View
1
Download
0
Category
Preview:
Citation preview
16 V. Koutavas, C. Spaccasassi, M. Hennessy
A Additions to Previous Sections
A.1 Addition to Section 2
Definition of Local Commit ( co
): We now explain the e↵ect of commits on asingle active transaction k. An active transaction can initiate a commit whenit contains a top level co keyword. In this case the alternative process and thetransactional construct itself are removed as per rule TrCo. Additionally, thisoperation removes all occurrences of the co keyword from the body of the k-transaction, referring to the transaction. Any co inside an inner dormant trans-action are retained, since they refer to that inner transaction. The definition oflocal commits is given below:
P co
P 0
co.P co
P 0P
co
P 0 Q co
Q0
P |Q P 0 |Q0
8i 2 I.Pi
co
P 0i
⌃i 2 I
µi
.Pi
⌃i 2 I
µi
.P 0i
P co
P 0
⌫a.P co
⌫a.P 0
JP I QK JP I QK
The following lemmas show under which assumptions �-substitutions, whichimplement merging, leave transitions una↵ected.
Lemma A.1. Suppose P⌧�!
"
Q; then �(P )⌧�!
"
�(Q). ut
Lemma A.2. Suppose P⇣�!
�
Q; then dom(�) ] Q. ut
Lemma A.3. Suppose Pk(µ)���!e
l 7!k
Q and range(�) ] P, k. Then
�(P )�(k)(µ)�����!
�(
el) 7!�(k)
�(Q) ut
Lemma A.4. Suppose P��! Q and range(�) ] P . Then
1. if � ] �: �(P )��! �(Q);
2. if � = abk or cok and � = �0 · (k 7! l) and k, l ] �0: �(P )
�(�)���! �(Q).
A.2 Addition to Section 3
Proof. (Lem. 3.8) Similar to the proof of Lem. A.14. ut
Proof. (Lem. 3.9) Similar to the proof of Lem. A.16. ut
Bisimulations for Communicating Transactions 17
A.3 Addition to Section 4
Strong consistency is an equivalence relation, which is a congruence and closedunder decomposition.
Lemma A.5 ((l) is an Equivalence). Strong consistency is an equivalence
relation; i.e., reflexive, symmetric, and transitive. ut
Lemma A.6 ((l) is a Congruence). Suppose H11
l H21
, and H12
l H22
,
and (H11
, H12
) and (H21
, H22
) are defined. Then (H11
, H12
) l (H21
, H22
). ut
Lemma A.7 ((l) is Decomposable). Suppose (H11
, H12
) l (H21
, H22
) withdom(H
11
) = dom(H21
). Then H11
l H21
, and H12
l H22
. ut
Substitution preserves strong consistency.
Lemma A.8. For any H and �, H l �(H). ut
Transitions that preserve a history part, up to strong consistency, do notcommit or abort transactions in this part.
Lemma A.9. Suppose (H1
, H2
B P )⌘�! (H 0
1
, H3
B P 0) and H1
l H 01
. Then
there exists name substitution � such that H 01
= �(H1
) and range(�) ] H1
, H2
, P .
ut
Lemma A.10. Suppose (H1
, H2
B P )⌘1�! (H 0
1
, H3
B P 0)⌘2�! (H 00
1
, H4
B P 00)and H
1
l H 001
and dom(H1
) = dom(H 01
). Then H1
l H 01
. ut
Lemma A.11. Suppose (H B P )k(a)���! (H 0, k(a) B Q) and k ] H 0
; then H =H 0
. ut
Lemma A.12. Suppose (H1
, H2
B P )⌘�! (H 0
1
, H 02
, H 03
B Q) and dom(H1
) =dom(H 0
1
) and dom(H2
) = dom(H 02
) and H 01
] H 02
; then H1
] H2
. ut
Lemma A.13. Suppose (H0
, H1
B P )⌘�! (�(H
0
), H 01
B Q) and Nfr
] H1
, P, ⌘.Moreover, suppose (H
1
, H2
) is defined and ftn(H2
, R) ✓ ftn(H0
) [ Nfr
. Then
(H1
, H2
B P |R)⌘�! (H 0
1
,�(H2
) B Q |�(R)). ut
Predictive bisimulations and ⌘-transitions are preserved by fresh renamings.
Lemma A.14 (⌘-Equivariance). If C ⌘�! C0then Cr
fr
⌘r
fr��! C0rfr
. ut
Corollary A.15. If Crfr
⌘�! C0then C
⌘r
�1fr���! C0r�1
fr
where r�1
fr
is the inverse
renaming of rfr
.
Proof. By recalling that for each r with range(r) ] C, the inverse renaming r�1
has the property that range(r�1) = dom(r) ] Cr. ut
Lemma A.16 (Equivariance of (⇡prd
)). If C ⇡prd
D then C ⇡prd
Drfr
.
18 V. Koutavas, C. Spaccasassi, M. Hennessy
Proof. By showing that the relation
R def= {(C, Dr
fr
) | C ⇡prd
D, range(rfr
) ] D}
is a weak predictive bisimulation using Lem. A.14 and Cor. A.15. ut
The following three lemmas show that merging transactions only a↵ects theirability to commit and abort.
Lemma A.17. Suppose (H B P )k(µ)���! (H 0 B P 0), and
ei 2 dom(H) with
ftn(H(i1
), . . . , H(in
)) = el, and � = el 7! kfr
with kfr
fresh (� merges the transac-
tions
el mentioned in positions
ei of H). Then there exist k0 ] H,P and k0fr
] H 0, P 0
such that
(�(H) B �(P ))k
0(µ)���! (�0(H 0) B �0(P 0))
for �0 = el0 7! k0fr
with ftn(H 0(i1
), . . . , H 0(in
)) = el0.
Proof. We show only the proof for the case of a k(⌧)-transition; the case of a
k(a)-transition is similar. The transition is derived by LTS
0k(⌧): Pk(⌧)���!
�
00 P 0
and k ] H and H 0 = �00(H) and �00 = el00 7! k. Also, k ] P, kfr
. We consider twomutually exlusive cases:
1. For all i 2 ei we have H(i) = H 0(i): This means that el ] el00 (because all elappear in some of the H(i)). In this case � and �0 commute and we easily
derive �(P )k(⌧)���!
�
00 �(P 0) and (�(H) B �(P ))k(⌧)���! (�(H 0) B �(P 0)). This
case of the proof is completed by taking k0 = k, k0fr
= kfr
, and �0 = �.
2. There exists i 2 ei such that H(i) 6= H 0(i): It must be H(i) = l1
(a) and
H 0(i) = k(a), for some l1
and a. Thus there must be l001
2 el00 such that
l1
= l001
. We take fresh k0fr
and let �(3) = (kfr
, (el00 \ l001
)) 7! k0fr
and �0 = (k, (el \l1
)) 7! k0fr
and derive
�(P )k
0fr
(⌧)���!�
(3) �0(P 0)
and �(3)(�(H)) = �0(�00(H)), from which we have (�(H) B �(P ))k
0fr
(⌧)���!(�0(H 0) B �0(P 0)), completing the proof. ut
Lemma A.18. Suppose (H B P )⌧�! (H 0 B P 0) and
ei 2 dom(H) with
ftn(H(i1
), . . . , H(in
)) = el, and � = el 7! kfr
with kfr
fresh. Moreover, for all
i 2 ei, H(i) l H 0(i) (the transactions
el mentioned in positions
ei of H are not
committed or aborted in the transition). Then
(�(H) B �(P ))⌧�! (�(H 0) B �(P 0)) ut
Corollary A.19. Suppose (H B P )⌘
=) (H 0 B P 0) and
ei 2 dom(H) with
ftn(H(i1
), . . . , H(in
)) = el, and � = el 7! kfr
with kfr
fresh. Moreover, for all
i 2 ei, H(i) l H 0(i) (the transactions
el mentioned in positions
ei of H are not
Bisimulations for Communicating Transactions 19
committed or aborted in the transition). Then there exists fresh renaming rfr
k0fr
] H 0, P 0such that
(�(H) B �(P ))⌘r
fr==) (�0(H 0) B �0(P 0))
for �0 = el0 7! k0fr
with ftn(H 0(i1
), . . . , H 0(in
)) = el0. ut
The following two lemmas express the converse properties.
Lemma A.20. Suppose (�(H) B �(P ))⌧�! (H 0 B P 0) and
ei 2 dom(H) with
ftn(H(i1
), . . . , H(in
)) = el, and � = el 7! kfr
with kfr
fresh. Moreover, for all
i 2 ei, �(H)(i) = H 0(i) (the kfr
transaction mentioned in positions
ei of H is not
commited or aborted in the transition). Then there exist H 00and P 00
such that
for all i 2 ei, H(i) = H 00(i) and
H 0 = �(H 00) P 0 = �(H 00) (H B P )⌧�! (H 00 B P 00) ut
Lemma A.21. Suppose (�(H) B �(P ))k(µ)���! (H 0 B P 0) and
ei 2 dom(H) with
ftn(H(i1
), . . . , H(in
)) = el, and � = el 7! kfr
with kfr
fresh. Then there exist H 00,
P 00and k0 ] H,P and k0
fr
] H 00, P 00such that
H 0 = �0(H 00) P 0 = �0(H 00) (H B P )k
0(µ)���! (H 00 B P 00)
for �0 = el0 7! k0fr
with ftn(H 00(i1
), . . . , H 00(in
)) = el0. ut
Weak predictive bisimilarity is closed under merging of transactions recordedin the history.
Proposition A.22. Consider the relation Y ✓ Conf
Act]⌦
⇥ Conf
Act]⌦
:
Y def
=n
((�1
(H1
) B �1
(P1
)), (�2
(H2
) B �2
(P2
)))�
�
�
9ei,el1
,el2
, kfr1
, kfr2
.(H
1
B P1
) ⇡prd
(H2
B P2
)
ftn(H1
(i1
), . . . , H1
(in
)) = el1
ftn(H2
(i2
), . . . , H2
(in
)) = el2
�1
= el1
7! kfr1
�2
= el2
7! kfr2
kfr1
, lfr2
] H1
, P1
, H2
, P2
o
Y is a weak predictive bisimulation.
