Term Rewriting

Although there is no decision procedure Spec ` t = t<sup>0</sup> for every specification Spec = hΣ,Φ,Xi, there is a class of specification for which Spec ` t = t⁰ is decidable. This section shows how to compute the semantics of such specifications. There are several ways to derive semantics from the axioms:

denotationally (by defining a morphism to another algebra, e.g.,the natural numbers), axiomatically (i.e.,by equational logic) and operationally (i.e.,as sequences of computational steps). AlPiNAtakes the latter approach by usingTerm Rewriting (TR) [Ter03, DW91, ST11]. In this section, we present the formal grounds of TR that are necessary for its encoding in the DD framework that is presented in Section5.4. The standard definitions of TRare extended to support the rewriting of set of terms in a rewrite step, which is a major contribution of this work.

Term Rewritinguses a set ofdirected rewriting rules. These are derived from axioms specified in the data part of the model, by interpreting them from left to right. The derived rewriting rules must constitute an orthogonal (thus con-fluent) and terminating rewriting system, i.e.,rules must be left linear and non-overlapping, and any term must have a unique normal form. The normal form of a term is reached when no further rewriting rules can be applied on that term. A set of rewrite rules is said to be confluent when the result is independent of the sequence of applications of the rules, besides it is said to be terminatingif there exists no infinite sequence of applications.

In the following, we consider an algebraic specification Spec = hΣ,Φ,Xi with Σ = hS,≤,Fi a coherent signature, X a S-sorted set of variables, and Φ a set of axioms. First, we explain the link between equational logic and term rewriting, after what we give definitions and examples to illustrate the way term rewriting works as well as how to support the further developments exposed in Section 5.4.3. It is worth noting that the scope of some of the definitions has been deliberately reduced to what is supported by the approach. For instance, in ^AlPiNA only closed terms can be rewritten and reduced to a normal form.

80 Chapter 3. High-Level Petri Nets For a complete survey on equational logic and term rewriting, please refer to [Ter03,DW91,ST11].

Let us first recall some basic definitions ofAbstract Reduction System (ARS).

An ARSis a pair hA,→i, where the reduction→ is a binary relation on the set A, i.e.,→⊆ A × A. Instead of (a,b) we write a → b. The term reductionhas been chosen for in many cases, “something” decreases with each reduction step.

The key question is to decide whether two elements a and b are equivalent, i.e., a ↔^∗ b where ↔^∗ is called the convertibility relation and represents the symmetric transitive closureof →. In other words, a ↔^∗ b if there is a path betweenaandbwhere the arrows can be traversed in both directions, for instance, a→a₁ ←a₂ →a₃ →band thusa≡ b.

Equations can be seen as two-way rewriting systems. The main difference being that equations denote equality whereas rewrite rules treat equation direc-tionally. Rewrite rules provide a computationally effective representation for ob-jects that are otherwise defined using the algebraic approach (i.e.,equations plus initiality).

Definition 3.1.39 (Rewrite Rule). —LetΣ = hS,≤,Fibe an order-sorted sig-nature andXbe aS-sorted set of variables. A rewrite ruleρis a pairhl,riwhere

∃s∈S,l,r ∈(T_Σ,X)ss.t.l<X,var(r)⊆var(l). A rewrite ruleρis notedl→r.

A (conditional) rewrite rule derives from a (conditional) Σ-axiom if and only if all the variables that occur in the right hand side and in the conditions also occur in the left hand side (i.e.,no free variables). Besides, a single variable is not allowed as a right hand side as it would lead to ambiguities in the matching phase (see Def.3.1.46)

Definition 3.1.40 (Term Rewriting System). — Let Spec = hΣ,Φ,Xi be an order-sorted algebraic specification, a Term Rewrite System (TRS) consists of a pair R_Spec = hΣ,R_ΦiwhereΣ = hS,≤,Fiis the signature andR_Φ is the set of rewrite rule derived fromΦby orienting the equations ofΦ.

According to Theorem3.1.36that establishes the soundness and completeness of equational logic, proving that two termst,t⁰ ∈ T_Σ are equal amounts to find a derivation Spec ` t = t⁰ where Spec = hΣ,Φ,Xi is a specification as defined in Def.3.1.32. An important result of term rewriting states that convertibility and equational deduction are equivalent for a given specificationSpec.

3.1. Defining Data Types 81 Theorem 3.1.42. —LetSpec= hΣ,Φ,Xi, where→_RSpec be a single step rewrit-ing induced by R_Spec. The convertibility relation ↔^∗_R

Spec coincides with equality provable using the set of axiomsΦ:

t↔^∗_R

Spec t⁰ ⇔Spec`t =t⁰.

