On Internalizing Modules as Agents in Concurrent Constraint Programming

(1)

HAL Id: inria-00096644

https://hal.inria.fr/inria-00096644v3

Submitted on 26 Sep 2006

HAL is a multi-disciplinary open access

archive for the deposit and dissemination of

sci-entific research documents, whether they are

pub-L’archive ouverte pluridisciplinaire HAL, est

destinée au dépôt et à la diffusion de documents

scientifiques de niveau recherche, publiés ou non,

Constraint Programming

Remy Haemmerle, Francois Fages, Sylvain Soliman

To cite this version:

Remy Haemmerle, Francois Fages, Sylvain Soliman. On Internalizing Modules as Agents in Concurrent

Constraint Programming. [Research Report] RR-5981, INRIA. 2006. �inria-00096644v3�

(2)

inria-00096644, version 2 - 21 Sep 2006

a p p o r t

d e r e c h e r c h e

Thème SYM

On Internalizing Modules as Agents in Concurrent

Constraint Programming

Rémy Haemmerlé — François Fages — Sylvain Soliman

N° 5981

(3)

(4)

Rémy Haemmerlé, François Fages , SylvainSoliman

ThèmeSYMSystèmessymboliques

ProjetContraintes

Rapportdere her he n°5981 Septembre200630pages

Abstra t: Module systems are an essential feature of programming languages asthey

fa ilitatethere-useofexisting odeandthedevelopmentofgeneralpurposelibraries. There

arehowevertwosomewhat ontradi torywaysoflookingatmodulesinagivenprogramming

language. On theone hand,module systems arelargely independent of theparti ulars of

programminglanguages,andseveralexamplesofmodulesystemshaveindeedbeenadapted

todierentprogramminglanguages.Ontheotherhand,themodule onstru tsoften

inter-ferewiththeprogramming onstru ts,andmayberedundantwithothers opeme hanisms

ofprogramminglanguages,su has losuresforinstan e. Thereisthereforeaneedtounify

theprogramming on eptsand onstru tsthat aresimilar, andretain aminimumnumber

ofessential onstru tstoavoidarbitraryprogramming hoi es. Inthispaper,werealizethis

aimin theframeworkof linearlogi on urrent onstraintprogramming(LCC) languages.

Werstshowhowde larationsand losures anbeinternalizedasagentsin LCC.Wethen

presentamodularversionofLCC(MLCC),wheremodulesarereferen edbyvariablesand

where implementation hidingisobtainedwith theusual hidingoperator forvariables. We

develop the logi al semanti s of MLCC in linear logi , and show the ompleteness of the

operationalsemanti sfortheobservationofsu essesanda essiblestores. Finallywe

dis- ussa omplete module systemfor onstraintlogi programming,derivedfrom theMLCC

s heme.

(5)

Résumé: Lessystèmesdemodulessontuntraitessentieldeslangagesdeprogrammation,

ar ils fa ilitent la réutilisation du ode préexistant et le développement de bibliothèques

génériques. Il y a ependant deux façons quelque peu ontradi toires de onsidérer les

modules dans un langage de programmation. D'un oté, les systèmes de modules sont

largement indépendants des parti ularités d'un langage de programmation, et plusieurs

exemplesdesystèmesdemodulesonteneetétéadaptésàdiérentslangagesdeprogrammation.

D'un autre oté, les onstru tions de modules interfèrent souvent ave les opérateurs de

programmation, et peuvent être redondants ave d'autresmé anismes de liaison, telsque

lesfermeturesparexemple. Ilyadon unbesoinpourunierles on eptsetopérateursde

programmationquisontsimilaires,etretenirunnombreminimalde onstru tionsessentielles

an d'éviter des hoix arbitrairesde programmation. Dans et arti le, nous réalisons et

obje tif dans le ontexte des langages de programmation on urrente ave ontraintes en

logiquelinéaire(LCC).Nousmontrons d'abord ommentlesdé larations etles fermetures

peuventêtreinternalisées ommedesagentsLCC,puisnousprésentonsuneversionmodulaire

deLCC(MLCC)oùlesmodulessontréféren éspardesvariableslogiques,etoùlemasquage

del'implantationest obtenuàl'aidedel'opérateurusuelde masquagedesvariables. Nous

développonslasémantiquelogiquedeMLCC,et démontronsla orre tionetla omplétude

de la sémantique opérationnelle pour l'observation des stores a essibles et des su ès.

Finalement nous présentons un système de modules pour la programmation logique ave

ontraintesdérivédeMLCC.

(6)

1 Introdu tion

Module systems are an essential feature of programminglanguages as they fa ilitate the

re-useofexisting odeandthedevelopmentofgeneralpurposelibraries. Therearehowever

two ontradi torywaysoflookingatamodule system. Ontheonehand,amodulesystem

is essentiallyindependent ofthe parti ulars ofa given programminglanguage. Modular

modulesystemshavethusbeendesignedandindeedadaptedtodierentprogramming

lan-guages[13℄. On theother hand,module onstru tsoften interfere with the programming

onstru tsandmayberedundantwithother s opeme hanismssupportedbyagiven

pro-gramming language,su h as losures for instan e. There is therefore a need to unify the

programming on eptsand onstru tsthataresimilarinordertoretainaminimumnumber

ofessential onstru tsandavoidarbitraryprogramming hoi es.

Inthispaper,westudya ompletemodulesystemforlinear on urrent onstraint(LCC)

programminglanguagesandshowhowmodulesand losuresareuniedasaparti ularkind

ofLCCagentsinthisframework.

Linear on urrent onstraint programming

The lass of Con urrentConstraint (CC) programming languageshasbeen introdu ed in

[17℄asan elegantmerge of onstraintlogi programming(CLP) and on urrentlogi

pro-gramming. IntheCCparadigm,CLPgoalsare on urrentagents ommuni atingthrough

a ommonstoreof onstraints,ea hagentbeingableto post onstraintstothe store,and

tosyn hronizebyaskingwhetheraguard onstraintisentailedbythestore. Both

theoret-i alreasons on erningthelogi alsemanti sof CClanguages[6,18℄, andpra ti alreasons

on erningtheneedfor anon-monotoni evolutionof thestore[2℄,led toanatural

exten-sionofCClanguageswith onstraintsystemsbasedonLinearLogi (LL)[8℄, alledLinear

Con urrentConstraint (LCC) programming. By interpreting CCagents by LLformulae,

itisindeed possibleto identifyCCoperationaltransitionswithLLdedu tions,and obtain

ompletenesstheoremsfor theobservation oftheset ofa essiblestores,aswellasforthe

setofsu essstores[6℄. ThismeansthatLinearLogi isthelogi ofCCagents. Moreover,

thetheoremsstill holdwhen onsidering onstraintsystemsbasedonLinearLogi instead

of lassi allogi . Froma programmingpoint of view,LL onstraintsystemsare a

rene-mentof lassi al onstraintsystemsallowingforstate hangeandnon-monotoni evolution

ofthe onstraintstore,throughthe onsumptionoflinearlogi tokensbylinearimpli ation

[6,2℄. Thismakesitpossibletoen odeimperativefeaturesin LCCand ombinethemwith

onstraintprogramming.

In this paper, we show that the linear tokens and the bang operator of LCC an be

usedtointernalizeCCde larationsandpro edure allsas onstraintpostingandasking. A

quitegeneralnotionof losure anthenbeen odedasabangedagentwithanenvironment,

de larations orrespondingtothe aseofanemptyenvironment. Theseresultsarethenused

todenetheoperationalsemanti sofmodularLCC(MLCC)languages,wheremodulesare

variables and where implementation hiding is realized with the usual hiding operator for

(7)

InSe tion 4weprovideanequivalentlogi alsemanti swhere modular LCCagentsare

interpretedby linear logi formulae, and prove ompleteness theoremsfor the observation

ofsu essanda essiblestores.

