· 16 V. Koutavas, C. Spaccasassi, M. Hennessy A Additions to Previous Sections A.1 Addition to Section 2 Deﬁnition of Local Commit ( co): We now explain the e↵ect of commits

16 V. Koutavas, C. Spaccasassi, M. Hennessy

A Additions to Previous Sections

A.1 Addition to Section 2

Definition of Local Commit ( co

): We now explain the e↵ect of commits on asingle active transaction k. An active transaction can initiate a commit whenit contains a top level co keyword. In this case the alternative process and thetransactional construct itself are removed as per rule TrCo. Additionally, thisoperation removes all occurrences of the co keyword from the body of the k-transaction, referring to the transaction. Any co inside an inner dormant trans-action are retained, since they refer to that inner transaction. The definition oflocal commits is given below:

P co

P 0

co.P co

P 0P

co

P 0 Q co

Q0

P |Q P 0 |Q0

8i 2 I.Pi

co

P 0i

⌃i 2 I

µi

.Pi

⌃i 2 I

µi

.P 0i

P co

P 0

⌫a.P co

⌫a.P 0

JP I QK JP I QK

The following lemmas show under which assumptions �-substitutions, whichimplement merging, leave transitions una↵ected.

Lemma A.1. Suppose P⌧�!

"

Q; then �(P )⌧�!

"

�(Q). ut

Lemma A.2. Suppose P⇣�!

�

Q; then dom(�) ] Q. ut

Lemma A.3. Suppose Pk(µ)��!e

l 7!k

Q and range(�) ] P, k. Then

�(P )�(k)(µ)��!

�(

el) 7!�(k)

�(Q) ut

Lemma A.4. Suppose P��! Q and range(�) ] P . Then

1. if � ] �: �(P )��! �(Q);

2. if � = abk or cok and � = �0 · (k 7! l) and k, l ] �0: �(P )

�(�)��! �(Q).


Proof. (Lem. 3.8) Similar to the proof of Lem. A.14. ut

Proof. (Lem. 3.9) Similar to the proof of Lem. A.16. ut

Bisimulations for Communicating Transactions 17


Strong consistency is an equivalence relation, which is a congruence and closedunder decomposition.

Lemma A.5 ((l) is an Equivalence). Strong consistency is an equivalence

relation; i.e., reflexive, symmetric, and transitive. ut

Lemma A.6 ((l) is a Congruence). Suppose H11

l H21

, and H12

l H22

,

and (H11

, H12

) and (H21

, H22

) are defined. Then (H11

, H12

) l (H21

, H22

). ut

Lemma A.7 ((l) is Decomposable). Suppose (H11

, H12

) l (H21

, H22

) withdom(H

11

) = dom(H21

). Then H11

l H21

, and H12

l H22

. ut

Substitution preserves strong consistency.

Lemma A.8. For any H and �, H l �(H). ut

Transitions that preserve a history part, up to strong consistency, do notcommit or abort transactions in this part.

Lemma A.9. Suppose (H1

, H2

B P )⌘�! (H 0

1

, H3

B P 0) and H1

l H 01

. Then

there exists name substitution � such that H 01

= �(H1

) and range(�) ] H1

, H2

, P .

ut


, H2

B P )⌘1�! (H 0

1

, H3

B P 0)⌘2�! (H 00

1

, H4

B P 00)and H

1

l H 001

and dom(H1

) = dom(H 01

). Then H1

l H 01

. ut

Lemma A.11. Suppose (H B P )k(a)��! (H 0, k(a) B Q) and k ] H 0

; then H =H 0

. ut


, H2

B P )⌘�! (H 0

1

, H 02

, H 03

B Q) and dom(H1

) =dom(H 0

1

) and dom(H2

) = dom(H 02

) and H 01

] H 02

; then H1

] H2

. ut


, H1

B P )⌘�! (�(H

0

), H 01

B Q) and Nfr

] H1

, P, ⌘.Moreover, suppose (H

1

, H2

) is defined and ftn(H2

, R) ✓ ftn(H0

) [ Nfr

. Then

(H1

, H2

B P |R)⌘�! (H 0

1

,�(H2

) B Q |�(R)). ut

Predictive bisimulations and ⌘-transitions are preserved by fresh renamings.

Lemma A.14 (⌘-Equivariance). If C ⌘�! C0then Cr

fr

⌘r

fr��! C0rfr

. ut

Corollary A.15. If Crfr

⌘�! C0then C

⌘r

�1fr��! C0r�1

fr

where r�1

fr

is the inverse

renaming of rfr

.

Proof. By recalling that for each r with range(r) ] C, the inverse renaming r�1

has the property that range(r�1) = dom(r) ] Cr. ut

Lemma A.16 (Equivariance of (⇡prd

)). If C ⇡prd

D then C ⇡prd

Drfr

.


Proof. By showing that the relation

R def= {(C, Dr

fr

) | C ⇡prd

D, range(rfr

) ] D}

is a weak predictive bisimulation using Lem. A.14 and Cor. A.15. ut

The following three lemmas show that merging transactions only a↵ects theirability to commit and abort.