Proof. See the proof in [ST11].

Solving this problem by an undirected search along both→ and ← is very expensive. To circumvent that problem, the goal is to decide equivalence only by

“forward” reductions. In other words to reduce both elements to their normal form and to test whether they are identical. Nevertheless, for this approach to work, we need to take care of two problems that can occur:

• equivalent normal forms may not be syntactically equal, e.g.,there exists a path in↔^∗betweenaandbbut there exists nocsuch thata→^∗c←^∗ b;

• there may exist no normal forms. The reduction process may lead to an infinite chain of rule application,e.g., a→a₁ →a₂. . .→ an.

Therefore, this works only if→terminates and the normal forms are unique.

Theorem 3.1.43. — LetSpec = hΣ,Φ,Xibe an order-sorted algebraic specifi-cation, and let R_Spec be a completeTerm Rewrite System (TRS) (i.e.,confluent and terminating) then↔^∗_R

Specis decidable and therefore:

t↔^∗_R

Spec t⁰⇔ t↓≡ t⁰↓.

wheret↓(resp.t⁰↓) stands for the normal form oft(respt⁰) and≡is the syntactical equality.

Proof. See the proof in [ST11].

If finding a completeTRSis possible then we have a positive solution to the word (i.e.,validity) problem:

1. reducet(resp. t⁰) to their normal formt↓(resp. t⁰↓)

82 Chapter 3. High-Level Petri Nets 2. comparetandt⁰: t↔^∗_R

Spec t⁰ ifft↓ ≡t⁰↓

This means that given an order sorted specificationSpec = hΣ,Φ,Xi, ifR_Spec is a complete TRS then the initial term algebra T_Σ/↔∗

RSpec

is computable. Please note that the reverse is not necessarily true (at least using the original signature), namely there does not always exist a completeTRSfor a given algebra.

For the sake of coherence with the algebraic approach, we note T_Σ/≡Φ the initial algebra obtained by application of the rewriting rules derived fromΦ.

Unfortunately, it is not possible to find a complete TRSfor any arbitrary set of axiomsΦ, since not everyΦadmits a decidable validity problem.

Example 3.1.43. —Combinatory logic example of Barendegt [Bar84].

Fig. 3.4a presents an algebraic specification of the Booleans. Applying the axioms to the term ((true or (true or false))and false) would produce the se-quence of reduction of Fig.3.4b. In the second step, the first axiom (or(true,x)=x) is applied. The third step is the result of this application (called a reduction). The first axiom is again applied in the third step which results in the fourth. After what, the second axiom (and(false,x)=x) is applied. Finally, in the last step no more axioms are applicable and therefore the term is said to be in normal form.

Adt Boolean

1. ((true or (true or false)) and false)

2. ((true or (true or false| {z }

Figure 3.4: Computing the normal form of ((true or (true or false)) and false).

We now formally define the steps that have been previously intuitively ex-plained. Proving thatt⁰ can be derived fromt (one deriving step) implies to find

3.1. Defining Data Types 83 a unifier(i.e.,a substitution)θsuch thatθ^#(t) ≡ θ^#(t⁰). This operation called unifi-cationmeans that we can find a substitutionθto the variables of bothtandt⁰such that they are equal. Typically, finding a substitution is used to prove that the term to reduce satisfies the left hand side of a rewrite rule. After what, the matching left hand side is replaced by the right hand side of the rewrite rule instantiated with the same substitution. This operation is repeated until no more rule can be applied.

Definition 3.1.44 (Substitution). —LetΣ =hS,≤,Fibe an order-sorted signa-ture, letXbe a a S-sorted set of variables and let alsos,s⁰ ∈S be sorts such that s⁰ ≤ s. A substitutionθ ∈ Θin aS-sorted set of functions θ : Xs → (T_Σ)_s⁰. We naturally extendθto terms with variablesθ^# : (T_Σ,X)_s →(T_Σ,X)_s0 such that:

θ^#(t)











t7→ θ(t) ift∈Xs

f(t₁, . . . ,tn)7→ f(θ^#(t₁), . . . , θ^#(tn)) ift∈ T_Σ,X and f ∈Fs₁,...,sn,s

and withτ(θ^#(ti))≤ sifor any 1 ≤i≤n.

If a variable occurs more than once in a term, the term is said to be non-linear and the values matched by each occurrence of the variable are required to be equal.

Example 3.1.45. —Letθ :{xs →as⁰;ys→ bs}be a substitution with xs,ys∈ Xs, as⁰ ∈F_,s⁰,bs ∈F_,s, and s⁰≤ s. Then,t= f(xs,ys),θ^#(t)= f(as⁰,bs).