Proof. Let (�1
(H1
) B �1
(P1
)) Y (�2
(H2
) B �2
(P2
)) with (H1
B P1
) ⇡prd
(H2
BP2
) and let ei,el1
,el2
, kfr1
, kfr2
with
ftn(H1
(i1
), . . . , H1
(in
)) = el1
ftn(H2
(i2
), . . . , H2
(in
)) = el2
�1
= el1
7! kfr1
�2
= el2
7! kfr2
kfr1
, lfr2
] H1
, P1
, H2
, P2
It su�ces to show that if (�1
(H1
) B �1
(P1
))⌘�! (H 0
1
B P 01
) then there exist
H 02
, P 02
such that (�2
(H2
) B �2
(P2
))⌘
=) (H 02
B P 02
) and (H 01
B P 01
) Y (H 02
B P 02
).
Let (�1
(H1
) B �1
(P1
))⌘�! (H 0
1
B P 01
). We proceed by case analysis on ⌘.
20 V. Koutavas, C. Spaccasassi, M. Hennessy
1. ⌘ = k(µ): by Lem. A.21 there exist H 001
, P 001
and k0 ] H1
, P1
and k0fr
] H 001
, P 001
such that
H 01
= �01
(H 001
) P 01
= �0(H 001
) (H1
B P1
)k
0(µ)���! (H 00
1
B P 001
)
for �01
= el01
7! k0fr1
with ftn(H 001
(i1
), . . . , H 001
(in
)) = el01
.From (⇡
prd
): there exists H 02
and P 02
such that
(H2
B P2
)k
0(µ)
===) (H 02
B P 02
) (H 01
B P 01
) ⇡prd
(H 02
B P 02
)
This case of the proof is completed by Cor. A.19.2. ⌘ = ⌧ : the case where ek
fr
is not commited or aborted in the transitionis proven by Lem. A.20 and Cor. A.19, similarly to the previous case. Inthe case where k
fr1
is commited in the transition, it must be that all of el1
can commit in (H1
B P1
). Thus, by (⇡prd
), all of el2
can weakly commit in(H
2
B P2
), and therefore (�2
(H2
) B �2
(H2
)) can weakly commit kfr2
. ut
A.4 Addition to Section 5
When restricting relations to processes in LAct
theorems 4.5, 4.6, and 5.4 estab-lish the inclusions
(⇡) ✓ (⇡prd
) ✓ (⇠=rbe
) ✓ (⇡)
and therefore the equalities
(⇡) = (⇡prd
) = (⇠=rbe
)
Thus, besides (⇡prd
), relation (⇡) for processes in LAct
is also compositional.
Theorem A.23. If P ⇡ Q and ftn(R) ] P,Q and P,Q,R 2 LAct
then P |R ⇡Q |R.
B Proof of Theorem 4.6
As we saw in example (2) in the Introduction, a single transaction can be equiva-lent to multiple transactions forming a single logical transaction. Thus, to provecompositionality of (⇡
prd
) we need a general way to identify contexts with thesame structure but di↵erent transaction names. To do this we let g range oversets of transaction names and work with relations over such sets, ranged overby G. A singleton relation between such sets is definable from histories with thesame domain.
Definition B.1 (Singleton History Relation). If dom(H1
) = dom(H2
) then
hH1
;H2
i def
= {(ftn(H1
), ftn(H2
))}
Bisimulations for Communicating Transactions 21
We build composite history relations from singleton relations using a form ofseparating conjuction.
Definition B.2 (Composite History Relation). If (H11
, H12
) and (H21
, H22
)are defined histories (i.e., H
i1
and Hi2
have disjoint domains for i 2 {1, 2}), andH
11
] H12
and H21
] H22
, then
hH11
;H21
i � hH12
;H22
i def
= hH11
;H21
i [ hH12
;H22
i
A history relation is indivisible when its components cannot be separatedinto smaller parts with no overlapping transaction names.
Definition B.3 (Indivisible History Relation).
1. hH1
;H2
i is indivisible when there is no H11
, H12
, H21
, and H22
such that
H1
= H11
, H12
and H2
= H21
, H22
and hH11
;H21
i � hH12
;H22
i is defined.
2. hH11
;H21
i � . . .� hH1n
;H2n
i is indivisible when each hH1i
;H2i
i is indivis-
ible, and H1i
6= " and H2i
6= ", for all i 2 {1, . . . , n}.
The intuition of the above definition is that when hH1
;H2
i is indivisiblethen the names in H
1
form a single logical transaction—and similarly for thenames in H
2
. For example, R2
in Fig. 3 contains the histories (k1
(a), k2
(b)) and(k
1
(a), k1
(b)) which denotes the singleton relation
⌦�
k1
(a), k2
(b)�
;�
k1
(a), k1
(b)�↵
= {({k1
, k2
}, {k1
})}
This singleton relation expresses the intention that k1
and k2
represent the sametransaction in the left-hand side of the relation. Note that in another examplewe may have the indivisible history relation
⌦�
k1
(a), k1
(b), k2
(c)�
;�
l1
(a), l2
(b), l2
(c)�↵
= {({k1
, k2
}, {l1
, l2
})}
denoting that a single logical transaction corresponds to transactions k1
, k2
inthe left-hand side, and l
1
, l2
in the right-hand side of the relation.
An important property of strongly consistent histories is that there is a uniqueway for which they can form an indivisible history relation, given by the followingconstruction.1
1 We do not extend⌦⌦H1 ; H2
↵↵to simply consistent histories because they may relate
uncommitable k(a)-actions to ab-actions, complicating the definition and propertiesof this construction.
22 V. Koutavas, C. Spaccasassi, M. Hennessy
Definition B.4 (⌦⌦
H1
; H2
↵↵
). If H1
and H2
are strongly consistent, then we
define
⌦⌦
H1
; H2
↵↵
as follows:
⌦⌦
" ; "↵↵
def
= ;⌦⌦
(i 7! ab), H1
; (i 7! ab), H2
↵↵
def
=⌦⌦
H1
; H2
↵↵
⌦⌦
(i 7! a), H1
; (i 7! a), H2
↵↵
def
=⌦⌦
H1
; H2
↵↵
⌦⌦
(i 7! k(a)), H1
; (i 7! l(a)), H2
↵↵
def
=let
⌦⌦
H1
; H2
↵↵
= hH11
;H21
i � . . .� hH1n
;H2n
i inif k ] (
S
H1i
) and l ] (S
H2i
) then
h(i 7! k(a)); (i 7! l(a))i �⌦⌦
H1
; H2
↵↵
if 9m n s.t. k 2 ftn (H1m
) and l ] (S
H2i
) then
hH11
;H21
i � . . .� h(i 7! k(a)), H1m
; (i 7! l(a)), H2m
i � . . .� hH1n
;H2n
iif k ] (
S
H1i
) and 9m n s.t. l 2 ftn (H2m
) thenhH
11
;H21
i � . . .� h(i 7! k(a)), H1m
; (i 7! l(a)), H2m
i � . . .� hH1n
;H2n
iif 9m
1
,m2
n s.t. k 2 ftn (H1m1) and l 2 ftn (H
2m2) thenhH
11
;H21
i � . . .�⌦
H1(m1�1)
;H2(m1�1)
↵
�⌦
H1(m1+1)
;H2(m1+1)
↵
� . . .�⌦
H1(m2�1)
;H2(m2�1)
↵
�⌦
H1(m2+1)
;H2(m2+1)
↵
� . . .� hH1n
;H2n
i �h(i 7! k(a)), H
1m1 , H1m2 ; (i 7! l(a)), H2m1 , H2m2i
Note that w.l.o.g. in the last clause we assume m1
< m2
.
For any two strongly consistent histories the above construction defines theunique indivisible history relation derivable from the two strongly consistenthistories.
Lemma B.5. Suppose H1
and H2
are strongly consistent. Then there exist
H11
, . . . , H1n
and H21
, . . . , H2n
such that H1
= H11
, . . . , H1n
and H2
= H21
, . . . , H2n
and
⌦⌦
H1
; H2
↵↵
= hH11
;H21
i � . . . � hH1n
;H2n
i
which is an indivisible history relation.
Proof. By induction on the construction of⌦⌦
H1
; H2
↵↵
. ut
Lemma B.6. If (H11
, . . . , H1n
) and (H21
, . . . , H2n
) are defined histories and
hH11
;H21
i � . . .� hH1n
;H2n
i is an indivisible history relation then
hH11
;H21
i � . . .� hH1n
;H2n
i =⌦⌦
H11
, . . . , H1n
; H21
, . . . , H2n
↵↵
Proof. By induction on the number of components of hH11
;H21
i � . . .� hH1n
;H2n
i.To prove the inductive step, we use an inner induction on the size of the addi-tional component. ut
Corollary B.7. If we can derive
⌦⌦
H1
; H2
↵↵
= G1
and
⌦⌦
H1
; H2
↵↵
= G2
then
G1
= G2
. ut
Bisimulations for Communicating Transactions 23
In the following we will implicitly use the above properties of⌦⌦
H1
; H2
↵↵
forany strongly consistent H
1
and H2
.Because �-substitutions preserve strong consistency (Lem. A.8), they also
preserve history relations.
Lemma B.8. Suppose g1
⌦⌦
H1
; H2
↵↵
g2
and l1
2 g1
and l2
2 g2
. For any �,
there exist g01
, g02
such that g01
⌦⌦
H1
; �(H2
)↵↵
g02
and l1
2 g01
and �(l2
) 2 g02
. ut
A second important property of history relations established by predictivebisimilar histories is expressed in the following proposition stating that a TCCSm
transaction k which can immediately commit represents by itself a single logicaltransaction.