Lemma A.17. Suppose (H B P )k(µ)��! (H 0 B P 0), and

ei 2 dom(H) with

ftn(H(i1

), . . . , H(in

)) = el, and � = el 7! kfr

with kfr

fresh (� merges the transac-

tions

el mentioned in positions

ei of H). Then there exist k0 ] H,P and k0fr

] H 0, P 0

such that

(�(H) B �(P ))k

0(µ)��! (�0(H 0) B �0(P 0))

for �0 = el0 7! k0fr

with ftn(H 0(i1

), . . . , H 0(in

)) = el0.

Proof. We show only the proof for the case of a k(⌧)-transition; the case of a

k(a)-transition is similar. The transition is derived by LTS

0k(⌧): Pk(⌧)��!

�

00 P 0

and k ] H and H 0 = �00(H) and �00 = el00 7! k. Also, k ] P, kfr

. We consider twomutually exlusive cases:

1. For all i 2 ei we have H(i) = H 0(i): This means that el ] el00 (because all elappear in some of the H(i)). In this case � and �0 commute and we easily

derive �(P )k(⌧)��!

�

00 �(P 0) and (�(H) B �(P ))k(⌧)��! (�(H 0) B �(P 0)). This

case of the proof is completed by taking k0 = k, k0fr

= kfr

, and �0 = �.

2. There exists i 2 ei such that H(i) 6= H 0(i): It must be H(i) = l1

(a) and

H 0(i) = k(a), for some l1

and a. Thus there must be l001

2 el00 such that

l1

= l001

. We take fresh k0fr

and let �(3) = (kfr

, (el00 \ l001

)) 7! k0fr

and �0 = (k, (el \l1

)) 7! k0fr

and derive

�(P )k

0fr

(⌧)��!�

(3) �0(P 0)

and �(3)(�(H)) = �0(�00(H)), from which we have (�(H) B �(P ))k

0fr

(⌧)��!(�0(H 0) B �0(P 0)), completing the proof. ut

Lemma A.18. Suppose (H B P )⌧�! (H 0 B P 0) and

ei 2 dom(H) with

ftn(H(i1

), . . . , H(in

)) = el, and � = el 7! kfr

with kfr

fresh. Moreover, for all

i 2 ei, H(i) l H 0(i) (the transactions


ei of H are not

committed or aborted in the transition). Then

(�(H) B �(P ))⌧�! (�(H 0) B �(P 0)) ut

Corollary A.19. Suppose (H B P )⌘

=) (H 0 B P 0) and

ei 2 dom(H) with

ftn(H(i1

), . . . , H(in

)) = el, and � = el 7! kfr

with kfr


i 2 ei, H(i) l H 0(i) (the transactions


ei of H are not


committed or aborted in the transition). Then there exists fresh renaming rfr

k0fr

] H 0, P 0such that

(�(H) B �(P ))⌘r

fr==) (�0(H 0) B �0(P 0))


with ftn(H 0(i1

), . . . , H 0(in

)) = el0. ut

The following two lemmas express the converse properties.

Lemma A.20. Suppose (�(H) B �(P ))⌧�! (H 0 B P 0) and

ei 2 dom(H) with

ftn(H(i1

), . . . , H(in

)) = el, and � = el 7! kfr

with kfr


i 2 ei, �(H)(i) = H 0(i) (the kfr

transaction mentioned in positions

ei of H is not

commited or aborted in the transition). Then there exist H 00and P 00

such that

for all i 2 ei, H(i) = H 00(i) and

H 0 = �(H 00) P 0 = �(H 00) (H B P )⌧�! (H 00 B P 00) ut

Lemma A.21. Suppose (�(H) B �(P ))k(µ)��! (H 0 B P 0) and

ei 2 dom(H) with

ftn(H(i1

), . . . , H(in

)) = el, and � = el 7! kfr

with kfr

fresh. Then there exist H 00,

P 00and k0 ] H,P and k0

fr

] H 00, P 00such that

H 0 = �0(H 00) P 0 = �0(H 00) (H B P )k

0(µ)��! (H 00 B P 00)


with ftn(H 00(i1

), . . . , H 00(in

)) = el0. ut

Weak predictive bisimilarity is closed under merging of transactions recordedin the history.

Proposition A.22. Consider the relation Y ✓ Conf

Act]⌦

⇥ Conf

Act]⌦

:

Y def

=n

((�1

(H1

) B �1

(P1

)), (�2

(H2

) B �2

(P2

)))�

�

�

9ei,el1

,el2

, kfr1

, kfr2

.(H

1

B P1

) ⇡prd

(H2

B P2

)

ftn(H1

(i1

), . . . , H1

(in

)) = el1

ftn(H2

(i2

), . . . , H2

(in

)) = el2

�1

= el1

7! kfr1

�2

= el2

7! kfr2

kfr1

, lfr2

] H1

, P1

, H2

, P2

o

Y is a weak predictive bisimulation.