The action of finding a substitution θ^# such that θ^#(t) = θ^#(t⁰) is called the matching, which can be algorithmically performed and is detailed in [Ter03]. In-formally, a term pmatches another termt iffit is structurally equivalent modulo occurrences of variables (e.g., p = f(a,X) matches t = f(a,b) and results in a substitutionθ= {X :=b}.

Definition 3.1.46 (Matching). — Let p,t ∈ T_Σ,X and let also s,s⁰ ∈ S be sorts such that s⁰ ≤ s; pmatchest (pis also said to subsume t) if there exists θ ∈ Θ such thatθ^#(p)= t. The matching is defined as a functionpm: (T_Σ,X)_s×(T_Σ)_s⁰ → Θ ∪ {⊥}that tries to match the first argument (the pattern) that is more general with the second and returns a substitution if successful and⊥otherwise.

Matching may not occur at the top level. For instance, consider the following rewrite rule f(x,a) → a and the term g(f(b,a)). In that case the top term g(. . .)

84 Chapter 3. High-Level Petri Nets does not match the left hand side of the rule (f(x,a)) but its subterm does. In order to specify thepositionof the matching we define the notion ofcontext.

Definition 3.1.47 (Context). —A context is a term containing zero, one or more occurrences of a special constant symbol , denoting holes, i.e.,terms over the extended signatureΣ∪ {}. Example 3.1.48. —Let t = suc(suc(suc(0))) be a term, then the set of contexts oftareCt ={,suc(),suc(suc()),suc(suc(suc()))}.

In next chapters, we will encode the rewrite relation→⊆ T_Σ× T_Σupon homo-morphisms (see Section 5.4.4), which is not always possible because homomor-phisms are functions and therefore cannot handle non-determinism.

The idea is to split the deterministic part of the → relation from the non-deterministic part. Namely, the matching and the substitution that composes an atomic rewrite step are functions and in our case, homomorphisms while choosing the context might be non-determinist and is determined by the strat-egy (see Def.3.1.54). The reduction of a termtto a termt⁰ using a rewrite ruleρ is called anatomic rewrite step. Whenever the matching fails —i.e., pm(l,t) =⊥

— the termtis left unchanged for it means that the ruleρis not applicable.

Definition 3.1.49 (Atomic Rewrite step). —Letρ= hl,ribe a rewrite rule and letθbe a substitution such thatt = θ^#(l)∧t⁰ = θ^#(r). In term rewriting,θ^#(l) is called aredex, andθ^#(r) is called a contractum. The reduction of a contractum using a redex based on a rewrite ruleρ = hl,riis called an atomic rewrite step and is noted:

t→^ρ t⁰

Aatomic rewrite step matches a term tusing the left hand sidel of the rewrite ruleρand applies the found substitution to the right hand side of the rule:

t⁰= rewρ(t)=

In the sequel, as we only consider functional atomic steps, we may use the functional notation for an atomic rewrite steprewρ(t)= t⁰instead oft→^ρ t⁰.

3.1. Defining Data Types 85 Example 3.1.50. —Let us consider the following rewrite ruleρ: f(x,a) →g(x) and the term f(b,a). In that case, an atomic rewrite step is f(b,a)→^ρ g(b) where θ= {x7→ b},θ^#(f(x,a))= f(b,a) is a redex,θ^#(g(x))= g(b) is a contractum.

Given a term, it may contain one or more occurrences of redexes. A rewrite step consists of contracting one of these,i.e.,replacing the redex by its contractum.

For instance, applying the rewrite rule ρ : f(x,y) → y on the term f(a, f(b,a)) results in two possible contractums — f(a,a) or f(b,a) — depending on which context — f(a, f(b,a)) or f(b,a) — the rule is applied.

This is an essential source of non-determinism and must therefore be handled properly for the rewriting to remain functional. This property is mandatory for the encoding of the rewriting using theDecision Diagramframework as proposed in Section5.4.

Definition 3.1.51 (Rewrite step). — Letρ : l → rbe a rewrite rule, a rewrite step consists of contracting a redex within an arbitrary context: C[θ^#(l)] →^ρ C[θ^#(r)] with θ^#(l) →^ρ θ^#(r). Given two terms t,t⁰ ∈ T_Σ, we write t →^ρ,c t⁰ if t rewrites tot⁰using ruleρunder contextc.

A context and a rewrite rule completely determine a rewrite step and thus remove the non-deterministic part transforming the relation to a function.