Then in Se tion 5, we derive from the MLCC s heme a powerful module system for

onstraintlogi programming. Weillustratetheexpressiveness ofthismodulesystemwith

examplesof odehiding, losure programmingand module parameterization in CLP, and

dis ussitsimplementationalongthelinesofitssemanti sinLCC.

Finally,we on ludeontheseresultsandontheirgenerality.

Related Work

The proposed internalization of de larations asagentsgoes somewhatin the opposite

di-re tion to that of denition-based logi s, asdes ribed for instan e in [10℄. Here wemake

denitionsrst-orderobje ts,whi h allowsus tomanipulatethemeasily,andtogeneralize

themto losures.

There has been several programming languages developed in Linear Logi using the

Logi Programmingparadigm, likefor instan e LO[1℄, Lolli [12℄ orLygon[11℄. However,

fore ien yreasonsintheselanguages,thereisnoequivalentforthepersistentasks(whi h

wouldbeimpli ationsundera

!

inmostoftheselanguages)andthusnodire ten odingof dynami lauseassertionsaswewilldoinSe t. 2.4.3. Thebangedaskappearsinthere ent

workof[14℄ontheexpressivenessoflinearityandpersisten einpro ess al uliforse urity.

Con erningCClanguages,theimplementationofmoduleshasnotbeenmu hdis ussed,

being onsidered as an orthogonal issue. For instan e, the MOZART-OZ language [15,

4℄ ontainsan ad-ho module system allowing for separate ompilation. Here we provide

a natural integration of module and programming on epts with the limited set of LCC

programming onstru ts.

2 LCC with De laration Agents

Inthisse tion,wegiveapresentationoftheLCClanguageswherede larationsarerepla ed

bybangedasks, whi h we will all persistent ask. This new onstru t a tuallygeneralizes

de larationsintopersistentasksbyallowingvariablestoremainfreeinapersistentaskand

representtheenvironment.

Inthispaper,aset ofvariablesisdenoted by

x

or

y

. Theset offreevariableso urring inaformula

A

is denotedby

fv(A)

,asequen eofvariablesisdenoted by

~x

,

A[~x\~t]

denotes the formula

A

in whi h the free o urren esof variables

~x

havebeen repla edby terms

~t

(with the usual renaming of bound variables, avoiding variable lashes). Fora transition

relation

−→

,

−→

⋆

denotesthetransitiveandreexive losureof

−→

. Thetypewriterfont isused forprograms,where, asin lassi alPrologprograms,theidentiersbeginningby a

(8)

2.1 Linear Logi Constraint Systems

The lass of LCC languages essentially extends CC languages by onsidering onstraint

systemsbasedonLinearLogi [8℄insteadof lassi allogi . From aprogrammingpointof

view,thisextensionintrodu esstate hangeandimperativefeaturesin onstraintlanguages.

Were allheretheusualdenitionsofaLinearLogi onstraintsystem(seeforinstan e[6℄).

Denition2.1 (ConstraintLanguage) An atomi onstraintis aformula built froma

set

V

ofvariables,a set

Σ

F

offun tionsymbols andaset

Σ

C

ofrelationsymbols,whi h does not ontain

⊤

,theneutralelementsofadditive linear onjun tions. The onstraintlanguage is the least set ontaining all atomi onstraints, marked or not by the unary exponential

onne tive

!

( alledalsobang) and losedbymultipli ative onjun tion (

⊗

)andexistential quanti ation(

∃

).

Denition2.2 (ConstraintSystem) Alinear onstraintsystemisapair

(C,

C

)

where:

C

isa onstraintlanguage.

C

isasubsetof

C × C

whi h denes the non-logi al axiomsof the onstraintsystem. Wesupposethatforallfreevariableso urringin

c

haveafreeo urren ein

c

1 , . . . , c

n

.

Wewillnote

⊢

C

theleastsubsetof

C

⋆

_×C

ontaining

C

and losedbytheofintuitionisti linearlogi ,notedinthe following ILL(seeappendix Afor the ompletesequent al ulus).

Let

C

bea onstraintsystem. Inthefollowing,

T

willbethelanguageofterms(noted

t

,

s

,

. . .

)formedfrom

V

and

Σ

F

.

2.2 Syntax of LCC(

C

)

Thesyntax ofLCC(

C

)is presented herewithoutde larations,onlyagentswith twoforms ofaskagents.

Denition2.3 The syntax ofLCC(

C

)agentsisgiven bythe followinggrammar:

A ::= A || A | ∃x.A | c | ∀~x(c → A) | ∀~x(c ⇒ A)

Asusual

||

standsforparallel omposition,thetellagentaddsa onstraintto thestore,

∃

hidesvariablesinanagentand

→

standsforask.Thenew onstru t

⇒

representsanask operator, alled persistent ask,thatalwaysremainsa tive.

Note thatwedonotprovideanexpli it hoi eoperator,sin ethelo al hoi eoperator

aneasilybeen odedwithlineartokensandaskasfollows:

A + B = ∃x(choice(x) || choice(x) ⇒ A || choice(x) ⇒ B)

This en oding orrespondsto the lassi alen oding of

+

in CLP astwo lauses with the samehead.

(9)

2.3 Operational Semanti s

Asusual,theoperationalsemanti sofLCCisdenedherewithastru tural ongruen eand

atransition relationdened over ongurations.

Denition2.4 (Conguration) A ongurationisatuple

hx; c; Γi

where

x

isamulti-set ofvariables,

Γ

amulti-setof agentsand

c

a onstraint, alledstore.

Denition2.5 Thestru tural ongruen e

≡

istheleast ongruen esatisfyingthefollowing ruleof parallel omposition:

hx; c; A || B, Γi ≡ hx; c; A, B, Γi

Denition2.6 The transition relation

−→

is the least relation satisfying the rules of the table1.

Equivalen e

hx; c; Γi ≡ hx; c

′

_{; Γ}

′

_{i −→ hy; d}

′

_{; ∆}

′

_{i ≡ hy; d; ∆i}

hx; c; Γi −→ hy; d; ∆i

Tell

c ⊗ d ⊢

C

e

hx; c; d, Γi −→ hx; e; Γi

Ask

c ⊢

C

d ⊗ e

hx; c; ∀~z(d → A), Γi −→ hx; e; A[~s/~z], Γi

Persistentask

c ⊢

C

d ⊗ e

hx; c; ∀~z(d ⇒ A), Γi −→ hx; e; A[~s/~z], ∀~z(d ⇒ A), Γi

Hiding

z 6∈ z ∪ fv(c, Γ)

hx; c; ∃z.A, Γi −→ hx ∪ {z}; c; A, Γi

Table1: Transitionrelation

In order to introdu e the notion of predi ates,

Σ

C

is partitioned into

{Σ

D

, Σ

D

}

su h that

Σ

D

ontains

1

. Intuitively,

Σ

D

will ontainlineartokenswhi hshouldnotbeobserved, i.e. predi ates. The onstraint languages formed from

Σ

D

and

Σ

D

, are noted

D

and

D

respe tively.

Denition2.7 (Observables) Let

A

beanLCC(

C

)agentsu hthat

h∅; 1; Ai

∗

−→ hx; c; Γi

.

(10)

the onstraint

∃x.c

isapseudo-su essfor

A

,if

Γ

isamulti-setof persistent asks.

the onstraint

∃x.d

is a su ess of

A

, if it is a pseudo-su ess for

A

su h that

hx; c; Γi 6−→

.

asu ess

d

of

A

isa

D

-su essif

d ∈ D

.