Proof. Let (�1

(H1

) B �1

(P1

)) Y (�2

(H2

) B �2

(P2

)) with (H1

B P1

) ⇡prd

(H2

BP2

) and let ei,el1

,el2

, kfr1

, kfr2

with

ftn(H1

(i1

), . . . , H1

(in

)) = el1

ftn(H2

(i2

), . . . , H2

(in

)) = el2

�1

= el1

7! kfr1

�2

= el2

7! kfr2

kfr1

, lfr2

] H1

, P1

, H2

, P2

It su�ces to show that if (�1

(H1

) B �1

(P1

))⌘�! (H 0

1

B P 01

) then there exist

H 02

, P 02

such that (�2

(H2

) B �2

(P2

))⌘

=) (H 02

B P 02

) and (H 01

B P 01

) Y (H 02

B P 02

).

Let (�1

(H1

) B �1

(P1

))⌘�! (H 0

1

B P 01

). We proceed by case analysis on ⌘.


1. ⌘ = k(µ): by Lem. A.21 there exist H 001

, P 001

and k0 ] H1

, P1

and k0fr

] H 001

, P 001

such that

H 01

= �01

(H 001

) P 01

= �0(H 001

) (H1

B P1

)k

0(µ)��! (H 00

1

B P 001

)

for �01

= el01

7! k0fr1

with ftn(H 001

(i1

), . . . , H 001

(in

)) = el01

.From (⇡

prd

): there exists H 02

and P 02

such that

(H2

B P2

)k

0(µ)

===) (H 02

B P 02

) (H 01

B P 01

) ⇡prd

(H 02

B P 02

)

This case of the proof is completed by Cor. A.19.2. ⌘ = ⌧ : the case where ek

fr

is not commited or aborted in the transitionis proven by Lem. A.20 and Cor. A.19, similarly to the previous case. Inthe case where k

fr1

is commited in the transition, it must be that all of el1

can commit in (H1

B P1

). Thus, by (⇡prd

), all of el2

can weakly commit in(H

2

B P2

), and therefore (�2

(H2

) B �2

(H2

)) can weakly commit kfr2

. ut


When restricting relations to processes in LAct

theorems 4.5, 4.6, and 5.4 estab-lish the inclusions

(⇡) ✓ (⇡prd

) ✓ (⇠=rbe

) ✓ (⇡)

and therefore the equalities

(⇡) = (⇡prd

) = (⇠=rbe

)

Thus, besides (⇡prd

), relation (⇡) for processes in LAct

is also compositional.

Theorem A.23. If P ⇡ Q and ftn(R) ] P,Q and P,Q,R 2 LAct

then P |R ⇡Q |R.

B Proof of Theorem 4.6

As we saw in example (2) in the Introduction, a single transaction can be equiva-lent to multiple transactions forming a single logical transaction. Thus, to provecompositionality of (⇡

prd

) we need a general way to identify contexts with thesame structure but di↵erent transaction names. To do this we let g range oversets of transaction names and work with relations over such sets, ranged overby G. A singleton relation between such sets is definable from histories with thesame domain.

Definition B.1 (Singleton History Relation). If dom(H1

) = dom(H2

) then

hH1

;H2

i def

= {(ftn(H1

), ftn(H2

))}


We build composite history relations from singleton relations using a form ofseparating conjuction.

Definition B.2 (Composite History Relation). If (H11

, H12

) and (H21

, H22

)are defined histories (i.e., H

i1

and Hi2

have disjoint domains for i 2 {1, 2}), andH

11

] H12

and H21

] H22

, then

hH11

;H21

i � hH12

;H22

i def

= hH11

;H21

i [ hH12

;H22

i

A history relation is indivisible when its components cannot be separatedinto smaller parts with no overlapping transaction names.

Definition B.3 (Indivisible History Relation).

1. hH1

;H2

i is indivisible when there is no H11

, H12

, H21

, and H22

such that

H1

= H11

, H12

and H2

= H21

, H22

and hH11

;H21

i � hH12

;H22

i is defined.

2. hH11

;H21

i � . . .� hH1n

;H2n

i is indivisible when each hH1i

;H2i

i is indivis-

ible, and H1i

6= " and H2i

6= ", for all i 2 {1, . . . , n}.

The intuition of the above definition is that when hH1

;H2

i is indivisiblethen the names in H

1

form a single logical transaction—and similarly for thenames in H

2

. For example, R2

in Fig. 3 contains the histories (k1

(a), k2

(b)) and(k

1

(a), k1

(b)) which denotes the singleton relation

⌦�

k1

(a), k2

(b)�

;�

k1

(a), k1

(b)�↵

= {({k1

, k2

}, {k1

})}

This singleton relation expresses the intention that k1

and k2

represent the sametransaction in the left-hand side of the relation. Note that in another examplewe may have the indivisible history relation

⌦�

k1

(a), k1

(b), k2

(c)�

;�

l1

(a), l2

(b), l2

(c)�↵

= {({k1

, k2

}, {l1

, l2

})}

denoting that a single logical transaction corresponds to transactions k1

, k2

inthe left-hand side, and l

1

, l2

in the right-hand side of the relation.

An important property of strongly consistent histories is that there is a uniqueway for which they can form an indivisible history relation, given by the followingconstruction.1

1 We do not extend⌦⌦H1 ; H2

↵↵to simply consistent histories because they may relate

uncommitable k(a)-actions to ab-actions, complicating the definition and propertiesof this construction.