Proposition B.9. Suppose (H1
B P1
) ⇡prd
(H2
B P2
) and P1
cok��!. Then either
1. k ] H1
, or
2. there exist H10
and H20
such that
⌦⌦
H1
; H2
↵↵
= hH10
;H20
i � . . . and
ftn(H10
) = {k}.
Proof. By contradiction. Assume
⌦⌦
H1
; H2
↵↵
= hH10
;H20
i � hH11
;H21
i � . . . hH1n
;H2n
i
andH
10
= k(a), k1
(a1
), k2
(a2
), . . . , km1(am1), k(am1+1
), . . . , k(am2)
for some ek, ea, and a, with ki
6= k for all i 2 {1, 2, . . .m1
}.By definition of strong consistency
H20
= l(a), l1
(a1
), l2
(a2
), . . . , lm1(am1), lm1+1
(am1+1
), . . . , lm2(am2)
for some el. We then have
(k(a), k1
(a1
), k2
(a2
), . . . , km1(am1), k(am1+1
), . . . , k(am2), H11
, . . . , H1n
B P1
)cok��!
(a, k1
(a1
), k2
(a2
), . . . , km1(am1), am1+1
, . . . , am2 , H11
, . . . , H1n
B Q1
) = C1
By the definition of (⇡prd
) we have:
(l(a), l1
(a1
), l2
(a2
), . . . , lm1(am1), lm1+1
(am1+1
), . . . , lm2(am2), H21
, . . . , H2n
B P2
)col��!
(a, l1
(a1
), l2
(a2
), . . . , lm1(am1), am1+1
, . . . , am2 , H21
, . . . , H2n
B Q2
) = C2
and C1
⇡prd
C2
. However, this means that {l1
, l2
, . . . , lm1}\ {l, l
m1+1
, . . . , lm2} =
; and therefore hH10
;H20
i is not indivisible, contradicting the assumption throughLem. B.5. ut
To prove compositionality of (⇡prd
), we need to extend history relations toprocesses and histories.
24 V. Koutavas, C. Spaccasassi, M. Hennessy
Definition B.10. A relation G over processes is the least congruence satisfying:
JP .k
QK G JP .l
QK when 9g1
, g2
such that g1
G g2
and k 2 g1
and l 2 g2
Moreover, G over histories is the least congruence satisfying:
(i 7! k(a)) G (i 7! l(a)) when 9g1
, g2
such that g1
G g2
and k 2 g1
and l 2 g2
It is easy to show that histories related under a G relation are stronglyconsistent.
Lemma B.11. If H1
G H2
then H1
l H2
. ut
The following are strong bisimulation results for⌦⌦
H1
; H2
↵↵
-relations. Wewill use these results to reason about contexts related under such relations.
Lemma B.12. Suppose P1
⌦⌦
H1
; H2
↵↵
P2
k(a)���!�2 Q
2
and k ] H1
, H2
, P1
, P2
.
Then there exist Q1
and �1
such that
P1
k(a)���!�1 Q
1
⌦⌦
�1
(H1
), k(a) ; �2
(H2
), k(a)↵↵
Q2
and for each l1
2 dom(�1
) there exists l2
2 dom(�2
) such that l1
⌦⌦
H1
; H2
↵↵
l2
.
ut
Lemma B.13. Suppose P1
⌦⌦
H1
; H2
↵↵
P2
k(⌧)���!�2 Q
2
and k ] H1
, H2
, P1
, P2
.
Then there exist Q1
and �1
such that
P1
k(⌧)���!�1 Q
1
⌦⌦
�1
(H1
) ; �2
(H2
)↵↵
Q2
ut
Lemma B.14. Suppose P1
⌦⌦
H1
; H2
↵↵
P2
⌧�!"
Q2
. Then there exists Q1
such
that
P1
⌧�!"
Q1
⌦⌦
H1
; H2
↵↵
Q2
ut
Lemma B.15. Suppose P1
⌦⌦
H1
; H2
↵↵
P2
new k���! Q2
and k ] H1
, H2
, P1
, P2
.
Then there exists Q1
such that
P1
new k���! Q1
⌦⌦
H1
; H2
↵↵
Q2
ut
Lemma B.16. Suppose P1
⌦⌦
H1
; H2
↵↵
P2
cok��! Q2
. Then
1. if k ] H1
, H2
then there exists Q1
such that
P1
cok��! Q1
⌦⌦
H1
; H2
↵↵
Q2
2. if ({l}, {k}) 2⌦⌦
H1
; H2
↵↵
then there exists Q1
such that
P1
col��! Q1
⌦⌦
H1
\co
l ; H2
\co
k↵↵
Q2
ut
Bisimulations for Communicating Transactions 25
Lemma B.17. Suppose P1
⌦⌦
H1
; H2
↵↵
P2
abk��! Q2
and k ] H1
. Then there
exists Q1
such that
P1
abk��! Q1
⌦⌦
H1
; H2
↵↵
Q2
The following is a corollary of Lem. B.8.
Corollary B.18.
1. If P1
⌦⌦
H1
; H2
↵↵
P2
then P1
⌦⌦
H1
; �(H2
)↵↵
�(P2
).2. If H 0
1
⌦⌦
H1
; H2
↵↵
H 02
then H 01
⌦⌦
H1
; �(H2
)↵↵
�(H 02
). ut
The main result in this section, from which Thm. 4.6 easily follows, is thatthe following relation Z is a weak predictive bisimulation.
Proposition B.19. Consider the relation Z ✓ Conf
Act]⌦
⇥ Conf
Act]⌦
:
Z def
=n
((H11
, H12
B P1
|R1
), (H21
, H22
B P2
|R2
))�
�
�
9H10
, H20
, Nfr
:(H
10
, H11
B P1
) ⇡prd
(H20
, H21
B P2
)and dom(H
10
) = dom(H20
)and dom(H
11
) = dom(H21
)and dom(H
12
) = dom(H22
)and R
1
⌦⌦
H10
, H11
; H20
, H21
↵↵
R2
and H12
⌦⌦
H10
, H11
; H20
, H21
↵↵
H22
and ftn(R1
, H12
) ✓ ftn(H10
) [Nfr
and ftn(R2
, H22
) ✓ ftn(H20
) [Nfr
and N ] H10
, H11
, H20
, H21
, P1
, P2
o
Z is a weak predictive bisimulation.
Proof. Let
C1
= (H11
, H12
B P1
|R1
) Z (H21
, H22
B P2
|R2
) = C2
with (H10
, H11
B P1
) ⇡prd
(H20
, H21
B P2
),
dom(H10
) = dom(H20
) dom(H11
) = dom(H21
) dom(H12
) = dom(H22
)
and
R1
⌦⌦
H10
, H11
; H20
, H21
↵↵
R2
H12
⌦⌦
H10
, H11
; H20
, H21
↵↵
H22
and ftn(R1
, H12
) ✓ ftn(H10
) [ Nfr
and ftn(R2
, H22
) ✓ ftn(H20
) [ Nfr
and N ]H
10
, H11
, H20
, H21
, P1
, P2
.We need to prove that C
1
and C2
satisfy the conditions of Def. 4.4. The firstcondition ((H
11
, H12
) s.c. to (H21
, H22
)) follows from Lem.(s) A.6, A.7 and B.11.We now show the proof of the second condition; the proof of its symmetric
condition is similar and omitted. Let C1
⌘�! D1
be a commitable transition. Weproceed by case analysis on this transition. The interesting cases of this proofare those where communication occurs between the P
1
and R1
:
26 V. Koutavas, C. Spaccasassi, M. Hennessy
LTS
0⌧ : C1
= (H11
, H12
B P1
|R1
)⌧�! (H
11
, H12
B T1
) = D1
and P1
|R1
⌧�!"
T1
.
By case analysis of P1
|R1
⌧�!"
T1
there are only three applicable processtransition rules:
1. CCSsync: T1
= Q1
|S1
and P1
a�!"
Q1
and R1
a�!"
S1
.By Lem. 3.5, for k ] H
10
, H11
, H12
, H20
, H21
, H22
, R1
, R2
, P1
, P2
:
R1
k(a)���!" 7!k
R01
cok��! S1
(H10
, H11
B P1
)k(a)���! (H
10
, H11
, k(a) B P 01
)⌧�! (H
10
, H11
, a B Q1
)
Because (H10
, H11
B P1
) ⇡prd
(H20
, H21
B P2
):
(H20
, H21
B P2
)⌧
=)(H 020
, H 021
B P 02
)
k(a)���!(H 0020
, H 0021
, k(a) B P 002
)⌧
=)(H(3)
20
, H(3)
21
, l(a) B P(3)
2
)⌧�!(H(4)
20
, H(4)
21
, a B P(4)
2
)⌧
=)(H(5)
20
, H(5)
21
, a B Q2
)
and
(H10
, H11
, a B Q1
) ⇡prd
(H(5)
20
, H(5)
21
, a B Q2
)
with H10
s.c. to H(5)
20
and H11
s.c. to H(5)
21
. By Lem. A.5 and because H10
s.c.
to H20
and H11
s.c. to H21
: H20
s.c. to H(5)
20
and H21
s.c. to H(5)
21
. Thereforefrom Lem. A.10 we conclude that the commit of the l-transaction does nota↵ect H
(3)
20
, H(3)
21
and thus H(3)
20
= H(4)
20
and H(3)
21
= H(4)
21
and l ] H(3)
20
H(3)
21
.By Lem. A.12, k ] H 00
20
, H 0021
, and by Lem. A.11, H 020
= H 0020
and H 021
= H 021
.By Lem.(s) A.5, A.9, A.10, A.14 and A.16, there exist �0, �00, �(3), �(4) suchthat
(H20
, H21
B P2
)⌧
=)(�0(H20
, H21
) B P 02
)
k(a)���!(�0(H20
, H21
), k(a) B P 002
)⌧
=)(�00(�0(H20
, H21
)), l(a) B P(3)
2
)⌧�!(�00(�0(H
20
, H21
)), a B P(4)
2
)⌧
=)(�(3)(�00(�0(H20
, H21
))), a B Q2
)
with �00(k) = l and and range(�0,�00,�(3)) fresh from all other names andk ] �0,�0(H
20
),�0(H21
) and
(H10
, H11
, a B Q1
) ⇡prd
(�(3)(�00(�0(H20
, H21
))), a B Q2
)
Bisimulations for Communicating Transactions 27
Moreover, because R1
⌦⌦
H10
, H11
; H10
, H21
↵↵
R2
and R1
k(a)���!" 7!k
R01
cok��!S1
, by Cor. B.18 and Lem. B.12 and because k ] �0(H20
):
R1
⌦⌦
H10
, H11
; �0(H20
, H21
)↵↵
�0(R2
)
�0(R2
)k(a)���!