Example 3.1.52. — Let us consider the following rewrite rule ρ : f(x,a) → a and the termg(f(b,a)). In that case, a rewrite step isC[θ^#(l)] →^ρ C[θ^#(r)] where θ = {x 7→ b}, C[] = g(), l = f(x,a) and finally r = a. Thus, we obtain g(f(b,a))→g(a).

Informally, a rewrite step is one reduction of a term towards its normal form.

Thenormal formbeing the state in which no more reduction can be applied.

Definition 3.1.53 (The transitive closure of the rewrite relation). —LetR_Spec be a complete TRS and let a termt ∈ T_Σ, t is said to be innormal form (irre-ducible) iff: @t⁰ ∈ T_Σsuch thatt →R_Spec t⁰. The successive application of→ is noted→ⁿwithn> 0 the number of applications. The transitive closure is noted

→^∗namelytis reducible tot⁰in a finite number of steps:

t→^∗_R

Spec t⁰

86 Chapter 3. High-Level Petri Nets In order to find a context, one has to decide how to traverse the term. This is called astrategy. For instance, it is possible to start by rewriting the innermost term or the outermost one. This requires a strategy for selecting the order in which subterms are rewritten.

The innermost strategy applies rules throughout a term from inner to outer terms, starting with the leaves. The strategy also decides which rewrite rule to apply if several are applicable at a specific context. Consider the following rules:

ρ1 : f(x)→ h(x) andρ2 :c → e. The termh(f(c)) has two different derivations:

h(f(c))→h(f(e))→ h(h(e)) orh(f(c))→ h(h(c))→h(h(e)).

Choosing the context may be non-deterministic and so may be the strategy. In the following we only consider deterministic strategies for we required the strate-gies to be functional in order to be implemented as homomorphisms (see Sec-tion5.4.4).

Informally, a strategy is a function that chooses what rewrite rule to apply on which part of the term by leveraging the pattern matching and the substitution that have been previously defined. Here≡stands for the syntactical equality.

Definition 3.1.54 (Functional Strategy). — Let R_Spec be a completeTRS. A one-step reduction strategySforR_Specis a functionS_RSpec :T_Σ→ T_Σsuch that:

• SR_Spec(t)≡tifft ∈ T_Σ is in normal form,

• ht, S_RSpec(t)i ∈→R_Spec otherwise.

As reaching a normal form usually requires more than one rewrite-step, we de-fine a many-step reduction strategy S forR_Spec as a functionS_RSpec : T_Σ → T_Σ such that:

• SR_Spec(t)≡tifft ∈ T_Σ is in normal form,

• ht,S_RSpec(t)i ∈→⁺_R

Spec with→⁺_R

Spec the transitive closure of→_RSpec.

S is said to be normalizing iff ∀t ∈ T_Σ, there is no infinite sequence t → SR_Spec(t)→R_Spec SR_Spec(SR_Spec(t))→R_Spec . . .

We can now define the function that computes the normal form of a term given aTRSand a strategy.

3.1. Defining Data Types 87 Definition 3.1.55 (Rewrite function). —LetR_Specbe a TRS, and letS_RSpec be a strategy of application of the rules ofR_Spec. The rewriting functionrewSRSpec : T_Σ → T_Σcomputes, for a given strategy and a givenTRS, the normal form of its argument.

As our ultimate goal is to rewrite set of terms, we have to define what it means. The naive approach would not work because the operation must be homomorphic for reasons explained later in Section5.4.4.

Example 3.1.56. —Consider the following rules: ρ1 : f(x) →h(x) andρ2 : c→ e. The following derivations of the elements of the set of termsT ={h(f(c)), f(c)}

defined by {h(f(c)), f(c)} → {h(f(e)),h(c)} → {h(h(r)),h(e)}are not linear with respect to the union of the elements because the first derivation applies ρ2 to the first term andρ1 to the second one.

To overcome the problem shown in Example3.1.56and thus to preserve the linearity, we extend the rewrite function defined in Def.3.1.55to set of terms in a linear way.

Definition 3.1.57 (Linear rewrite function on a set of terms). —LetR_Specbe aTRSandSa strategy,RewSRSpec extendsrewSRSpec to set of terms:

RewSRSpec(T) = [

t∈T

{rewSRSpec(t)} (3.1.1)

RewSRSpec(∅) = ∅ (3.1.2)

This definition avoids the non-determinism induced by the possibility of choosing different strategies for each term. To overcome this problem, we define a rewrite function on set of terms that always applies the same rewrite rule for all identical terms.

Dans le document High-level Petri net model checking : the symbolic way (Page 128-136)