Definition B.4 (⌦⌦

H1

; H2

↵↵

). If H1

and H2

are strongly consistent, then we

define

⌦⌦

H1

; H2

↵↵

as follows:

⌦⌦

" ; "↵↵

def

= ;⌦⌦

(i 7! ab), H1

; (i 7! ab), H2

↵↵

def

=⌦⌦

H1

; H2

↵↵

⌦⌦

(i 7! a), H1

; (i 7! a), H2

↵↵

def

=⌦⌦

H1

; H2

↵↵

⌦⌦

(i 7! k(a)), H1

; (i 7! l(a)), H2

↵↵

def

=let

⌦⌦

H1

; H2

↵↵

= hH11

;H21

i � . . .� hH1n

;H2n

i inif k ] (

S

H1i

) and l ] (S

H2i

) then

h(i 7! k(a)); (i 7! l(a))i �⌦⌦

H1

; H2

↵↵

if 9m n s.t. k 2 ftn (H1m

) and l ] (S

H2i

) then

hH11

;H21

i � . . .� h(i 7! k(a)), H1m

; (i 7! l(a)), H2m

i � . . .� hH1n

;H2n

iif k ] (

S

H1i

) and 9m n s.t. l 2 ftn (H2m

) thenhH

11

;H21

i � . . .� h(i 7! k(a)), H1m

; (i 7! l(a)), H2m

i � . . .� hH1n

;H2n

iif 9m

1

,m2

n s.t. k 2 ftn (H1m1) and l 2 ftn (H

2m2) thenhH

11

;H21

i � . . .�⌦

H1(m1�1)

;H2(m1�1)

↵

�⌦

H1(m1+1)

;H2(m1+1)

↵

� . . .�⌦

H1(m2�1)

;H2(m2�1)

↵

�⌦

H1(m2+1)

;H2(m2+1)

↵

� . . .� hH1n

;H2n

i �h(i 7! k(a)), H

1m1 , H1m2 ; (i 7! l(a)), H2m1 , H2m2i

Note that w.l.o.g. in the last clause we assume m1

< m2

.

For any two strongly consistent histories the above construction defines theunique indivisible history relation derivable from the two strongly consistenthistories.

Lemma B.5. Suppose H1

and H2

are strongly consistent. Then there exist

H11

, . . . , H1n

and H21

, . . . , H2n

such that H1

= H11

, . . . , H1n

and H2

= H21

, . . . , H2n

and

⌦⌦

H1

; H2

↵↵

= hH11

;H21

i � . . . � hH1n

;H2n

i

which is an indivisible history relation.

Proof. By induction on the construction of⌦⌦

H1

; H2

↵↵

. ut

Lemma B.6. If (H11

, . . . , H1n

) and (H21

, . . . , H2n

) are defined histories and

hH11

;H21

i � . . .� hH1n

;H2n

i is an indivisible history relation then

hH11

;H21

i � . . .� hH1n

;H2n

i =⌦⌦

H11

, . . . , H1n

; H21

, . . . , H2n

↵↵

Proof. By induction on the number of components of hH11

;H21

i � . . .� hH1n

;H2n

i.To prove the inductive step, we use an inner induction on the size of the addi-tional component. ut

Corollary B.7. If we can derive

⌦⌦

H1

; H2

↵↵

= G1

and

⌦⌦

H1

; H2

↵↵

= G2

then

G1

= G2

. ut


In the following we will implicitly use the above properties of⌦⌦

H1

; H2

↵↵

forany strongly consistent H

1

and H2

.Because �-substitutions preserve strong consistency (Lem. A.8), they also

preserve history relations.

Lemma B.8. Suppose g1

⌦⌦

H1

; H2

↵↵

g2

and l1

2 g1

and l2

2 g2

. For any �,

there exist g01

, g02

such that g01

⌦⌦

H1

; �(H2

)↵↵

g02

and l1

2 g01

and �(l2

) 2 g02

. ut

A second important property of history relations established by predictivebisimilar histories is expressed in the following proposition stating that a TCCSm

transaction k which can immediately commit represents by itself a single logicaltransaction.

Proposition B.9. Suppose (H1

B P1

) ⇡prd

(H2

B P2

) and P1

cok��!. Then either

1. k ] H1

, or

2. there exist H10

and H20

such that

⌦⌦

H1

; H2

↵↵

= hH10

;H20

i � . . . and

ftn(H10

) = {k}.

Proof. By contradiction. Assume

⌦⌦

H1

; H2

↵↵

= hH10

;H20

i � hH11

;H21

i � . . . hH1n

;H2n

i

andH

10

= k(a), k1

(a1

), k2

(a2

), . . . , km1(am1), k(am1+1

), . . . , k(am2)

for some ek, ea, and a, with ki

6= k for all i 2 {1, 2, . . .m1

}.By definition of strong consistency

H20

= l(a), l1

(a1

), l2

(a2

), . . . , lm1(am1), lm1+1

(am1+1

), . . . , lm2(am2)

for some el. We then have

(k(a), k1

(a1

), k2

(a2

), . . . , km1(am1), k(am1+1

), . . . , k(am2), H11

, . . . , H1n

B P1

)cok��!