Denition2.8 (Operational Semanti s)

O

store

(A)

isthe setof a essiblestorefor the agent

A

.

O

p-s

(A)

isthe setof pseudo-su esses for the agent

A

.

O

D

-su

(A)

isthe setof

D

-su esses for theagent

A

.

2.4 Examples

The following examples illustrate, rst, how usual de larations are re overedthroughthe

useofpersistentask,andthenhowfreevariablesareusedtoprovideanenvironment.

2.4.1 DiningPhilosophers

The lassi al ben hmark of expressiveness for on urrent languagesis the dining

philoso-phers. Theproblem onsistsof

N

philosopherssittingaroundatable whodonothing but think andeat. Betweenea h ofthem, thereis asinglefork. Inorderto eat,aphilosopher

musthaveboththeforkonhisrightandtheoneonhisleft. Assuggestedin[2℄,thisproblem

hasanextremelysimpleandelegantsolutionin LCC.

An even more ompa t solution is proposed here: the linear onstraint systemin this

exampleisa ombination oftranslationin ILL ofstandardequality onstraintover

N

and oflinear onstraintstoken

f ork/1

and

eat/1

withnoothernon-logi alaxiomsthanequality axioms hema:

c(~x) ⊗ (~x = ~

y) c(~y)

forany onstraintsymbol

c

.

Example(Dining Philosophers)

∀M, N.recphilo(M, N ) ⇒ (

f ork(M ) ||

∀I(f ork(I) ⊗ f ork(I + 1

mod

N ) ⇒ eat(I)) ||

∀I(eat(I) ⇒ f ork(I) ⊗ f ork(I + 1

mod

N )) ||

I 6= N → recphilo(M + 1, N ) )

It isworthnotingthat thephilosophers donotneedtoberelaun hedusing are ursive

(11)

2.4.2 Iterators

A simpleiterator anbeen odedthanks to thepersistentasks. A more ompleteversion

is provided in Se t. 5.5 thanks to themodular onstru ts,whi h allowpassing avariable

asso iatedtoapersistentasksasargumentofaniterator.

Example(Iterator)

f orall([]) ⇒ true ||

f orall([H|T ]) ⇒ arg(H) ⊗ f orall(T ) ||

∀X(arg(X) ⇒ Body) || f orall(L)

Here, the

f orall

persistentask willapply the ode of

Body

( alledthrough

arg

) toall theelementsofthelist

L

.

2.4.3 Dynami ClauseAssertion

In the two previous exampleswe have no de larationsin e in LCC they are repla ed by

persistentasks. However,thisallowsusto gomu h fartherwith forinstan eaverysimple

anddire ten odingofdynami lauseassertions.

Thestraightforwardre ursiveimplementationoftheFibona isequen eisanalgorithm

known tobeparti ularlyine ient, sin eit omputesmany valuesrepeatedly. An elegant

way to improve signi antly the behavior of su h an algorithm is to store intermediary

omputed values using memoization. The omputation falls from exponential to linear

omplexity.

As thefollowingexampleshows,the useof thiste hniqueis verynaturalin LCC.The

mainideaisto usethenaivere ursiveimplementation,and toaddin parallel omposition

withthebodyofthemain agent,thepersistent:

∀F

′

_{(f ib(N, F}

′

_{) ⇒ F}

′

_{= F ))}

in whi h

N

and

F

are free variables, providing an environment. This agent will be in harge of onsuming the (future) alls to

f ib(N

′

_{, F}

′

₎

asking for the omputation of the

N

th

Fibona i's number, and unify

F

′

with the result that has already been al ulated,

transmittedthroughthevariable

F

oftheenvironment.

Example(Fibona i):

∀N, F (f ib(N, F ) ⊗ N < 2 ⇒ F = N ) ||

∀N, F (f ib(N, F ) ⊗ N > 1 ⇒ (

∃F

₁

, F

2 .(f ib(N − 1, F

1 ) ⊗ f ib(N − 2, F

2 ) ⊗ F = F

1 + F

2 ) ||

∀F

′

_{(f ib(N, F}

′

_{) ⇒ F}

′

_{= F ))}

Despitethefa tthattheworst omplexityofthisprogramisstillexponential,the hoi e

ofagoodstrategy,forexamplesele tingrstyounger persistentask for onsuminglinear

(12)

From a Logi Programming (LP) point of view, the persistent ask added at the end

of the lause isnothing but adynami lause assertion. Indeed the lassi alProlog

built-in assert(p(X1,...,XN):-Body) ould be interpreted in LCC as the agent

∀

X1,...,XN (p(X1,...,Xn)

⇒

Body). Moreover,variablerenamingthatassert/1madetransparently, anbesimplyemulatedbytheexpli itquanti ationprovidedbytheLCCoperator

∃

. LCC thusprovidesatheoreti alframework,witharstorderlogi alsemanti s,todynami lause

assertion in the ontext of LP. It must be noti ed, however, that this implementation of

assert/1isba ktra king,i.e. thattheasserted lausewillberemovedduringtheba ktra k.

This idea of providing an environment through free variables (like

N

and

F

for the last persistent askof the aboveexample) a tually en odes a losure, seenas ode withan

environment. Note however that using only LCC does not prevent outside ode to look

inside the persistent ask, whi h leads us to provide ode prote tion through a system of

modules, seen asrestri tions on the possible s ope of some variables. Moreover, modules

willprovidesimpletoolstoatta havariabletoapersistentask,andthuspermittopassa

persistentaskastheargumentofanother all.

3 Modular LCC

3.1 Modular Constraint Systems

Let

C

bea onstraintsystem. Tointrodu ethe notionofmodules, wesuppose that

Σ

C

is furtherpartitionedinto

{Σ

G

, Σ

M

}

su hthat

Σ

G

ontains

=

and

1

. The onstraintsformed from

Σ

G

(resp.

Σ

M

)form thelanguage

G

(resp.

M

) ofbuilt-in onstraints(resp. modular onstraints).Possiblybangedatomi onstraintsin

G

and

M

arenoted

g

and

m

respe tively.

c

willbeanotationforany onstraintin

C

.

3.2 Syntax of MLCC(

C

)

Thesyntaxof MLCCextendstheoneof LCCwithalo alization operator ofanagentis a

module:

Denition3.1 The syntax ofMLCC(

C

) agentsisgiven by the following grammar:

A ::= t{A} | t : c | A || A | ∃x.A | ∀~x(c → A) | ∀~x(c ⇒ A)

Thenew onstru ts

t{A}

standsforthelo alizationofagent

A

inthemodule

t

. Thetell agenthasnowanewform:

t : c

, orrespondingintuitivelytoaddingthe onstraint

c

of

C

in themodulenamedbytheterm

t

of

T

.

3.3 Modular Constraints

(13)

Denition3.2 (Modular Store) Aprexed onstraintm

= t : m

isanatomi onstraint (possiblybanged)

m

of

M

prexedbyaterm

t

of

T

,

t : m

willbeanotationfor

t : m

1 , . . . , t : m

k

if

m = m

1 , . . . , m

k

.

A modular store is a formula

∃x.(g|

m

)

where

g

is a onjun tion of onstraints of

G

withoutquanti ationand mamulti-setofprexed onstraints.

Inthe followingwewill use, ordto note modular storesand1 to notethe modular

emptystore

(1|∅)

.