" 7!k
R02
R01
⌦⌦
H10
, H11
, k(a) ; �0(H20
, H21
), k(a)↵↵
R02
By Cor. B.18 and Lem. B.16 (2) and because k ] H10
, H11
and l ] �00(�0(H20
, H21
))(thus ({k}, {l}) 2
⌦⌦
H10
, H11
, k(a) ; �00(H20
, H21
), l(a)↵↵
):
R01
⌦⌦
H10
, H11
, k(a) ; �00(H20
, H21
), l(a)↵↵
�00(R02
)
�00(R02
)col��! S
2
S1
⌦⌦
H10
, H11
, a ; �00(H20
, H21
), a↵↵
S2
And by Cor. B.18 again: S1
⌦⌦
H10
, H11
, a ; �(3)(H20
, H21
), a↵↵
�(3)(S2
). More-over, by the same corollary:
H12
⌦⌦
H10
, H11
; H20
, H21
↵↵
H22
H12
⌦⌦
H10
, H11
; �0(H20
, H21
)↵↵
�0(H22
)
H12
⌦⌦
H10
, H11
; �00(�0(H20
, H21
))↵↵
�00(�0(H22
))
H12
⌦⌦
H10
, H11
; �(3)(�00(�0(H20
, H21
)))↵↵
�(3)(�00(�0(H22
)))
From the above and Lem. A.13 we get:
(H21
, H22
B P2
|R2
)⌧
=)(�0(H21
, H22
) B P 02
|�0(R2
))
k(⌧)���!(�0(H21
, H22
) B P 002
|R02
)⌧
=)(�00(�0(H21
, H22
)) B P(3)
2
|�00(R02
))⌧�!(�00(�0(H
21
, H22
)) B P(4)
2
|S2
)⌧
=)(�(3)(�00(�0(H21
, H22
))) B Q2
|�(3)(S2
))
and by properties of transitions and substitutions there exists set of freshnames N 0
fr
such that
ftn(S1
, H12
) ✓ ftn(H10
) [N 0fr
ftn(�(3)(S2
),�(3)(�00(�0(H22
))) ✓ ftn(�(3)(�00(�0(H20
)))) [N 0fr
and thus
(H11
, H12
B Q1
|S1
) Z (�(3)(�00(�0(H21
, H22
))) B Q2
|�(3)(S2
))
completing this case of the proof.
28 V. Koutavas, C. Spaccasassi, M. Hennessy
2. ParL: T1
= Q1
|R1
and P1
⌧�!"
Q1
.Here we proceed as in the previous case, deriving
(H20
, H21
B P2
)⌧
=) (�0(H20
, H21
) B Q2
)
(H10
, H11
B Q1
) ⇡prd
(�0(H20
, H21
) B Q2
)
and
(H21
, H22
B P2
|R2
)⌧
=) (�0(H21
, H22
) B Q2
|�0(R2
))
(H11
, H12
B Q1
|R1
) Z (�0(H21
, H22
) B Q2
|�0(R2
))
3. The symmetric of ParL: This case follows from Lem. B.14.
LTS
0k(⌧): C1
= (H11
, H12
B P1
|R1
)k(⌧)���! (�(H
11
, H12
) B T1
) = D1
and
P1
|R1
k(⌧)���!�1 T
1
.By case analysis on the last transition we have three applicable sub-cases:
TrSync, and ParL and its symmetric. The proof of the last two sub-cases isthe same as in the corresponding cases for a LTS
0⌧ transition. The proof in thesub-case of TrSync is as follows.
1. TrSync: T1
= Q1
�12
|S1
�11
and P1
k(a)���!�11 Q
1
and R1
k(a)���!�12 S
1
and
�11
= (el11
7! k) and �12
= (el12
7! k) and �1
= (el11
,el12
7! k).Because transitions and relations are equivariant, we assume w.l.o.g. k ]H
10
, H11
, H12
, H20
, H21
, H22
, R1
, R2
, P1
, P2
. Because (H10
, H11
B P1
) ⇡prd
(H20
, H21
B P2
) and (H10
, H11
B P1
)k(a)���! (�
11
(H10
, H11
), k(a) B Q1
):
(H20
, H21
B P2
)⌧
=)(H 020
, H 021
B P 02
)
k(a)���!(H 0020
, H 0021
, k(a) B P 002
)⌧
=)(H(3)
20
, H(3)
21
, l(a) B Q2
)
and(�
11
(H10
, H11
), k(a) B Q1
) ⇡prd
(H(3)
20
, H(3)
21
, l(a) B Q2
)
with �11
(H10
) s.c. toH(3)
20
and �11
(H11
) s.c. toH(3)
21
. By Lem.(s) A.5 and A.10and because �
11
(H10
) s.c. to H10
s.c. to H20
, and �11
(H11
) s.c. to H11
s.c.to H
21
:
H20
s.c. to H 020
s.c. to H 0020
s.c. to H(3)
20
H21
s.c. to H 021
s.c. to H 0021
s.c. to H(3)
21
Thus by Lem. A.9, there exist �0, �00, and �21
such that:
(H20
, H21
B P2
)⌧
=)(�0(H20
, H21
) B P 02
)
k(a)���!(�21
(�0(H20
, H21
)), k(a) B P 002
)⌧
=)(�00(�21
(�0(H20
, H21
))), l(a) B Q2
)
Bisimulations for Communicating Transactions 29
with range(�21
) = {k} and �00(k) = l and range(�0,�00,�21
) fresh from allother names and k ] �0,�0(H
20
),�0(H21
) and
(�11
(H10
, H11
), k(a) B Q1
) ⇡prd
(�00(�21
(�0(H20
, H21
))), l(a) B Q2
)
Moreover, because R1
⌦⌦
H10
; H20
↵↵
R2
and R1
k(a)���!�12 S
1
, by Cor. B.18and Lem. B.12:
R1
⌦⌦
H10
, H11
; �0(H20
, H21
)↵↵
�0(R2
) (9)
�0(R2
)k(a)���!
�22 S2
(10)
S1
⌦⌦
�12
(H10
, H11
), k(a) ; �22
(�0(H20
, H21
)), k(a)↵↵
S2
By Cor. B.18 again, and because dom(�12
) ] S1
and dom(�22
) ] S2
(byLem. A.2):
�11
(S1
)⌦⌦
�11
(�12
(H10
, H11
)), k(a) ; �21
(�22
(�0(H20
, H21
))), k(a)↵↵
�21
(S2
)
�1
(S1
)⌦⌦
�1
(H10
, H11
), k(a) ; �2
(�0(H20
, H21
)), k(a)↵↵
�2
(S2
)
�1
(S1
)⌦⌦
�1
(H10
, H11
), k(a) ; �00(�2
(�0(H20
, H21
))), k(a)↵↵
�00(�2
(S2
))
From the above and Lem.(s) A.2 and A.13 we get:
(H21
, H22
B P2
|R2
)⌧
=)(�0(H21
, H22
) B P 02
|�0(R2
))
k(⌧)���!(�2
(�0(H21
, H22
)) B �22
(P 002
) |�21
(S2
))
=(�2
(�0(H21
, H22
)) B �2
(P 002
) |�2
(S2
))
and
(�21
(�0(H21
, H22
)) B �21
(P 002
) |S2
)⌧
=)(�00(�21
(�0(H21
, H22
))) B Q2
|�00(�2
(S2
)))
We know that dom(�22
) 2 ftn(�0(H20
, H21
)) [Nfr
(because of (9) and (10))and the transactions in dom(�
22
) do not commit/abort in this weak transi-tion (because (H
10
, H11
=H20
, H21
)). Thus, by Cor. A.19:
(�2
(�0(H21
, H22
)) B �2
(P 002
) |�2
(S2
))⌧
=)(�00(�2
(�0(H21
, H2
))) B Q2
|�00(�2
(S2
)))
The proof is completed by Prop. A.22.
ut
C Proof of Theorem 5.1
Theorem C.1 (Congruence of (⇡)). If P ⇡ Q and ftn(R) ] P,Q then
P |R ⇡ Q |R.
30 V. Koutavas, C. Spaccasassi, M. Hennessy
Proof.
P ⇡ Q implies (; B P ) ⇡ (; B Q)
implies (; B P ) ⇡prd
(; B Q)
implies (; B P |R) ⇡prd
(; B Q |R)
implies P |R ⇠=rbe
Q |R implies P |R ⇡ Q |R ut
Corollary C.2 (Soundness of (⇡)). If P ⇡ Q then P ⇠=rbe
Q.
D proof of Theorem 5.4
D.1 Theorem
Lemma D.1 (�-distributivity). For any history H1
and substitution �, LHM� =LH�M.
Proof. Trivial, by induction on the length of H.
Lemma D.2 (History translation over parallel). LHM | Li 7! k(a)M = LH, k(a)M
Proof. Trivially by definition. We will use this observation often, so it is usefulto have it as a separate lemma.
Lemma D.3. LkiM �! P implies P = Li 7! k(a)M
Proof. This lemma can be proved easily proved by considering that LkiM canperform either a k(a), ⌧ or abk action. In the first case, the resulting term isLi 7! k(a)M, in the second case it is Lk(?)M, and in the third case it is Li 7! abM.