(a, k1

(a1

), k2

(a2

), . . . , km1(am1), am1+1

, . . . , am2 , H11

, . . . , H1n

B Q1

) = C1

By the definition of (⇡prd

) we have:

(l(a), l1

(a1

), l2

(a2

), . . . , lm1(am1), lm1+1

(am1+1

), . . . , lm2(am2), H21

, . . . , H2n

B P2

)col��!

(a, l1

(a1

), l2

(a2

), . . . , lm1(am1), am1+1

, . . . , am2 , H21

, . . . , H2n

B Q2

) = C2

and C1

⇡prd

C2

. However, this means that {l1

, l2

, . . . , lm1}\ {l, l

m1+1

, . . . , lm2} =

; and therefore hH10

;H20

i is not indivisible, contradicting the assumption throughLem. B.5. ut

To prove compositionality of (⇡prd

), we need to extend history relations toprocesses and histories.


Definition B.10. A relation G over processes is the least congruence satisfying:

JP .k

QK G JP .l

QK when 9g1

, g2

such that g1

G g2

and k 2 g1

and l 2 g2

Moreover, G over histories is the least congruence satisfying:

(i 7! k(a)) G (i 7! l(a)) when 9g1

, g2

such that g1

G g2

and k 2 g1

and l 2 g2

It is easy to show that histories related under a G relation are stronglyconsistent.

Lemma B.11. If H1

G H2

then H1

l H2

. ut

The following are strong bisimulation results for⌦⌦

H1

; H2

↵↵

-relations. Wewill use these results to reason about contexts related under such relations.

Lemma B.12. Suppose P1

⌦⌦

H1

; H2

↵↵

P2

k(a)��!�2 Q

2

and k ] H1

, H2

, P1

, P2

.

Then there exist Q1

and �1

such that

P1

k(a)��!�1 Q

1

⌦⌦

�1

(H1

), k(a) ; �2

(H2

), k(a)↵↵

Q2

and for each l1

2 dom(�1

) there exists l2

2 dom(�2

) such that l1

⌦⌦

H1

; H2

↵↵

l2

.

ut


⌦⌦

H1

; H2

↵↵

P2

k(⌧)��!�2 Q

2

and k ] H1

, H2

, P1

, P2

.

Then there exist Q1

and �1

such that

P1

k(⌧)��!�1 Q

1

⌦⌦

�1

(H1

) ; �2

(H2

)↵↵

Q2

ut


⌦⌦

H1

; H2

↵↵

P2

⌧�!"

Q2

. Then there exists Q1

such

that

P1

⌧�!"

Q1

⌦⌦

H1

; H2

↵↵

Q2

ut


⌦⌦

H1

; H2

↵↵

P2

new k��! Q2

and k ] H1

, H2

, P1

, P2

.

Then there exists Q1

such that

P1

new k��! Q1

⌦⌦

H1

; H2

↵↵

Q2

ut


⌦⌦

H1

; H2

↵↵

P2

cok��! Q2

. Then

1. if k ] H1

, H2

then there exists Q1

such that

P1

cok��! Q1

⌦⌦

H1

; H2

↵↵

Q2

2. if ({l}, {k}) 2⌦⌦

H1

; H2

↵↵

then there exists Q1

such that

P1

col��! Q1

⌦⌦

H1

\co

l ; H2

\co

k↵↵

Q2

ut



⌦⌦

H1

; H2

↵↵

P2

abk��! Q2

and k ] H1

. Then there

exists Q1

such that

P1

abk��! Q1

⌦⌦

H1

; H2

↵↵

Q2

The following is a corollary of Lem. B.8.

Corollary B.18.

1. If P1

⌦⌦

H1

; H2

↵↵

P2

then P1

⌦⌦

H1

; �(H2

)↵↵

�(P2

).2. If H 0

1

⌦⌦

H1

; H2

↵↵

H 02

then H 01

⌦⌦

H1

; �(H2

)↵↵

�(H 02

). ut

The main result in this section, from which Thm. 4.6 easily follows, is thatthe following relation Z is a weak predictive bisimulation.

Proposition B.19. Consider the relation Z ✓ Conf

Act]⌦

⇥ Conf

Act]⌦

:

Z def

=n

((H11

, H12

B P1

|R1

), (H21

, H22

B P2

|R2

))�

�

�

9H10

, H20

, Nfr

:(H

10

, H11

B P1

) ⇡prd

(H20

, H21

B P2

)and dom(H

10

) = dom(H20

)and dom(H

11

) = dom(H21

)and dom(H

12

) = dom(H22

)and R

1

⌦⌦

H10

, H11

; H20

, H21

↵↵

R2

and H12

⌦⌦

H10

, H11

; H20

, H21

↵↵

H22

and ftn(R1

, H12

) ✓ ftn(H10

) [Nfr

and ftn(R2

, H22

) ✓ ftn(H20

) [Nfr

and N ] H10

, H11

, H20

, H21

, P1

, P2

o

Z is a weak predictive bisimulation.

