1

;D

1ⁱ[^f

a

0

;a

1^g:=

g

], where ^h

p

1

;D

1ⁱ

is an appropriate pomset-divergence or pomset-failure and

g

is a suitable function.

It follows from Lemma 3.3.9 and Proposition 5.2.9 that there are some interval pomset-divergences ^h

q

⁰

;D

q^{0i h}

p

⁰

;D

p⁰ⁱ,^h

q

1

;D

q^{1i h}

p

1

;D

1ⁱ and

g

⁰(

e

)

g

(

e

) for all

e

²dom(

g

), such that^h

q;

^f

d

^0gi2extend^Act(augment(0-split(^h

q

⁰

;D

q⁰ⁱ)))and^h

q

⁰

;D

q⁰ⁱ²augment(^h

q

1

;D

q¹ⁱ[^f

a

0

;a

1^g:=

g

⁰]).

From the denition of 0-split and augment and Lemma 3.2.16, it is easy to see that

h

q;

^f

d

^0gi2augment(extend^Act(0-split(^h

q

1

;D

q¹ⁱ[^f

a

0

;a

1^g:=

g

⁰])))

:

The desired equality then follows easily. The proof for pomset-failures is similar, except that it uses Proposition 5.2.8 as well.

We then have:

Theorem 5.2.11

The [[]]^MAYintvl, [[]]^MUSTintvl-, and [[]]^TESTintvl- semantics are respectively fully abstract for may-equivalence, must-equivalence, and Testing-equivalence with respect to alphabet expan-sion and action renement.

Proof.

It is easy to see from the denitions of the [[]]^TESTsplit- and [[]]^TESTintvl- that [[]]^TESTsplit- -equality implies [[]]^TESTintvl--equality. Thus, Proposition 5.1.8 shows that split renements, choice renements, and CCS choice can be dened from action renement up to [[]]^TESTintvl--equality. The theorem is then a simple consequence of Theorem 3.3.11 and Theorem 5.2.10.

Dans le document Observing True" Concurrency (Page 111-117)