Lemma D.4. H\co
k |H 0\co
k = (H,H 0)\co
k
Proof. The \co
k operator trivially distributes over parallel terms by definition.
Lemma D.5. H\ab
k |H 0\ab
k = (H,H 0)\ab
k
Proof. The \ab
k operator trivially distributes over parallel terms by definition.
Lemma D.6. For any history H, transaction name k and a 2 LAct
, LHM 6 ⌧�!LHM 6 k(⌧)���!,
6 a�! and 6 k(a)���!.
Proof. This lemma can be proved by induction. If the length of the history iszero, then the lemma is trivial. In the inductive case, it is su�cient to notice thatthe definition of history translation does not contain any ⌧or a 2 Act actions.
Lemma D.7. LHM |P �! Q implies Q = LH 0M |Q0
Bisimulations for Communicating Transactions 31
Proof. This lemma can be proved by induction on the derivation LHM |P �! Q.According to 6, this derivation can be derived either by a ⌧ , k(⌧), abk or cokaction. In the first two cases, by Lemma D.6, we know that the translation ofhistory H
1
cannot perform any action ⌧ , k(⌧), a or k(a) action, thus only ruleParL can be used, history H is unchanged and thus Q = LHM |Q0 for some Q0.In the latter two cases, the same analysis holds if transaction name k from abkor cok does not occur in H. If it does, then we can use rule TrBroadcast toprove both cases. We can prove by induction on the length of the history thatthe resuling abort or commit action produces another history. If the historyis empty, the case is trivial. In the inductive step, recall that Li 7! k(a)M =qco |!commit
ai
.k
!abort
i
y. If transaction k is committed, it become !commit
ai
whichis equal to Li 7! aM. If it is aborted, it becomes !abort
i
, which is equal to Li 7! abM.Thus in both cases the commit or abort action produces a term in the form of ahistory, which proves the inductive step and concludes the proof of this lemma.
Lemma D.8. Suppose that Pk(a)���!
�1 P 0, �
1
= el1
7! k and that �2
= el2
7! k.
Then P 0�2
= P 0�, where � = (el1
,el2
) 7! k.
Proposition D.9 (Prop. E.4). Suppose P 2 LAct
2
and (H1
B P )k�!
�
(H2
BQ) with H
2
= �(H1
), (i 7! k(a)) and k0 ] k,H1
, P ; then LH1
M |P | Lk0Mi !LH
2
M |Q.
Proof. We will provide a derivation for the transition we are required to find.
Suppose that:
1. (H1
B P )k�!
�
(H2
B Q)2. H
2
= H1
�, (i 7! k(a)).3. k0 ] k,H
1
, P
We need to show that LH1
M |P | Lk0Mi ! LH2
M |Q.
By definition of H2
and omitting index i for the moment, we can rewriteAssumption 1 as:
(H1
B P )k�!
�
(�(H1
), k(a) B Q)
By inversion, this transition can be deduced either by the LTSk(a) rule or bythe LTS? rule. Let us proceed by analysing each case.
LTSk(a) case : from this rule we deduce that a = a and Pk(a)���!
�1 Q (*) for some �1
.Moreover, we can infer by inversion on the CCS rules that �
1
= l 7! kfor some transaction name l, since this rule can only be applied when thedomain of the substitution �
1
is a single name l.
2 I think this proposition is true even when P 2 LAct[⌦ .
32 V. Koutavas, C. Spaccasassi, M. Hennessy
Consider now LH1
M |P | Lk0(a)Mi. By definition of translation L�M, recall that:
Lk0Mi =tco |
X
a2Act
a.!commit
ai
!
+ !before
i
+ ⌧.0 .k
!abort
i
|
from which, by virtue of the internal infinite sum and by rules CCS-Sum
and TrAct, we can derive:
Lk0Mi k(a)���!�2
qco |!commit
ai
.k
!abort
i
y(⇤⇤)
where �2
= (k0 7! k). By rule TrSync, (*) and (**), and by rule ParL, wecan derive:
LH1
M |P | Lk0Mi k(⌧)���!�
LH1
M� |qco |!commit
ai
.k
!abort
i
y�1
|Q�2
(⇤ ⇤ ⇤)
where �0 = (l, k0) 7! k. Because of Assumption 3, Q�2
= Q, since k0 does notoccur in Q. Moreover, by definition of Lk0M, transaction name l cannot oc-cur in Lk0M, and thus we can also infer that
qco |!commit
ai
.k
!abort
i
y�1
=qco |!commit
ai
.k
!abort
i
y. By definition of History Translation and by As-
sumption 2:
qco |!commit
ai
.k
!abort
i
y= Li 7! k(a)M by definition
LH1
M� | Li 7! k(a)M = LH1
, i 7! k(a)M by definition
LH1
�, i 7! k(a)M = LH2
M by Assumption 2
LH1
M |P | Lk0Mi ! LH2
M |Q by definition
which proves the first case.
LTS? case : from this rule we can only deduce a = ?. Suppose that Lk0M takes theinternal step ⌧ :
LH1
M |P | Lk0Mi ! LH1
M |qco .
k
!abort
i
y|Q (⇤)
By definition of History translation and (*), we have:
qco .
k
!abort
i
y= Li 7! k(?)M by definition
LH1
M | Li 7! k(?)M = LH1
, i 7! k(?)M by definition
LH1
, i 7! k(?)M = LH2
M by Assumption 2
LH1
M |P | Lk0Mi ! LH2
M |Q by definition
which proves the second case.
Proposition D.10 (Prop. E.5). Suppose P 2 LAct
3
and (H1
B P )⌧�!
�
(H2
BQ); then LH
1
M |P ! LH2
M |Q.
3 Similarly, this proposition is true even when P 2 LAct[⌦ .
Bisimulations for Communicating Transactions 33
Proof. Let us prove it by induction on the derivation (H1
B P )⌧�!
�
(H2
B Q).Assume that:
1. (H1
B P )⌧�!
�
(H2
B Q)
We have to show that LH1
M |P ! LH2
M |Q.Condition 1 can only be derived by the rules LTS⌧ , LTSk(⌧), LTSnew, LTSco
and LTSab. Let us analyse each case.
LTS⌧ , LTSk(⌧): According to these rules, either P⌧�!
�
Q or Pk(⌧)���!
�
Q. Moreover, thehistory is not changed by this transition, except for a �-renaming; thusH
2
= H1
� (*).Whether P does a ⌧ or a k(⌧) does not matter, because in either case Pperforms just a �! transition. Thus we have:
LH1
M |P �! LH1
M� |Q by rule ParL
LH1
M |P �! LH1
�M |Q by Lemma D.1
LH1
M |P �! LH2
M |Q by (*)
which proves the case.
LTSnew: According to this rule, the history is untouched, i.e. H1
= H2
, and Pnew��! Q
(*). Since new is a � action, we can use rule ParL to derive:
LH1
M |P �! LH1
M |Q by (*)
LH1
M |P �! LH2
M |Q because H1
= H2
which proves the case.
LTSco: According to this rule Pcok��! Q (*) and H
2
= H1
\co
k. From these informa-tion, the following chain of deductions holds:
LH1
M |P �! LH2
M |Q this is what we need to show
LH1
M |P �! LH1
\co
kM |Q because H2
= H1
\co
k
LH1
M |P cok��! LH1
\co
kM |Q because of rule ?
LH1
M cok��! LH1
\co
kM or k ] LH1
M by rule TrBroadcast or
TrIgn, and (*)
Let us prove the last statement by induction on the size of history H1
.Suppose that H
1
only contains no elements. Then LH1
M = L;M = 0. Sincek ] 0, the base case is proved. Let us now prove the inductive step. Suppose
34 V. Koutavas, C. Spaccasassi, M. Hennessy
that, for H1
of size n, LH1
M cok��! LH1
M\co
k or k ] LH1
M. We must show that
(LH1
, n+ 1 7! l(a)M cok��! L(H1
, n+ 1 7! l(a))\co
kM) or k ] LH1
, n+ 1 7! l(a)M.By Lemma D.2 and D.4, LH
1
, n+ 1 7! l(a)M\co
= LH1
M\co
| Ln+ 1 7! l(a)M\co
.
Thus, omitting the index n+1, we actually need to show that (LH1
M | Ll(a)M cok��!LH
1
M\co
k | Ll(a)M\co
k) or k ] LH1
M, Ll(a)M. We will prove this, by analysingeach form that l(a) can take, which is either ab, a, ?, l(a) or l(?).If l(a) = ab, then LabM = Lab\
co
kM = !abort
n+1
and obviously k ] !abort
n+1
. If
LH1
M cok��! LH1
\co
kM, then LH1
M | LabM cok��! LH1
\co
kM | Lab\co
kM by rule TrIgn.If k ] LH
1
M, then k ] LH1
M,!abort
n+1
. The same analysis holds if l(a) = a, sinceLaM = !commit
n+1
, and similarly for l(a) = ?. If l(a) and l 6= k, then k ] Ll(a)M,and we can prove this case by rule TrIgn, as for the previous cases.Suppose that l = k now. If l(a) = k(a), then Lk(a)M =
qco |!commit
ai
.k
!abort
i
y
and Li 7! l(a)M can perform a cok action:
qco |!commit
ai
.k
!abort
i
ycok��! !commit
ai
by the TrCo rule
Lk(a)M cok��! LaM by definition of Translation
Lk(a)M cok��! L(k(a))\co
kM by definition of \co
If LH1
M cok��! LH1
\cok
M, then this case can be proved by rule TrBroadcast
on the last deduction. If k ] LH1
M, then prove this case by rule TrIgn
on the last deduction. The proof for the case l(a) = k(?) is similar. SinceLk(?)M =
qco .
k
!abort
i
y, we can deduce that:
qco .
k
!abort
i
ycok��! 0 by the TrCo rule
Lk(?)M cok��! L?M by definition of Translation
Lk(?)M cok��! Lk(?)\co
kM by definition of \co
We now prove this case as we did for the previous case, using rule TrBroad-
cast and TrIgn on the last deduction and the inductive hypothesis.Having proved all sub-cases, and this case is proved.