Proof. Let

C1

= (H11

, H12

B P1

|R1

) Z (H21

, H22

B P2

|R2

) = C2

with (H10

, H11

B P1

) ⇡prd

(H20

, H21

B P2

),

dom(H10

) = dom(H20

) dom(H11

) = dom(H21

) dom(H12

) = dom(H22

)

and

R1

⌦⌦

H10

, H11

; H20

, H21

↵↵

R2

H12

⌦⌦

H10

, H11

; H20

, H21

↵↵

H22

and ftn(R1

, H12

) ✓ ftn(H10

) [ Nfr

and ftn(R2

, H22

) ✓ ftn(H20

) [ Nfr

and N ]H

10

, H11

, H20

, H21

, P1

, P2

.We need to prove that C

1

and C2

satisfy the conditions of Def. 4.4. The firstcondition ((H

11

, H12

) s.c. to (H21

, H22

)) follows from Lem.(s) A.6, A.7 and B.11.We now show the proof of the second condition; the proof of its symmetric

condition is similar and omitted. Let C1

⌘�! D1

be a commitable transition. Weproceed by case analysis on this transition. The interesting cases of this proofare those where communication occurs between the P

1

and R1

:


LTS

0⌧ : C1

= (H11

, H12

B P1

|R1

)⌧�! (H

11

, H12

B T1

) = D1

and P1

|R1

⌧�!"

T1

.

By case analysis of P1

|R1

⌧�!"

T1

there are only three applicable processtransition rules:

1. CCSsync: T1

= Q1

|S1

and P1

a�!"

Q1

and R1

a�!"

S1

.By Lem. 3.5, for k ] H

10

, H11

, H12

, H20

, H21

, H22

, R1

, R2

, P1

, P2

:

R1

k(a)��!" 7!k

R01

cok��! S1

(H10

, H11

B P1

)k(a)��! (H

10

, H11

, k(a) B P 01

)⌧�! (H

10

, H11

, a B Q1

)

Because (H10

, H11

B P1

) ⇡prd

(H20

, H21

B P2

):

(H20

, H21

B P2

)⌧

=)(H 020

, H 021

B P 02

)

k(a)��!(H 0020

, H 0021

, k(a) B P 002

)⌧

=)(H(3)

20

, H(3)

21

, l(a) B P(3)

2

)⌧�!(H(4)

20

, H(4)

21

, a B P(4)

2

)⌧

=)(H(5)

20

, H(5)

21

, a B Q2

)

and

(H10

, H11

, a B Q1

) ⇡prd

(H(5)

20

, H(5)

21

, a B Q2

)

with H10

s.c. to H(5)

20

and H11

s.c. to H(5)

21

. By Lem. A.5 and because H10

s.c.

to H20

and H11

s.c. to H21

: H20

s.c. to H(5)

20

and H21

s.c. to H(5)

21

. Thereforefrom Lem. A.10 we conclude that the commit of the l-transaction does nota↵ect H

(3)

20

, H(3)

21

and thus H(3)

20

= H(4)

20

and H(3)

21

= H(4)

21

and l ] H(3)

20

H(3)

21

.By Lem. A.12, k ] H 00

20

, H 0021

, and by Lem. A.11, H 020

= H 0020

and H 021

= H 021

.By Lem.(s) A.5, A.9, A.10, A.14 and A.16, there exist �0, �00, �(3), �(4) suchthat

(H20

, H21

B P2

)⌧

=)(�0(H20

, H21

) B P 02

)

k(a)��!(�0(H20

, H21

), k(a) B P 002

)⌧

=)(�00(�0(H20

, H21

)), l(a) B P(3)

2

)⌧�!(�00(�0(H

20

, H21

)), a B P(4)

2

)⌧

=)(�(3)(�00(�0(H20

, H21

))), a B Q2

)

with �00(k) = l and and range(�0,�00,�(3)) fresh from all other names andk ] �0,�0(H

20

),�0(H21

) and

(H10

, H11

, a B Q1

) ⇡prd

(�(3)(�00(�0(H20

, H21

))), a B Q2

)


Moreover, because R1

⌦⌦

H10

, H11

; H10

, H21

↵↵

R2

and R1

k(a)��!" 7!k

R01

cok��!S1

, by Cor. B.18 and Lem. B.12 and because k ] �0(H20

):

R1

⌦⌦

H10

, H11

; �0(H20

, H21

)↵↵

�0(R2

)

�0(R2

)k(a)��!