Denition3.3 Wedene anorderonmodular storesas follows:

transitivity

>

C

d d

>

C

′

>

C

′

substitution

g ⊢

C

t = t

′

_{⊗ g}

′

∃x.(g|

m

, t : m) >

C

∃x.(g

′

_|

m

, t

′

_{: m)}

entailment

g ⊗

N m ⊢

C

g

′

_⊗

_{N m}

′

∃x.(g|

m

, t : m) >

C

∃x.(g

′

_|

m

, t : m

′

₎

By abuse of notation, we extend the tensor produ t of linear onstraints to modular

stores:

Denition3.4 The onjun tion of twomodular stores

= ∃x.(g|

m

)

and

′

_{= ∃x}

′

_.(g

′

_|

m

′

₎

isthe store

(

⊗

′

_{) = ∃x, x}

′

_{.(g ⊗ g}

′

_|

m

,

m

′

₎

if

x ∩ x

′

_{= ∅}

.

Lemma3.5(Monotoni ityof

⊗

) For all modular stores , d and d

′

if d

>

C

d

′

then

⊗

d

>

C

⊗

d

′

Proof: Byindu tionontheproof

π

of

(g

′

_|

m

′

_{) >}

C

(g

′′

|

m

′′

₎

weprovethat

(g ⊗ g

′

_|

m

,

m

′

_{) >}

C

(g ⊗ g

′′

_|

m

,

m

′′

₎

. Inthis proof wesuppose that allm's arenotempty, ifitis notthe ase,

justre allthat

c ⊗ 1 ⊢ c ⊢ c ⊗ 1

.

π

endswithtransitivity: trivial.

π

endswithsubstitution:

g

′

_⊢

C

t = t

′

⊗ g

′′

∃x.(g

′

_|

m

, t : m) >

C

∃x.(g

′′

_|

m

, t

′

_{: m)}

Thank to

⊗

-left rule, we infer that

g ⊗ g

′

_⊢

C

g ⊗ t = t

′

⊗ g

′′

and then on lude

immediately.

π

endswithentailment:

g

′

_⊗

_{N m}

′

_⊢

C

g

′′

⊗

N m

′′

∃x.(g

′

_|

m

, t : m

′

_{) >}

C

∃x.(g

′′

|

m

, t : m

′′

₎

(14)

Thankto

⊗

-leftrule, weinferthat

g ⊗ g

′

⊗

O

m

′

⊢

C

g ⊗ g

′′

⊗

O

m

′′

,andhen e on lude.

3.4 Operational Semanti s

Wewillnowprovideapre iseoperationalsemanti s toMLCC,basedasusualonanotion

of onguration,throughatransition relationandastru tural ongruen e.

Denition3.6 (Conguration) A ongurationisatuple

hx; ∃y.(g|

m

); Γi

where

x

isa multi-set of variable,

Γ

a multi-set of lo alized agents and

∃y.(g|

m

)

a modular store su h

that

y ∩ fv(Γ, x) = ∅

Denition3.7 Thestru tural ongruen e

≡

istheleast ongruen esatisfyingthefollowing ruleof parallel omposition:

hx;

; t{A || B}, Γi ≡ hx;

; t{A}, t{B}, Γi

Denition3.8 Thetransitionrelation

−→

istheleastrelationsatisfyingtherulespresented inthe table 2.

Thisoperationalsemanti senjoysthesamekindofpropertiesastheoriginalLCC

oper-ationalsemanti s.

Proposition 3.9(Monotoni ity) For every derivation

δ = ((x;

; Γ)

∗

−→ (x

′

_;

′

_{; Γ}

′

₎₎

,

thereexists

y

freein

δ

,

∆

,andamodularstoredsu has

(x, y;

⊗

d

; Γ, ∆)

∗

−→ (x

′

_{, y;}

′

_⊗

d

; Γ

′

_{, ∆)}

.

Proof: Byindu tiononthederivation

δ

:

Forequivalen eitistrivial.

For tell just note that thanks to the monotoni ity of

⊗

, if

c ⊗ ∃y.(g|

m

) >

C

′

then

c ⊗ ∃y.(g|

m

) ⊗

d

>

C

′

_⊗

d.

Foraskandpersistentasknotethatthankstothemonotoni ityof

⊗

,if

>

C

∃y.(g|

m

, t :

m)

and

d >

C

∃y

′

_.(g

′

_|

m

′

₎

then

⊗

d

>

C

∃y, y

′

_{.(g ⊗ g}

′

_|

m

,

m

′

_{, t : m)}

andthat if

N g ⊗

N m ⊢ N g

′′

_⊗

_{N m}

′′

_{⊗ d[~s/~z]}

then

N(g ⊗ g

′

_{) ⊗}

_{N m ⊢ N(g}

′′

_{⊗ g}

′

_{) ⊗}

_{N m}

′′

_{⊗ d[~s/~z]}

Forhiding onejust usethe

α

- onversionto besurethat

y

isfreein

δ

.

Forotherrulesnoti ethatthey anbedonein

(x y;

⊗

d

; Γ, ∆)

sin etheydonothave onditionaboutthehiddenvariablesorthestore.

(15)

Equivalen e

hx;

; Γi ≡ hx;

′

_{; Γ}

′

_{i −→ hy;}

d

′

_{; ∆}

′

_{i ≡ hy;}

d

; ∆i

hx;

; Γi −→ hy;

d

; ∆i

Modularize

hx;

; t{s{A}}, Γi −→ hx;

; s{A}, Γi

Tell

d ⊢ ∃y.(g ⊗

N m)

⊗ ∃y.(g|t : m) >

C

′

hx;

; s{t : d}, Γi −→ hx;

′

_{; Γi}

Ask

> ∃y.(g|

m

, t : m)

g ⊗

N m ⊢ g

′

_⊗

_{N m}

′

_{⊗ d[~s/~z]}

hx;

; t{∀~z(d → A)}, Γi −→ hx; ∃y.(g

′

_|

m

, t : m

′

_{); t{A[~s/~z]}, Γi}

PersistentAsk

> ∃y.(g|

m

, t : m)

g ⊗

N m ⊢ g

′

_⊗

_{N m}

′

_{⊗ d[~s/~z]}

hx;

; t{∀~z(d ⇒ A)}, Γi −→

hx; ∃y.(g

′

_|

m

, t : m

′

_{); t{A[~s/~z]}, t{∀~z(d ⇒ A)}, Γi}

Hiding

z 6∈ x ∪ fv(

, Γ, t)

hx;

; t{∃z.A}, Γi −→ hx ∪ {z};

; t{A}, Γi

Table2: Transitionrelation

TheobservablesofinterestforMLCCaredenedaspreviouslybyrepla ing onstraints

bymodularstores,wheregenerally,

D

is hosenequalto

G

:

Denition3.10(Observables) Let

A

beanMLCC(C)agentsu hthat

h∅;

1

; x{A}i

∗

−→

hy;

; Γi

forsome

x 6∈ fv(A)

.

the modular store

∃y.

isan a essiblestorefor

A

.

the modularstore

∃y.

isapseudo-su essfor

A

,if

Γ

isamulti-setofpersistentasks.

the modular store

∃y.

is a su ess of

A

, if it is a pseudo-su ess for

A

su h that

hy;

; Γi 6−→

.

The modular store

∃y.(g|

m

)

is a

D

-su ess for

A

, if it is a su ess for

A

su h that

m

= ∅

and

∃y.g ∈ D

3.5 Example: Beyond Dining Philosophers

LetusimproveontheexampleofSe t. 2.4.1inordertodemonstratetheexpressivepower

(16)

Themodule onstru tsallowtoextendthediningphilosophers'exampletoabanquet

of several tables of philosophers, where ea h table is an independent module. The

orre-spondingMLCCagentbelow reates

N

tablesof

P

philosophers:

Example(Banqueting Philosophers).

banquet{

∀I, N, P.recT able(I, N, P ) ⇒

∃T able.T able{

∀J.recP hilo(J) ⇒ (

T able : f ork(J) ||

f ork(J) ⊗ f ork(J + 1

mod

P ) ⇒

T able : eat(J) ||

eat(J) ⇒

T able : (f ork(J) ⊗ f ork(J + 1

mod

P )) ||

J 6= P → T able : recP hilo(J + 1) ) ||

T able : recP hilo(0)

} ||

I 6= N → banquet : recT able(I + 1, N, P )

}

Sin e the logi al semanti s of MLCC enjoys the same orre tion properties than that

ofLCC(seetheorem 4.4below),thephasesemanti sof LinearLogi anbeusedto prove

safetypropertiesinwaysimilarto[6℄,su hasforinstan ehere,thatnophilosopher anuse

aforkbelongingtoanothertable.