LTSab: According to this rule Pabk��! Q (*) and H
2
= H1
\ab
k. From these informa-tion, the following chain of deductions holds:
LH1
M |P �! LH2
M |Q this is what we need to show
LH1
M |P �! LH1
\ab
kM |Q because H2
= H1
\ab
k
LH1
M |P abk��! LH1
\ab
kM |Q because of rule ?
LH1
M abk��! LH1
\ab
kM or k ] LH1
M by rule TrBroadcast or
TrIgn, and (*)
Let us prove the last statement by induction on the size of History H1
.
Bisimulations for Communicating Transactions 35
If H1
has size 0, then it is empty and its translation is 0. Thus k ] LH1
M,which proves the base case. Let us consider the case in whichH
1
has size n+1.
We need to show that (LH1
, n+ 1 7! l(a)M abk��! L(H1
, n+ 1 7! l(a))\ab
kM) or k ]LH
1
, n+ 1 7! l(a)M. By similar considerations as in the previous LTSco case
using Lemma D.2 and D.5 this time, we actually need to show that (LH1
M | Ll(a)M abk��!LH
1
\ab
kM | Ll(a)\ab
kM) or k ] LH1
M, Ll(a)M. By inductive hypothesis, assume
that LH1
M abk��! LH1
\ab
kM or k ] LH1
M. Let us analyse case by case l(a). Ifl(a) = ab, then LabM = Lab\
ab
kM = !abort
i
, and obviously k ] !abort
i
. If
LH1
M abk��! LH1
\ab
kM, then this case can be proved by rule TrIgn. If k ] LH1
M,then obviously k ] LH
1
M,!abort
i
.Suppose that l(a) = a. Then a\
ab
= a, and k ] LaM because LaM = !commit
ai
.The same also analysis holds if l(a) = l(a) or l(?), with l 6= k, becausel(a)\
ab
k = l(a) and k ] Ll(a)M. We can use rules TrBroadcast and TrIgn
to prove this case, as we have done previously. If l(a) = k(a) and k = l, thenthe case can be proved as in the case l(a) = ab, because k(a)\
ab
k = ab.Having proved proved all sub-cases, case LTSab is proved too.
Proposition D.11 (Prop. E.6). Suppose P,Q 2 LAct
and LH1
M | Lk0Mi |P !�LH
2
M |Q with H2
= H1
, (i 7! k(a)) and k0 ] k,H1
, P ; then (H1
B P )k�!
�
(H2
BQ).
Proof. Let us prove this proposition by induction on the transition LH1
M | Lk0Mi |P !LH
2
M |Q.Let us assume that:
1. P,Q 2 LAct
2. LH1
M | Lk0Mi |P ! LH2
M� |Q3. H
2
= H1
, (i 7! k(a))4. k0 ] k,H
1
, P
We have to prove that (H1
B P )k�!
�
(H2
B Q).
Starting from Assumption 2, we can deduce the following:
LH1
M | Lk0Mi |P ! LH2
M |Q this is Assumption 2
LH1
M | Lk0Mi |P ! LH1
, i 7! k(a)M |Q by Assumption 3
LH1
M | Lk0Mi |P ! LH1
M | Li 7! k(a)M |Q by Lemma D.2
LH1
M | Lk0Mi |P ⌧�!�
LH1
M� | Li 7! k(a)M� |Q or
LH1
M | Lk0Mi |P k(⌧)���! LH1
M� | Li 7! k(a)M� |Q by the rules in 6
Lk0Mi |P ⌧�!�
Li 7! k(a)M� |Q or
Lk0Mi |P k(⌧)���! Li 7! k(a)M� |Q by rule ParL and Assumption 4
36 V. Koutavas, C. Spaccasassi, M. Hennessy
Recall that:
LkMi =tco |
X
a2Act
a.!commit
ai
!
+ !before
i
+ ⌧.0 .k
!abort
i
|,
Li 7! k(a)M =qco |!commit
ai
.k
!abort
i
yand
Li 7! k(?)M =qco .
k
!abort
i
y
Notice that Lk0M cannot perform a pure ⌧ action, because it is a transaction.We can thus exclude that Lk0Mi |P ⌧�!
�
Li 7! k(a)M� |Q can happen in the lastdeduction, and only assume that:
Lk0Mi |P k(⌧)���! Li 7! k(a)M� |Q because Lk0M cannot perform a ⌧
Let us now analyse this last deduction case by case, depending on which forma can take, that is, if a = a or a = ⇤. If a = a, then we have:
Lk0Mi |P k(⌧)���! Li 7! k(a)M� |Q this is the last deduction
Lk0Mi |P k(⌧)���! Li 7! k(a)M� |Q because a = a
Lk0Mi |P k(⌧)���!qco |!commit
ai
.k
!abort
i
y� |Q by definition of Translation
Lk0Mi |P k(⌧)���!qco |!commit
ai
.k
!abort
i
y|Q by Assumtion 4 and Lemma D.8
Pk(a)���! Q by the premises of TrSync, which is
the only rule that can be applied here
(H1
B P )k�!
�
(H2
B Q) by rule LTSk(a)
which proves the case.Suppose now that a = ?. Then we can derive:
Lk0Mi |P k(⌧)���! Li 7! k(a)M� |Q this is the previous deduction
Lk0Mi |P k(⌧)���! Li 7! k(?)M� |Q because a = ?
Lk0Mi |P k(⌧)���!qco .
k
!abort
i
y� |Q by definition of Translation
P = Q because the only possible case is that Lk0Mi
takes a ⌧ step, and thus P does not change
If P = Q and a = ?, then we can immediately derive that (H1
B P )k�!
(H1
, k(⇤) B P ) by rule LTS?, which proves the theorem.
Bisimulations for Communicating Transactions 37
Proposition D.12 (Prop. E.7). Suppose P 2 LAct
and LH1
M |P ! LH2
M |Q;
then for some �: (H1
B P )⌧�!
�
(H2
B Q).
Proof. Let us prove this proposition by induction on transitions LH1
M |P �!LH
2
M |Q.
Let us assume that:
1. LH1
M |P �! LH2
M |Q2. P 2 L
Act
3. ftn(H1
) ✓ ftn(P )
We need to show that 9�.(H1
B P ) �! ⌧�
(H2
B Q).According to rules ?, ? and ? either one of these three cases is possible:
1. LH1
M |P ⌧�! LH2
M |Q2. LH
1
M |P k(⌧)���! LH2
M |Q3. LH
1
M |P k(�)���! LH2
M |Q
Let us analyse each case separately.
Case 1) Looking at the LTS, there are 6 rules that can produce a ⌧ transition:CCSsum, CCSsync, CCSrec, TrTau, Restr and ParL. Let us analyse eachcase separately.
CCSsum: Since LH1
M |P is not a sum, this case is invalid.CCSsync: This case is invalid as well. In fact, by Lemma D.6 LH
1
M cannot producethe pure a action required by the premises, if a 2 L
Act
. If it producesa barb ! 2 L
⌦
, then P cannot produce a complementary barb actionbecause of Assumption 2. Thus this case is invalid.
CCSrec: This case is invalid too, because LH1
M |P is not in the shape of a recursiveconstruct.
TrTau: This case is invalid too, because CCSsync is not in the form of a trans-action.
Restr: This case is invalid as well, because CCSsync is not in the form of arestriction.
ParL: This rule is symmetric: in one case it is the operand on the left-hand sideof the parallel to perform an ↵ action, in the other it is the right-handside. The first case is invalid, because, as we have argued for the caseCCSsync using Lemma D.6 and Assumption 2.
Let us consider the second case. By the premise and side condition ofrule ParL, we have that P
↵�!�
P 0 (*) and range(�) ] Q. From theconsequences of this rule, we gather that H
2
= H1
�(**). Remember alsothat we are considering the case in which LH
1
M |P can perform a ⌧ action,thus we consider ↵ = ⌧ in this case. Given this considerations, we canapply rule LTS⌧ on (*) and H
1
to obtain directly that (H1
B P )⌧�!
(H2
B Q), which proves the case (since we can use the � from (*)).
38 V. Koutavas, C. Spaccasassi, M. Hennessy
Case 2) Looking at the LTS, there are 5 rules that can produce a ⌧ transition: TrSum,TrAct, TrSync, Restr and ParL. As in the previous case, not all cases canbe applied to LH
1
M |P , because Assumption 1 does not match the syntaxrequired in the rules. In particular, rules TrSum, TrAct and Restr cannotbe applied. Moreover, the case for rule ParL can be demonstrated exactly asin Case 1), because rule LTS⌧ acts on ⌧ and k(⌧) actions indiscriminately.Thus we shall only consider rule TrSync.
TrSync: This case is invalid as well. As we have already reasoned in Case 1) forrule CCSsync, by Lemma D.6 any translation of H
1
cannot produce anaction a or k(a), for a 2 Act. P cannot perform barb actions ! 2 L
⌦
either by Assumption 2. Thus, there is no action a on which LH1
M andP can synchronise, and thus this case is invalid too.
Case 3) Looking at the LTS, there are 6 rules that can produce a � transition: TrCo,TrAb, TrNew, TrBroadcast, TrIgn and TrRestrBeta. Looking atthe syntax, we can notice straightaway that we cannot apply rules TrCo,TrAb, TrNew and TrRestrBeta. Thus we need only concentrate onrules TrBroadcast, TrIgn. Moreover, the action � in rule ? can be eithercok, abk or new k. Let us analyse each case separately.