" 7!k

R02

R01

⌦⌦

H10

, H11

, k(a) ; �0(H20

, H21

), k(a)↵↵

R02

By Cor. B.18 and Lem. B.16 (2) and because k ] H10

, H11

and l ] �00(�0(H20

, H21

))(thus ({k}, {l}) 2

⌦⌦

H10

, H11

, k(a) ; �00(H20

, H21

), l(a)↵↵

):

R01

⌦⌦

H10

, H11

, k(a) ; �00(H20

, H21

), l(a)↵↵

�00(R02

)

�00(R02

)col��! S

2

S1

⌦⌦

H10

, H11

, a ; �00(H20

, H21

), a↵↵

S2

And by Cor. B.18 again: S1

⌦⌦

H10

, H11

, a ; �(3)(H20

, H21

), a↵↵

�(3)(S2

). More-over, by the same corollary:

H12

⌦⌦

H10

, H11

; H20

, H21

↵↵

H22

H12

⌦⌦

H10

, H11

; �0(H20

, H21

)↵↵

�0(H22

)

H12

⌦⌦

H10

, H11

; �00(�0(H20

, H21

))↵↵

�00(�0(H22

))

H12

⌦⌦

H10

, H11

; �(3)(�00(�0(H20

, H21

)))↵↵

�(3)(�00(�0(H22

)))

From the above and Lem. A.13 we get:

(H21

, H22

B P2

|R2

)⌧

=)(�0(H21

, H22

) B P 02

|�0(R2

))

k(⌧)��!(�0(H21

, H22

) B P 002

|R02

)⌧

=)(�00(�0(H21

, H22

)) B P(3)

2

|�00(R02

))⌧�!(�00(�0(H

21

, H22

)) B P(4)

2

|S2

)⌧

=)(�(3)(�00(�0(H21

, H22

))) B Q2

|�(3)(S2

))

and by properties of transitions and substitutions there exists set of freshnames N 0

fr

such that

ftn(S1

, H12

) ✓ ftn(H10

) [N 0fr

ftn(�(3)(S2

),�(3)(�00(�0(H22

))) ✓ ftn(�(3)(�00(�0(H20

)))) [N 0fr

and thus

(H11

, H12

B Q1

|S1

) Z (�(3)(�00(�0(H21

, H22

))) B Q2

|�(3)(S2

))

completing this case of the proof.


2. ParL: T1

= Q1

|R1

and P1

⌧�!"

Q1

.Here we proceed as in the previous case, deriving

(H20

, H21

B P2

)⌧

=) (�0(H20

, H21

) B Q2

)

(H10

, H11

B Q1

) ⇡prd

(�0(H20

, H21

) B Q2

)

and

(H21

, H22

B P2

|R2

)⌧

=) (�0(H21

, H22

) B Q2

|�0(R2

))

(H11

, H12

B Q1

|R1

) Z (�0(H21

, H22

) B Q2

|�0(R2

))

3. The symmetric of ParL: This case follows from Lem. B.14.

LTS

0k(⌧): C1

= (H11

, H12

B P1

|R1

)k(⌧)��! (�(H

11

, H12

) B T1

) = D1

and

P1

|R1

k(⌧)��!�1 T

1

.By case analysis on the last transition we have three applicable sub-cases:

TrSync, and ParL and its symmetric. The proof of the last two sub-cases isthe same as in the corresponding cases for a LTS

0⌧ transition. The proof in thesub-case of TrSync is as follows.

1. TrSync: T1

= Q1

�12

|S1

�11

and P1

k(a)��!�11 Q

1

and R1

k(a)��!�12 S

1

and

�11

= (el11

7! k) and �12

= (el12

7! k) and �1

= (el11

,el12

7! k).Because transitions and relations are equivariant, we assume w.l.o.g. k ]H

10

, H11

, H12

, H20

, H21

, H22

, R1

, R2

, P1

, P2

. Because (H10

, H11

B P1

) ⇡prd

(H20

, H21

B P2

) and (H10

, H11

B P1

)k(a)��! (�

11

(H10

, H11

), k(a) B Q1

):

(H20

, H21

B P2

)⌧

=)(H 020

, H 021

B P 02

)

k(a)��!(H 0020

, H 0021

, k(a) B P 002

)⌧

=)(H(3)

20

, H(3)

21

, l(a) B Q2

)

and(�

11

(H10

, H11

), k(a) B Q1

) ⇡prd

(H(3)

20

, H(3)

21

, l(a) B Q2

)

with �11

(H10

) s.c. toH(3)

20

and �11

(H11

) s.c. toH(3)

21

. By Lem.(s) A.5 and A.10and because �

11

(H10

) s.c. to H10

s.c. to H20

, and �11

(H11

) s.c. to H11

s.c.to H

21

:

H20

s.c. to H 020

s.c. to H 0020

s.c. to H(3)

20

H21

s.c. to H 021

s.c. to H 0021

s.c. to H(3)

21

Thus by Lem. A.9, there exist �0, �00, and �21

such that:

(H20

, H21

B P2

)⌧

=)(�0(H20

, H21

) B P 02

)

k(a)��!(�21

(�0(H20

, H21

)), k(a) B P 002

)⌧

=)(�00(�21

(�0(H20

, H21

))), l(a) B Q2

)


with range(�21

) = {k} and �00(k) = l and range(�0,�00,�21

) fresh from allother names and k ] �0,�0(H

20

),�0(H21

) and

(�11

(H10

, H11

), k(a) B Q1

) ⇡prd

(�00(�21

(�0(H20

, H21

))), l(a) B Q2

)

Moreover, because R1

⌦⌦

H10

; H20

↵↵

R2

and R1

k(a)��!�12 S

1

, by Cor. B.18and Lem. B.12:

R1

⌦⌦

H10

, H11

; �0(H20

, H21

)↵↵

�0(R2

) (9)

�0(R2

)k(a)��!