3.6 Code Prote tion

One important feature of a module system is its apability to hide implementations and

guaranteetheprote tionofmodule ode. InMLCC,the odeprote tionpropertymeansthat

ifamodule

t{∃x(x{A} || B)}

is omposed of aninterfa e

B

and ahiddenimplementation

A

,thenaparallelagent

C

annotaddany onstraintoftheform

x : c

norunblo kanyofits askwithsu ha onstraint. Thisleadstothefollowingproperty:

Proposition 3.11(Code prote tion) Let

A

,

B

and

C

be three MLCC agents, and

t

a term ofT. Let

M = t{∃x(x{A} || B)} || C

If

A

and

B

donot addany onstrainton

x

tothe store ,ex ept those ofthe form

x : c

, then

C

annot add any onstraint of the form

x : c

nor unblo k any of its ask with su ha onstraintinaderivation from

M

.

(17)

Proof: Wewillsupposethat

x

isnotfreein

C

norin . Ifthatisnotthe ase,then

x

(the oneunder the

∃

)will berenamedby

α

- onversioninordertousetheHidingrule.

We thus havea onguration of the form:

(x ∪ {x};

; x{A}, t{B}, C)

, su h that

x 6∈

fv(C,

, t)

. Letus provethat aslongas

A

and

B

donotadd onstraintson

x

ex eptthose

oftheform

x : c

,

x

willremain bound in

C

andthus

C

willnotbeabletotellnorask any

onstrainton

x

. This is indeed enough sin ethe restri tionon

A

and

B

forbids that any ask(resp. tell) onanothertermisunblo kedby(resp. unblo ks)atell(resp. anask)on

x

sin e

x : c

willneverimplya onstraintlike

x = t

with

x

boundin

t

.

We only need to prove this property for one step of derivation, it will then hold for

any nite derivation by indu tion. Let us onsider all the ases of derivation. If

x{A}

or

t{B}

are the hosenagents,then thepropertytriviallyholdssin e

C

didnot hange. If

C

istheagent hosenforderivation, therulesModularizeandTellobviouslydon't hange

anything w.r.t.

x

beingbound in

C

. TheHidingrule mightmakeabound variablefree, but sin ewehave

{x} ∪ x

asrstmemberof our onguration,weknowthat theHiding rule will only apply to another variable. The aseof the Equivalen e rule is treatedby

indu tion onthe equivalent ongurations. Forthe Ask and Persistent Ask rules, the

only risk is that the renaming of the variables under

∀

repla es some of them by aterm ontaining

x

. Howeverrememberthattheonlyrepla ementhappensonvariablesappearing in alineartoken

d

, when

⊢

′

_{⊗ d[t(x)/y]}

. Fromthelemmabelowand knowingthat

x

is boundin , theaboveimpli ationwith

x

freein

t

isimpossible,i.e.

x

remainsbound after

anAskoraPersistent Askrule.

Lemma3.12 If

x ∈ fv(m)

su has

m

is lineartokenand

c ⊢

C

m ⊗ d

then

x ∈ fv(c)

Proof: Byindu tionontheproof

π

of

c ⊢

C

m ⊗ d

where

d

isanarbitrary onstraint. Just re all that we havesupposed in thedenition of

C

that all freevariables o urring in the righthandsideofanon-logi alaxiomappearsinitslefthand side.

4 Logi al Semanti s

Onestrikingfeature ofLCC languagesistheirsimplesemanti sin LinearLogi [6, 16, 18℄

allowingforvariousproofmethods omingfromLinearLogi . Inthisse tion,wegeneralize

the results of [6℄ to the ri her fragment of LL ontaining banged impli ations as used in

MLCCprograms.

Denition4.1 In amodule

t

, onstraints,agentsandstorearetranslatedintoformulasin the following way (inthe following wesupposewith nolossof generality that

x 6∈ fv(t)

and

x ∩ fv(t) = ∅

):

(c ⊗ d)

t

_{= c}

t

_{⊗ d}

t

(∃x.c)

t

_{= ∃x.c}

t

_g(s

1 , . . . , s

n

)

t

= g(s

1 , . . . , s

n

)

(!c)

t

_=!c

t

_m(s

1 , . . . , s

n

)

t

= ˙

m(t, s

1 , . . . , s

n

)

(18)

(∃x.A)

t

_{= ∃x.A}

t

s{A}

t

_{= A}

s

_{(s : c)}

t

_{= c}

s

(A || B)

t

_{= A}

t

_{⊗ B}

t

_{(∀x(c → A))}

t

_{= ∀x(c}

t

⊸ A

t

)

(∀x(c ⇒ A))

t

_=!∀x(c

t

⊸ A

t

₎

For any multi-set

Γ = (γ

1 , . . . , γ

n

)

of agents or prexed onstraints we dene

Γ

t

₌

γ

1 t

⊗ · · · ⊗ γ

n

t

and

∅

t

_{= 1}

. Finally agents, Stores and Congurations are translated into

formulaeinthe following way,where

x ∈ fv(A,

, Γ)

:

∃y. (g|

U

i

{t

i

: m

i

})

†

_{= ∃y.}

_{g ⊗}

O

i

m

i

t

i

A

†

= A

x

hy;

; Γi

†

= ∃y.(

†

_{⊗ Γ}

x

)

(C

†

_,

C

†

)

is the onstraint system formed from

(Σ

G

⊎ ˙Σ

M

)

,

Σ

T

and

V

su h that i

c

1 , . . . , c

n

C

c

then

c

x

1 , . . . , c

x

n

C

†

c

x

with

x 6∈ fv(c, c

1 , . . . , c

n

)

and that for all

m ∈ ˙

˙

Σ

M

˙

m(x, ~z), !x = y ⊢

C

†

m(y, ~z)

˙

.

Lemma4.2 Let

Γ

be asequen eof onstraints,

c

be a onstraintand

x

be a variable free in

Γ

and

c

,if

Γ ⊢

C

c

then

Γ

x

_⊢

C

†

c

x

.

Proof: Byindu tionontheproofof

Γ ⊢

C

c

.

Lemma4.3(Soundness of

>

C

) Forallmodularstores anddif

>

C

dthen

†

_⊢

C

†

d

†

.

Proof: Aspreviouslywesupposethatall

g

'sandallm'sarenotempty,ifitisnotthe ase thatjust re allthat

c ⊗ 1 ⊢ c ⊢ c ⊗ 1

.

Byindu tionontheproof

π

of

>

C

d:

π

endswithtransitivityrules:

>

C

′

_>

C

d

>

C

d Byindu tion hypothesis,

†

_⊢

C

†

′†

and

′†

_⊢

C

†

d

†

,then thanksto ut rule,wehave

†

_⊢

C

†

d

†

.