TrBroadcast: According to the premises of this rule, LH1
M ��! LH 01
M (*) and P��! P 0
(**), where � 2 {cok, abk}. Let us analyse the cases in which � = cokand � = abk:
� = cok: To prove the main theorem, we can apply rule LTSco using (**); butwe must prove that LH
2
M = LH1
\co
kM. We can prove by induction onthe length of history H
1
, assuming (*).Let us consider the case of length zero. The translation of the emptyhistory is the nil process 0, which cannot perform a cok action, thusbreaking assumption (*). The base case is thus trivial. Let us nowassume that the length of history H
1
is n+1, with H1
= (H 01
, n+1 7!l(a)), and that, if LH 0
1
M cok��! LH 02
M, then H 02
= H 01
\co
k. Notice that:
LH1
M = LH 01
, n+ 1 7! l(a)M by definition of H1
LH1
M = LH 01
M | Ll(a)M by Lemma D.2
We need to analyse two further cases for transaction names l and k,one in which l 6= k, and one in which l = k:
l 6= k: In this case, the only applicable rule to obtain (*) is rule TrIgn,
from which we infer that LH 01
M | Ll(a)M cok��! LH 02
M | Ll(a)M. From thisconsideration, we have:
LH 02
M | Ll(a)M = LH 01
M\co
k | Ll(a)M by inductive hypothesis
= LH 01
M\co
k | Ll(a)\co
kM by def. of \co
and because l 6= k
= L(H 01
, l(a))\co
kM by Lemma D.2 and D.4
= LH1
\co
kM by inductive hypothesis
which proves the case.
Bisimulations for Communicating Transactions 39
l = k: In this case, we notice that:
(1) LH1
M = LH 01
M |qco |!commit
an+1
.k
!abort
n+1
yif a = a
(2) LH1
M = LH 01
M |qco .
k
!abort
n+1
yif a = ?
This time the only applicable rule TrBroadcast, thus both theright-hand side transactions in (1) and (2) have to commit. Inthe first case, we have:
LH1
M = LH 01
M |qco |!commit
an+1
.k
!abort
n+1
ythis is case (1)
LH 01
M |qco |!commit
an+1
.k
!abort
n+1
ycok��! LH 0
2
M |!commit
an+1
by rule TrBroadcast
LH2
M = LH 02
M |!commit
an+1
by the previous deduction
LH2
M = LH 02
M | Ln+ 1 7! aM by definition of translation
LH2
M = LH 02
M | Ln+ 1 7! k(a)\co
kM by definition of \co
LH2
M = LH 01
\co
kM | Ln+ 1 7! k(a)\co
kM by inductive hypothesis
LH2
M = L(H 01
, n+ 1 7! k(a))\co
kM by Lemma D.2 and D.4
LH2
M = LH1
\co
kM by hypothesis
which proves the main theorem for case (1). Let us prove case(2):
LH1
M = LH 01
M |qco .
k
!abort
n+1
ythis is case (2)
LH 01
M |qco .
k
!abort
n+1
ycok��! LH 0
2
M | 0 by rule TrBroadcast
LH2
M = LH 02
M | 0 by the previous deduction
LH2
M = LH 02
M | Ln+ 1 7! ?M by definition of translation
LH2
M = LH 02
M | Ln+ 1 7! k(?)\co
kM by definition of \co
LH2
M = LH 01
\co
kM | Ln+ 1 7! k(?)\co
kM by inductive hypothesis
LH2
M = L(H 01
, n+ 1 7! k(?))\co
kM by Lemma D.2 and D.4
LH2
M = LH1
\co
kM by hypothesis
which proves the main theorem for case (2).� = abk: To prove the main theorem, we can apply rule LTSab using (**); but
we must prove that LH2
M = LH1
\ab
kM. We can prove by induction onthe length of history H
1
, assuming (*).Let us consider the case of length zero. Again, the base case in whichthe history is empty is trivial, since its translation is the inert process0, which cannot perform an abk action; this breaks assumption (*).
40 V. Koutavas, C. Spaccasassi, M. Hennessy
Let us now assume that the length of history H1
is n+1, with H1
=
(H 01
, n + 1 7! l(a)), and that, if LH 01
M abk��! LH 02
M, then H 02
= H 01
\ab
k.Again, note that:
LH1
M = LH 01
, n+ 1 7! l(a)M by definition of H1
LH1
M = LH 01
M | Ll(a)M by definition of translation
and again we have to analyse the case in which l 6= k and in whichl = k. Let us analyse each case:
l 6= k: In this case, the only applicable rule to obtain (*) is rule TrIgn,
from which we infer that LH 01
M | Ll(a)M abk��! LH 02
M | Ll(a)M. From thisconsideration, we have:
LH 02
M | Ll(a)M = LH 01
M\ab
k | Ll(a)M by inductive hypothesis
= LH 01
M\ab
k | Ll(a)\ab
kM by definition of \ab
when l 6= k
= L(H 01
, l(a))\co
kM by Lemma D.2 and D.5
= LH1
\ab
kM by inductive hypothesis
which proves the case.l = k: In this case, we notice that:
(1) LH1
M = LH 01
M |qco |!commit
an+1
.k
!abort
n+1
yif a = a
(2) LH1
M = LH 01
M |qco .
k
!abort
n+1
yif a = ?
The only applicable rule in this case isTrBroadcast, thus boththe right-hand side transactions in (1) and (2) have to abort. Thistime it does not matter whether we are in case (1) or (2), because
in both cases Lk(a)M abk��! !abort
n+1
. Thus we have:
LH1
M = LH 01
M | Ll(a)M this is our hypothesis
LH 01
M | Ll(a)M abk��! LH 02
M |!abort
n+1
by rule TrBroadcast
LH2
M = LH 02
M |!abort
n+1
by the previous deduction
LH2
M = LH 02
M | Ln+ 1 7! abM by definition of translation
LH2
M = LH 02
M | Ln+ 1 7! k(a)\ab
kM by definition of \ab
LH2
M = LH 01
\ab
kM | Ln+ 1 7! k(a)\ab
kM by inductive hypothesis
LH2
M = L(H 01
, n+ 1 7! k(a))\ab
kM by Lemma D.2 and D.5
LH2
M = LH1
\ab
kM by hypothesis
which proves the case.TrIgn: This is a symmetric rule, so according to the premises, we have two
cases:1) � ] H
1
and P��! Q
Bisimulations for Communicating Transactions 41
2) � ] P and H1
��! H2
Case 2) is not applicable. In fact, if � ] P , then � ] H1
by Assumption3. Thus we only have Case 1) to prove. This case is easily provedby applying either rule LTSco, LTSab or LTSnew. Just notice thatH
1
\co
k = H1
\ab
k = H1
by definition of the respective operationswhen k 2 � ] H
1
. This case is thus proved.
Proposition D.13 (Prop. E.8). Let LH1
M |P ⇠=rbe
LH 01
M |P 0with
P, P 0 2 LAct H1
, H 01
compatible i 62 dom(H1
)
1. if LH1
M | LkMi |P ! LH2
M |Q then there exist H 02
and Q0 2 LAct
such that
LH 01
M | LkMi |P 0 ) LH 02
M |Q0 LH2
M |Q ⇠=rbe
LH 02
M |Q0 H2
, H 02
compatible
2. if LH1
M |P ! LH2
M |Q then there exist H 02
and Q0 2 LAct
such that
LH 01
M |P 0 ) LH 02
M |Q0 LH2
M |Q ⇠=rbe
LH 02
M |Q0 H2
, H 02
compatible
Proof. Let us prove each case separately.
Case 1: Assume that:1. LH
1
M |P ⇠=rbe
LH 01
M |P 0
2. P, P 0 2 LAct
3. H1
, H 01
compatible4. H
2
= H1
, i 7! k(a)5. i 62 dom(H
1
)6. LH
1
M | LkMi |P ! LH2
M |Q
We need to find H 02
and Q0 2 LAct
such that:1. LH 0
1
M |P 0 | LkMi ) LH 02
M |Q0
2. LH2
M |Q ⇠=rbe
LH 02
M |Q0
3. H2
, H 02
compatibleBecause the processes in Assumption 1) are reduction barbed equivalent,they must continue to be so under any other context R. If we take R = LkMi,we have:
LH1
M |P ⇠=rbe
LH 01
M |P 0 by Assumption 1
LH1
M |P | LkMi ⇠=rbe
LH 01
M |P 0 | LkMi by Condition 4 of rbe
LH1
M | LkMi |P ⇠=rbe
LH 01
M | LkMi |P 0 transitions in the LTS commute over parallel
By Condition 2 of reduction barbed equivalence, Assumption 1 and 6 implythat LH 0
1
M | LkMi |P 0 ) Z (*) and LH2
M |Q ⇠=rbe
Z (**). Let us find out howZ is composed. By repeatedly applying Lemma D.7 on (*), we can derivethat Z = LH 00
2
M |Z 0. Moreover, by Assumption 2, we have that the barbs inLH 0
1
M cannot be synchronise neither LkMi nor P 0, thus we can infer that H 002
42 V. Koutavas, C. Spaccasassi, M. Hennessy
has the same barbs as H 01
; by Assumption 3, we have that H 002
is compatiblewith H
1
.We will now argue that Z 0 = Li 7! l(a)M |Q0, for some transaction name l. ByAssumption 4, we have that LH
2
M = LH1
M | Lk(a)M. We have to distinguish twocases, one in which k(a) = k(a) and one in which k(a) = k(?). If k(a) = k(a)first we can rewrite (**) as LH
1
M |qco |!commit
ai
.k
!abort
i
y|Q ⇠=
rbe
LH 002
M |Z 0.Thus we have that the left-hand side of (**) can perform + !commit
ai
and+ !abort
ai
. Since they are reduction barbed equivalent, the right-hand side of(**) must be able to perform the same barbs. Recall that by Assumption 2processes P and P 0 cannot contribute barbs; moreover, by Assumption 5 andsince H
1
and H 002
are compatible, H 002
cannot contribute these barbs. Thusonly Lk0Mi can contribute them. Because of this, for some transaction namel and depending on how LkMi is evaluated, Z 0 can take one of these forms:
1) !abort
ai
|Q0 if Lk0Mi is aborted2)
qco .
l
!abort
ai
y|Q0 if Lk0Mi performs a ⌧ step
3)rco |!before
i
.l
!abort
ai
z|Q0 if it chooses to perform !before
i
4)qco |!commit
bi
.l
!abort
ai
y|Q0with a 6= b if it performs a b action
5)qco |!commit
ai
.l
!abort
ai
y|Q0 if it performs an a action
Case 1 is impossible, because Z 0 would have the barb !abort
ai
, which the left-hand side of (**) does not have. Case 2 is not possible too, because if theleft-hand side of (**) commits, then Z 0 lacks the !commit
ai
barb. Case 3 isimpossible as well, because the left-hand side of (**) lacks the !before
i
barbin case of commit. Case 4 is impossible too, because the left-hand side of (**)lacks the !commit
bi
(recall that a 6= b) in case of commit. The only possibleoption is thus Case 5. The same analysis holds when k(a) = k(?), with theexception that Case 2 is the only possible one and Case 4 and 5 are collapsedinto a single case.We can now rewrite (**) as follows:
LH1
M | Li 7! k(a)M |Q ⇠=rbe
LH 002
M | Li 7! l(a)M |Q0 by previous deductions
LH2
M |Q ⇠=rbe
LH 002
M | Li 7! l(a)M |Q0 by Lemma D.2 and Assm. 4
LH2
M |Q ⇠=rbe
LH 02
M |Q0 by definition of translation
with H 02
= H 002
, i 7! l(a)
The last deduction proves Requirement 2 of the main theorem. Requirement1 is proved by (*), if we consider that Z = LH 0
2
M |Q0. Since H1
and H 002
arecomparable, and both Li 7! k(a)M and Li 7! l(a)M are not pure a transactionsand do not count towards compatibility, we have that H
2
is comparable withH 0
2
, which proves Requirement 3. All requirements are proved, and thus themain case is proved
Case 2: Assume that:
Bisimulations for Communicating Transactions 43
1. LH1
M |P ⇠=rbe
LH 01
M |P 0
2. P, P 0 2 LAct
3. H1
, H 01
compatible4. i 62 dom(H
1
)5. LH
1
M |P ! LH2
M |Q
We need to find H 02
and Q0 2 LAct
such that:1. LH 0
1
M |P 0 ) LH 02
M |Q0
2. LH2
M |Q ⇠=rbe
LH 02
M |Q0
3. H2
, H 02
compatible
By Condition 2 of reduction barbed equivalence, we can derive from As-sumption 5 that LH 0
1
M |P 0 ) Q00. By repeatedly applying Lemma D.7, we candeduce that Q00 = LH 0
2
M |Q0, for some H 02
and Q0. Thus LH 01
M |P 0 ) LH 02
M |Q0
(*). By Condition 2 of reduction barbed equivalence, we can also derive fromAssumption 5 that LH
2
M |Q ⇠=rbe
LH 02
M |Q0 (**). Consideration (*) and (**) re-spectively prove Point 1 and 2 of the main theorem.
There only remains to prove that H2
and H 02
are compatible. Recall thatH
2
and H 02
are compatible when the following property is satisfied:
8i 2 I.H2
(i) = a , H 02
(i) = a
To prove this, we need to analyse two directions:
)) H2
(i) = a implies H 02
(i) = a() H 0
2
(i) = a implies H2
(i) = a
Let us prove the first direction. Suppose that H2
(i) = a. Then LH2
(i)M =!commit
ai
, and thus LH2
M |Q + !commit
ai
. Because of (**), LH 02
M |Q0 + !commit
ai
. This
is only possible if there exists R and R0 such that LH 02
(i)M |Q0 ) R!
commit
ai�����! R0.By Assumption 2, we can deduce that Q0 2 L
Act
. Thus the process where an!commit
ai
barb occurs can only be H 02
(i). By the definition of history translation,there are only two possible cases: either H 0
2
(i) = a, or H 02
(i) = k(a). If thefirst is the case, the histories are compatible and the theorem is proven. Wewill now show that the second case leads to contradiction. In fact, suppose thatH 0
2
(i) = k(a). Then LH2
(i)M =qco |!commit
ai
.k
!abort
i
y. Because of this, we have
that LH 02
M |Q0 + !abort
i
. But notice now, that LH2
M |Q 6+ !abort
i
, because thetranslation LH
2
(i)M = !commit
ai
, which does not contain the barb !abort
i
. Thuswe have that LH
2
M |Q 6⇠=rbe
LH 02
M |Q0, since they have di↵erent barbs. But thiscontradicts (**), thus we must reject that H 0
2
(i) = k(a). This finishes the prooffor the first direction. The proof for the second direction is symmetric.
E Completeness of Weak Bisimulation
LAct]⌦
?
44 V. Koutavas, C. Spaccasassi, M. Hennessy
Definition E.1 (Translation of k-transition).
LkMi =tco |
X
a2Act
a.!commit
ai
!
+ !before
i
+ ⌧.0 .k
!abort
i
|
Definition E.2 (Translation of a History).
L;M = 0LH, (i 7! k(a))M = LHM | Li 7! k(a)M
Li 7! k(a)M =qco |!commit
ai
.k
!abort
i
y
Li 7! aM = !commit
ai
Li 7! k(?)M =qco .
k
!abort
i
y
Li 7! ?M = 0Li 7! abM = !abort
i
To prove completeness we will need the following propositions.
Proposition E.3. If P 2 LAct
and (H1
B P )⇣�!
�
(H2
B Q) then Q 2 LAct
,
and when ⇣ = k, there exist i, a such that H2
= H1
, (i 7! k(a)).
Proof. Trivial, by induction on the transition. ut
Proposition E.4. Suppose P 2 LAct
4
and (H1
B P )k�!
�
(H2
B Q) with H2
=H
1
, (i 7! k(a)) and k0 ] k,H1
, P ; then LH1
M |P | Lk0Mi ! LH2
M |Q.
Proposition E.5. Suppose P 2 LAct
5
and (H1
B P )⌧�!
�
(H2
B Q); then
LH1
M |P ! LH2
M |Q.
Proposition E.6. Suppose P,Q 2 LAct
and LH1
M |P | Lk0Mi ! LH2
M |Q with
H2
= H1
, (i 7! k(a)) and k0 ] k,H1
, P ; then for some �: (H1
B P )k�!
�
(H2
BQ).
Proposition E.7. Suppose P 2 LAct
and LH1
M |P ! LH2
M |Q; then for some �:
(H1
B P )⌧�!
�
(H2
B Q).
Proposition E.8. Let LH1
M |P ⇠=rbe
LH 01
M |P 0with
P, P 0 2 LAct H1
, H 01
consistent i 62 dom(H1
)
1. if LH1
M |P | LkMi ! LH2
M |Q then there exist H 02
and Q0 2 LAct
such that
LH 01
M |P 0 | LkMi ) LH 02
M |Q0 LH2
M |Q ⇠=rbe
LH 02
M |Q0 H2
, H 02
consistent
4 I think this proposition is true even when P 2 LAct[⌦ .
5 Similarly, this proposition is true even when P 2 LAct[⌦ .
Bisimulations for Communicating Transactions 45
2. if LH1
M |P ! LH2
M |Q then there exist H 02
and Q0 2 LAct
such that
LH 01
M |P 0 ) LH 02
M |Q0 LH2
M |Q ⇠=rbe
LH 02
M |Q0 H2
, H 02
consistent
Definition E.9 (Relation X ).
X= {((H B P ), (H 0 B P 0)) | P, P 2 LAct
, H,H 0consistent, LHM |P ⇠=
rbe
LH 0M |P 0}
Theorem E.10 (Completeness). X is a weak bisimulation.
Proof. Let (H1
B Q) X (H 01
B Q0); we need to show that the conditions ofDef. 3.7 are satisfied. The first condition is true by construction of X . Thesecond is trivially true because X only contains processes in L
Act
. We only needto show the third condition of the definition (and its converse, which we omithere).
Let (H1
B P )⇣�!
�
(H2
B Q). We take cases on this transition:
1. ⇣ = k:
(H1
B P )k�!
�
(H2
B Q)
by Prop. E.3, 9i, a : Q 2 LAct
H2
= H1
, (i 7! k(a))
by Prop. E.4, for fresh k0 : LH1
M |P | Lk0Mi ! LH2
M |Qby Prop. E.8(1), 9H 0
2
, Q0 2 LAct
: LH 01
M |P 0 | Lk0Mi ) LH 02
M |Q0
LH2
M |Q ⇠=rbe
LH 02
M |Q0
H2
, H 02
consistent
thus 9l, b : H 02
= H 002
, (i 7! l(b))
by Prop(s). E.6 and E.7 (repeatedly), 9�0 : (H 01
B P 0)⌧
=)�
0 (H 02
B Q0)
and by Def. E.9 : (H2
B Q) X (H 02
B Q0)
2. ⇣ = ⌧ :
(H1
B P )⌧�!
�
(H2
B Q)
by Prop. E.3 : Q 2 LAct
by Prop. E.5 : LH1
M |P ! LH2
M |Qby Prop. E.8(2), 9H 0
2
, Q0 2 LAct
: LH 01
M |P 0 ) LH 02
M |Q0
LH2
M |Q ⇠=rbe
LH 02
M |Q0
H2
, H 02
consistent
by Prop. E.7 (repeatedly), 9�0 : (H 01
B P 0)⌧
=)�
0 (H 02
B Q0)
and by Def. E.9 : (H2
B Q) X (H 02
B Q0) ut
Corollary E.11 (Top-Level Completeness). For any P,Q 2 LAct
, if P ⇠=rbe
Q then P ⇡ Q.
Proof. Let P,Q 2 LAct
and P ⇠=rbe
Q. Then (; B P ) X (; B Q) by Def. E.9. ByThm. E.10, X is a weak bisimulation, and therefore (; B P ) ⇡ (; B Q); thusP ⇡ Q.
Recommended