π

endswithsubstitution:

g ⊢

C

t = t

′

⊗ g

′

∃x.(g|

m

, t : m) >

C

∃x.(g

′

_|

m

, t

′

_{: m)}

g ⊢

C

t = t

′

⊗ g

′

g ⊢

C

†

t = t

′

⊗ g

′

l4.2

g ⊗ m

t

_⊢

C

†

t = t

′

⊗ g

′

⊗ m

t

⊗

-r

x = y

′

_{⊗ m}

x

_⊢

C

†

m

y

t = t

′

_{⊗ m}

t

_⊢

C

†

m

t

′

∀

g ⊗ m

t

_⊢

C

†

g

′

⊗ m

t

′

ut

(19)

π

endswithentailment:

g ⊗

N m ⊢

C

g

′

⊗

N m

′

∃x.(g|

m

, t : m) >

C

∃x.(g

′

_|

m

, t : m

′

₎

g ⊗

N m ⊢

C

g

′

⊗

N m

′

g ⊗

N m

t

_⊢

C

†

g

′

⊗

N m

′t

l 4.2

g ⊗

N

m

†

_⊗

_{N m}

t

_⊢

C

†

g

′

⊗

N

m

†

_⊗

_{N m}

′t

⊗

-R

∃x.(g ⊗

N

m

†

_⊗

_{N m}

t

_{) ⊢}

C

†

∃x.(g

′

⊗

N

m

†

_⊗

_{N m}

′t

₎

∃

Theorem4.4(Soundness) Let

κ

and

κ

′

betwo ongurations. If

κ ≡ κ

′

then

κ

†

_⊣⊢

C

†

κ

′†

If

κ

∗

−→ κ

′

then

κ

†

_⊢

C

†

κ

′†

Proof: Byindu tionon

≡

and

∗

−→

:

forparallel omposition,equivalen eandmodularizeitisimmediate;

forhiding,

∃x.(A ⊗ B) ⊣⊢ A ⊗ ∃x.B

and

∃x.A ⊣⊢ A

if

x 6∈ fv(A)

;

fortell:

d ⊢ g ⊗

N

m

⊗ (g|

m

) >

C

′

hx;

; s{t : d}, Γi −→ hx;

′

_{; Γi}

d ⊢

C

g ⊗

N m

′

d

t

_⊢

C

†

g ⊗

N m

′t

l4.2

⊗ (g|

m

) >

C

′

†

_{⊗ g ⊗}

_{N m}

′t

_⊢

C

†

′†

l4.3

†

_{⊗ d}

t

_⊢

C

†

′†

cut

∃x.(

†

_{⊗ d}

t

_{⊗ Γ}

†

_{) ⊢}

C

†

∃x.(

′†

_{⊗ Γ}

†

₎

∃, ⊗

forask:

>

C

∃y.(g|

m

, t : m) g ⊗

N m ⊢

C

g

′

_⊗

_{N m}

′

_{⊗ d[~s/~z]}

hx;

; t{∀~z(d → A)}, Γi −→

hx; ∃y.(g

′

_|

m

, t : m

′

_{); t{A[~s/~z]}, Γi}

Firstof allnoti ethatif

y ∩ fv(t) = ∅

then

(A[s/y])

t

_{= A}

t

_[s/y]

. Nowlet

′

_{= (g|}

m

, t :

m)

,

′′

_{= (g}

′

_|

m

, t : m

′

₎

and

B = (d

t

⊸ A

t

₎

.

π

1 =

g ⊗

N m ⊢

C

g

′

⊗

N m

′

⊗ d[~s/~z]

g ⊗

N m

t

_⊢

C

†

g

′

⊗

N m

′t

⊗ d

t

[~s/~z]

l4.2

′†

_⊢

C

†

′′†

_{⊗ d}

t

_[~s/~z]

⊗

(20)

π

2 =

>

C

∃y.

′

†

_⊢

C

†

∃y.

′†

l4.3

π

2 π

1 ′′†

_{⊗ d}

t

_{[~s/~z], B[~s/~z] ⊢}

C

†

′′†

_{⊗ A}

t

_[~s/~z]

⊗,

⊸

′†

_{, B[~s/~z], ⊢}

C

†

′′†

_{⊗ A}

t

_[~s/~z]

ut

†

_{, ∀z.B, ⊢}

C

†

∃y.

′′†

_{⊗ A}

t

_[~s/~z]

∃, ∀

∃y.

′†

_{, ∀z.B, ⊢}

C

†

∃y.

′′†

_{⊗ A}

t

_[~s/~z]

ut

∃x.(

†

_{⊗ ∀z.B ⊗ Γ}

†

_{) ⊢}

C

†

∃x.(∃y.

′′†

_{⊗ A}

t

_{[~s/~z] ⊗ Γ}

†

₎

∃, ⊗

forpersistentask:

> ∃y.(g|

m

, t : m)

g ⊗

N m ⊢ g

′

_⊗

_{N m}

′

_{⊗ d[~s/~z]}

hx;

; t{∀~z(d ⇒ A)}, Γi −→

hx; ∃y.(g

′

_|

m

, t : m

′

_{); t{A[~s/~z]}, t{∀~z(d ⇒ A)}, Γi}

Byusingthepreviousnotationfor

′

_,

′′

and

B

wehave:

†

_{, ∀z.B, !∀z.B, Γ}

†

_⊢

C

†

_{⊗ ∀z.B⊗!∀z.B ⊗ Γ}

†

⊗

†

_{, !∀z.B, Γ}

†

_⊢

C

†

_{⊗ ∀z.B⊗!∀z.B ⊗ Γ}

†

!

∃x.(

†

_{⊗!∀z.B ⊗ Γ}

†

_{) ⊢}

C

†

∃x.(

†

_{⊗ ∀z.B⊗!∀z.B ⊗ Γ}

†

₎

∃, ⊗

Byusingtheresultoftheprevious asewe an on lude.

Lemma4.5(Completeness of

>

C

) For all modular stores and d, if

†

_⊢

C

†

d

†

then

>

C

d. Proof: Let

()

−†

be a partial translation of multi-sets of onstraints into non quantied

storesdened asfollow:

g

−†

=

(g|∅)

m(t, ~s)

˙

−†

=

(∅|t : m(~s))

(!g)

−†

=

(!g|∅)

(! ˙

m(t, ~s))

−†

=

(∅|!t : m(~s))

(c ⊗ c

′

₎

−†

=

c

−†

_{⊗ c}

′−†

_{(Γ, ∆)}

−†

=

Γ

−†

_{⊗ ∆}

−†

First weprovetheintermediary result: foreverymulti-setof onjun tionsof onstraints

Γ

andevery onjun tionof onstraints

d

if

Γ ⊢

C

†

d

then

Γ

−†

_>

C

d

−†

. Weprovethisresultby indu tionontheproof

π

ofthesequent

Γ ⊢

C

†

d

.

π

isanaxiomoftheform

Γ

x

_⊢

C

†

d

x

su has

Γ ⊢

C

d

: let

(Γ

x

₎

−†

_{= (g|x : m)}

and

(d

x

₎

−†

_{= (g}

′

_{|x : m}

′

₎

. Nowjust usethe entailmentrule to

(21)

π

is an axiom of the form

m(x, ~z), x = y ⊢

˙

C

†

m(y, ~z)

˙

: in su h a ase just use the

substitutionrule.

π

endswith ut:

Γ ⊢

C

†

c

c, ∆ ⊢

_C

†

d

Γ, ∆ ⊢

C

†

d

Byindu tionhypothesis,

Γ

−†

_>

C

c

−†

and

c

−†

_{⊗ ∆}

−†

_>

C

d

−†

. Thankstomonotoni ity of

⊗

(lemma3.5)and usingthetransitivityrulewe an on ludethat

Γ

−†

_{⊗ ∆}

−†

_>

C

d

−†

.

π

endswith

⊗

-left: trivial

π

endswith

⊗

-right:

Γ ⊢

C

†

c

∆ ⊢

_C

†

d

Γ, ∆ ⊢

C

†

c ⊗ d

Byindu tion hypothesis

Γ

−†

_>

C

c

−†

and

∆

−†

_>

C

d

−†

. Byusingthemonotoni ityof

⊗

(lemma 3.5)wehave

Γ

−†

_{⊗ ∆}

−†

_>

C

c

−†

⊗ ∆

−†

and

c

−†

_{⊗ ∆}

−†

_>

C

c

−†

⊗ d

−†

. By usingthetransitivityrulewehavenally

Γ

−†

_{⊗ ∆}

−†

_>

C

c

−†

⊗ d

−†

.

π

endswithoneofthefourrulesfor

!

: Justnoti ethatthefourfollowingsequentsare true:

c ⊗ d ⊢ c⊗!d

fordereli tion;

!c ⊢ c

forpromotion;

c ⊢ c⊗!d

forweakening;

c⊗!d⊗!d ⊢ c⊗!d

for ontra tion.

Nowitis easy toproveby anindu tion on that for everynonquantied store , we

have

(

†

₎

−†

. Hen eweprovetheresultonnonquantiedstore. Fromherewe an on lude

easilybynotingthat if

c ⊢ d

then

∃x.c ⊢ ∃x.d

Lemma4.6 Forany onstraint

c

of

C

,thereexistsasetofvariables

x

notfreein

c

and on-straintwithoutquanti ation

g

of

G

andamulti-setof atomi onstraints(possiblybanged)

m

of

M

su hthat

c ⊣⊢ ∃x.g ⊗

N m

Proof: Byindu tionon

c

:

c

isanatomi onstraint(possiblybanged)of

G

: trivial.

c

isanatomi onstraint(possiblybanged)of

M

:

c ⊣⊢ 1 ⊗ c

.

c = c

′

_{⊗ c}

′′

: By indu tion hypothesis we have

c

′

_{⊣⊢ ∃x}

′

_.(g

′

_⊗

_{N m}

′

₎

and

c

′′

_⊣⊢

∃x

′′

_.(g

′′

_{N m}

′′

₎

. We ansuppose withoutlost ofgeneralitythat

x

′

_{∩ fv(c}

′′

_{) = ∅}

and

x

′′

_{∩ fv(c}

′

_{) = ∅}

(22)

c = ∃x

′

_.c

′

: trivial.

Lemma4.7 For any multi-set of agents

t

1 {A

1 }, . . . , t

k

{A

k

}

and any onstraint

c

, if

A

t

1

1 . . . A

t

k

⊢

C

†

c

thenthereexistsaderivation

(∅;

1

; t

1 {A

1 }, . . . , t

k

{A

k

})

∗

−→ (x;

; !Γ)

where

†

_⊢

C

†

c

and

!Γ

isasequen e ofpersistentasks ,thevariables

x

are freein

c

.

Proof: Letus provethe result,by indu tion onthe sequent

A

t

1

1 , . . . , A

t

k

⊢

C

†

c

wherethe

A

i

's areagentsand

c

a onstraint. Weshall onsider withoutlossof generality, that in

π

theleft introdu tion of

∀

and of

⊸

are always onse utive(if itis not the ase, therules anbe permuted toobtain su h aproof, see forexample[7℄, notingthat thepromotion is

theonly aseof unpermutability with

∀

-leftappearsonly in the onstraintpart, theright sideofthesequent,andthus neverbellowa

⊸

-right).

First remark that this indu tion is meaningful. Indeedthe only utswhi h annot be

eliminatedinanILLproofdealwithnon-logi alaxioms,sotheyareofoneofthefollowing

form:

Γ

†

_⊢

C

†

c

c ⊢

_C

†

d

Γ

†

_⊢

C

†

d

c ⊢

C

†

c

′

Γ

†

, c

′

⊢

_C

†

d

Γ

†

_{, c ⊢}

C

†

d

Hen e theappli ationof the utruleintrodu essequentsin whi h thenewformulaonthe

rightis alwaysa onstraint. Ontheother hand theformulaeontheleft hand sideremain

sub-formulaeoftranslationofagents.

Oneremarks also that

(A

t

₎

s

_{= A}

t

and

s{t{A}} −→ A

t

hen ewe ansuppose without

lostofgeneralitythatall

A

i

'sarenotoftheform

t

′

i

{A

′

i

}

. Byindu tionontheproof

π

of

A

t

₁

1 , . . . , A

t

k

⊢

C

†

c

:

π

is an axiom:

c ⊢

C

†

d

. Sin e

c

is a onstraint,

Γ

is of the form

t{s : c

′

_}

su h that

c

′s

_{= c}

. Let

= ∃y.(g|s : m)

su hthat

∃y.(g⊗N m) ⊣⊢ c

′

(weknowitispossiblethanks

to thelemma4.6). Thenwehave,byusingtheruletell,

(∅;

1

; t{s : c

′

_{}) −→}

∗

_(∅;

; ∅)

andbyusingthelemma4.2

†

_⊢

C

†

c

.

π

endswitha ut:

Γ

†

_{⊢ c}

_{c ⊢ d}

Γ

†

_{⊢ d}

or

c

1 ⊢ c

2 Γ

†

, c

2 ⊢ d

Γ

†

_{, c}

1 ⊢ d

Theformer aseisimmediate. Inthelattertherearetwopossiblesub- asestheaxiom

iseitheroftheform

c

′x

1 ⊢

C

†

c

′x

₂

su h

c

′

1 ⊢

C

c

′

₂

oroftheform

x = y ⊗ ˙

m(x, ~t) ⊢

C

†

m(y, ~t)

˙

.

Byyindu tionhypothesisweknowthat

(∅;

1

; Γ, c

2 )

∗

−→ (x;

d

; !Γ

′

₎

su hthat

∃x.

d

†

_⊢

C

†

d

. Justnoti ethattheappli ationofthetellrulethatredu estheagent orresponding to

c

2

anbeapplied on

c

1

sin e

c

′

1 ⊢

C

c

′

₂

and

′

_{⊗ ((x = y)|x : m(~t)) ⊢ c}

′

_{⊗ (∅|y : m(~t))}

.

π

endswith

1

-left: notethat

(∅;

1

; t{s : 1}, Γ) −→

∗

_(∅;

(23)

π

endswitha

⊗

-left:

Γ

†

_{, A ⊗ B ⊢}

C

†

c

Γ

†

_{, A, B ⊢}

C

†

c ⊗ d

either

B ⊗ B

′

isthe translationa parallel omposition of twoagents, in su h a

aseone anusetheparallel ompositionrule.

or

B ⊗ B

′

isthetranslationofa onstraintoftheform

t : (d ⊗ d

′

₎

,insu ha ase

just noti e that

(∅;

1

; x{t : (d ⊗ d

′

_{)}, Γ)}

and

(∅;

1

; x{t : d}, x{t : d

′

_{}, Γ)}

havethe

samepseudo-su esses.

π

endswitha

⊗

-right:

Γ

†

_⊢

C

†

c

∆ ⊢

_C

†

d

Γ

†

_{, ∆}

†

_⊢

C

†

c ⊗ d

Byindu tionhypothesis,weknowthereexistsaderivation

(∅;

1

; Γ)

∗

−→ (x;

; !Γ

′

₎

and

(∅;

1

; ∆)

∗

−→ (y;

d

; !∆

′

₎

su h

∃x.

†

_⊢

C

†

c

and

∃y.

d

†

_⊢

C

†

d

. Thankstothemonotoni ity of

∗

−→

we an infer that

(∅;

1

; Γ, ∆)

∗

−→ (x;

; !Γ

′

_{, ∆)}

∗

−→ (x, y;

⊗

d

; !Γ

′

_{, !∆}

′

₎

. To

on ludewejustnoti ethata ordingtoindu tionhypothesis,

∃x y.(

⊗

d

)

†

_⊢

C

†

c ⊗ d

if

x ∩ fv(

d

, d) 6= ∅

and

y ∩ fv(

, c) 6= ∅

.

π

endswith

∃

-right: immediate

π

endswith

∃

-left:

Γ

†

_{, A}

t

_⊢

C

†

c

Γ

†

_{, ∃x.A}

t

_⊢

C

†

c

Byindu tion hypothesis, wehave

(∅;

1

; t{A}, Γ)

∗

−→ (y;

; !Γ

′

₎₎

with

∃y.

†

_⊢

C

†

c

. As we an suppose without lost of generality

x 6∈ y ∩ fvΓ

(sin e we work modulo

α

- onversation)andas

(∅;

1

; t{∃x.A}, Γ)

∗

−→ (x;

1

; t{A}, Γ)

,bymonotoni ityof

∗

−→

we have

(∅;

1

; t{∃x.A}, Γ)

∗

−→ (x, y;

; !Γ

′

₎

. Be ause

x 6∈ fv(c)

and

∃y.

†

_⊢

C

†

c

, we have

∃x.∃y.

†

_⊢

C

†

c

π

endswith(thankstothepreliminaryremarksonthepermutabilityofrules):

Γ

†

_⊢

C

†

d

t

[~s/~z]

∆

†

, A

t

[~s/~z] ⊢

_C

†

c

Γ

†

_{, ∆}

†

_{, d}

t

_{[~s/~z] ⊸ A}

t

_{[~s/~x] ⊢}

C

†

c

Γ

†

_{, ∆}

†

_{, ∀~z.(d}

t

⊸ A

t

) ⊢

C

†

c

Byindu tion hypothesis wehave

(∅;

1

; Γ)

∗

−→ (y;

d

; !Γ

′

₎

su h that

∃y.

d

†

_⊢

C

†

d

t

[~s/~z]

.

Bylemma4.6weknowalsothereexistsa onstraint

∃x

′

_{.(g ⊗}

_{N m)}

su hthat

∃x

′

_{.(g ⊗}

N m) ⊣⊢ d[~s/~z]

andthenbylemmas4.2and4.5weinferthatd

>

C

∃x

′

_{.(g|t : m)}

. Thus

byusingthemonotoni ityof

∗

−→

andbyapplyingtheaskrule,onehas

(∅;

1

; t{∀~z(c →

A)}, !Γ)

∗

−→ (x;

d

; t{∀~z(c → A)}, !Γ

′

_{) −→ (x;}

1

; Γ

′

_{, t{A[~s/~z]})}

. Moreoverbyindu tion

(24)

hypothesis,

(∅;

1

; t{A[~s/~z]}, ∆)

∗

−→ (y;

; !∆

′

₎

with

∃y.

†

_⊢

C

†

c

, hen e by using on e againthemonotoni ityof

∗

−→

weinfer

(∅;

1

; Γ, ∆, t{∀~z(c → A)})

∗

−→ (x, y;

; !Γ

′

_{, !∆}

′

₎

. As

∃y

′′

_y.

†

_⊢

C

†

c

if

∃y.

†

_⊢

C

†

c

and

y

′′

_{∩ fv(c) = ∅}

we an on lude.

π

endswithadereli tion. Thankstothepreliminaryremarksonthepermutabilityof rulesthereareonlytwosub- ases:

Γ

†

_{, d}

t

_⊢

C

†

c

Γ

†

_{, !d}

t

_⊢

C

†

c

or

Γ

†

_{, ∀~z.(d}

t

⊸ A

t

_{) ⊢}

C

†

c

Γ

†

_{, !∀~z.(d}

t

⊸ A

t

_{) ⊢}

C

†

c

In the former ase, it is lear, just re all that

!c ⊢ c

. In the latter by indu tion hypothesis,

(∅;

1

; Γ, t{∀~x(d → A)})

∗

−→ (y;

; !Γ

′

₎

, with

∃y.

†

_⊢

C

†

c

. Therefore by repla ingin thepreviousderivationtheaskrulethatredu e the

t{∀~x(d → A)}

agent (this redu tionisne essary, otherwise

!Γ

′

would notbeasequen e ofpersistentasks

only), bythe persistent ask ruleweobtain

(∅;

1

; t{∀~x(d ⇒ A)}, Γ)

∗

−→ (y;

; ∀~x(d ⇒

A)}, !Γ

′

₎

. Theresultisthenimmediate.

π

endswithapromotion:

!Γ

†

_⊢

C

†

!c

!Γ

†

_⊢

C

†

c

By indu tion hypothesis,

(∅;

1

; !Γ)

∗

−→ (y;

; !Γ

′

₎

with

∃y.

†

_⊢

C

†

c

. Just re all that

!c ⊢ c

to on lude.

π

endswithaweakening:

Γ

†

_⊢

C

†

c

Γ

†

_{, !d}

t

_⊢

C

†

c

or

Γ

†

_⊢

C

†

c

Γ

†

_{, !∀x(d}

t

_{⊸ A}

t

_{) ⊢}

C

†

c

In the former ase it is enough to noti e that

(∅;

1

; s{t :!d}, Γ)

∗

−→ (∅;

1

; Γ)

sin e

!d

t

_{⊢ 1}

. In thelatteronejust remarks thattheaddition ofsomepersistent asksto a

multi-setofanagentdoesnot hange itspseudo-su esses.

π

endswitha ontra tion:

Γ

†

_{, !d}

t

_{, !d}

t

_⊢

C

†

c

Γ

†

_{, !d}

t

_⊢

C

†

c

or

Γ

†

_{, !∀x(d}

t

⊸ A

t

_{), !∀x(d}

t

⊸ A

t

_{) ⊢}

C

†

c

Γ

†

_{, !∀x(d}

t

_{⊸ A}

t

_{) ⊢}

C

†

c

Intheformer,just note thatford su h thatd

†

_⊣⊢!d

t

(thatispossiblethankstothe

lemma 4.6),wehave

!d

t

_⊢

d

†

_⊗

d

†

. Inthelatterhavingtwoo urren esoftheagent

∀z(d ⇒ A)

doesnot hange anything, sin eall onstraint onsumedbytwoidenti al

(25)

Now,forasetSof onstraintof

C

†

,letus note

↓ S = {c ∈ C

†

_{|∃d ∈ S, d ⊢}

C

†

c}

Proposition 4.8(Observationof pseudo-su esses) ForeveryMLCC(C)agent

A

,we have:

↓ (O

p-s

(A)

†

_{) = {c ∈ C}

†

_{| A}

†

_⊢

C

†

c}

Proof: Onein lusionisobviousbyapplyingthesoundnesstheoremandbynotingthatfor

!Γ, c ⊢ c

. Theotherisadire t onsequen eofthepreviouslemma.

Theorem4.9(Observationof stores) For everyMLCC(C)agent

A

,wehave:

↓ (O

store

(A)

†

_{) = {c ∈ C}

†

_{| A}

†

_⊢

C

†

c ⊗ ⊤}

Proof: Onein lusion is stillobviousby applyingthe previoustheorem 4.4and by noting

that

Γ, c ⊢ c ⊗ ⊤

. For the other in lusion use the previous proposition, above the right

introdu tionofthetensor onne tivein

c ⊗ ⊤

andnotethatthepropertyispreservedbyall

leftintrodu tionrules.

Be ause ourtranslationofMLCCagentsimpliestheuseof bangs(!) forthepersistent

asks,wearenotabletoexa tly hara terizenal stores(and hen esu esses). Indeedthe

rule of weakeningfor the ! allows forgetting a formula orresponding to apersistent ask

beforeit onsumesany onstraintsit ould. Nonethelessbysupposingsomepropertiesover

the onstraints onsumedbythepersistentasks,we an hara terizepre iselyaninteresting