�22 S2

(10)

S1

⌦⌦

�12

(H10

, H11

), k(a) ; �22

(�0(H20

, H21

)), k(a)↵↵

S2

By Cor. B.18 again, and because dom(�12

) ] S1

and dom(�22

) ] S2

(byLem. A.2):

�11

(S1

)⌦⌦

�11

(�12

(H10

, H11

)), k(a) ; �21

(�22

(�0(H20

, H21

))), k(a)↵↵

�21

(S2

)

�1

(S1

)⌦⌦

�1

(H10

, H11

), k(a) ; �2

(�0(H20

, H21

)), k(a)↵↵

�2

(S2

)

�1

(S1

)⌦⌦

�1

(H10

, H11

), k(a) ; �00(�2

(�0(H20

, H21

))), k(a)↵↵

�00(�2

(S2

))

From the above and Lem.(s) A.2 and A.13 we get:

(H21

, H22

B P2

|R2

)⌧

=)(�0(H21

, H22

) B P 02

|�0(R2

))

k(⌧)��!(�2

(�0(H21

, H22

)) B �22

(P 002

) |�21

(S2

))

=(�2

(�0(H21

, H22

)) B �2

(P 002

) |�2

(S2

))

and

(�21

(�0(H21

, H22

)) B �21

(P 002

) |S2

)⌧

=)(�00(�21

(�0(H21

, H22

))) B Q2

|�00(�2

(S2

)))

We know that dom(�22

) 2 ftn(�0(H20

, H21

)) [Nfr

(because of (9) and (10))and the transactions in dom(�

22

) do not commit/abort in this weak transi-tion (because (H

10

, H11

=H20

, H21

)). Thus, by Cor. A.19:

(�2

(�0(H21

, H22

)) B �2

(P 002

) |�2

(S2

))⌧

=)(�00(�2

(�0(H21

, H2

))) B Q2

|�00(�2

(S2

)))

The proof is completed by Prop. A.22.

ut

C Proof of Theorem 5.1

Theorem C.1 (Congruence of (⇡)). If P ⇡ Q and ftn(R) ] P,Q then

P |R ⇡ Q |R.


Proof.

P ⇡ Q implies (; B P ) ⇡ (; B Q)

implies (; B P ) ⇡prd

(; B Q)

implies (; B P |R) ⇡prd

(; B Q |R)

implies P |R ⇠=rbe

Q |R implies P |R ⇡ Q |R ut

Corollary C.2 (Soundness of (⇡)). If P ⇡ Q then P ⇠=rbe

Q.

D proof of Theorem 5.4

D.1 Theorem

Lemma D.1 (�-distributivity). For any history H1

and substitution �, LHM� =LH�M.

Proof. Trivial, by induction on the length of H.

Lemma D.2 (History translation over parallel). LHM | Li 7! k(a)M = LH, k(a)M

Proof. Trivially by definition. We will use this observation often, so it is usefulto have it as a separate lemma.

Lemma D.3. LkiM �! P implies P = Li 7! k(a)M

Proof. This lemma can be proved easily proved by considering that LkiM canperform either a k(a), ⌧ or abk action. In the first case, the resulting term isLi 7! k(a)M, in the second case it is Lk(?)M, and in the third case it is Li 7! abM.

Lemma D.4. H\co

k |H 0\co

k = (H,H 0)\co

k

Proof. The \co

k operator trivially distributes over parallel terms by definition.

Lemma D.5. H\ab

k |H 0\ab

k = (H,H 0)\ab

k

Proof. The \ab

k operator trivially distributes over parallel terms by definition.

Lemma D.6. For any history H, transaction name k and a 2 LAct

, LHM 6 ⌧�!LHM 6 k(⌧)��!,

6 a�! and 6 k(a)��!.

Proof. This lemma can be proved by induction. If the length of the history iszero, then the lemma is trivial. In the inductive case, it is su�cient to notice thatthe definition of history translation does not contain any ⌧or a 2 Act actions.

Lemma D.7. LHM |P �! Q implies Q = LH 0M |Q0


Proof. This lemma can be proved by induction on the derivation LHM |P �! Q.According to 6, this derivation can be derived either by a ⌧ , k(⌧), abk or cokaction. In the first two cases, by Lemma D.6, we know that the translation ofhistory H

1

cannot perform any action ⌧ , k(⌧), a or k(a) action, thus only ruleParL can be used, history H is unchanged and thus Q = LHM |Q0 for some Q0.In the latter two cases, the same analysis holds if transaction name k from abkor cok does not occur in H. If it does, then we can use rule TrBroadcast toprove both cases. We can prove by induction on the length of the history thatthe resuling abort or commit action produces another history. If the historyis empty, the case is trivial. In the inductive step, recall that Li 7! k(a)M =qco |!commit

ai

.k

!abort

i

y. If transaction k is committed, it become !commit

ai

whichis equal to Li 7! aM. If it is aborted, it becomes !abort

i

, which is equal to Li 7! abM.Thus in both cases the commit or abort action produces a term in the form of ahistory, which proves the inductive step and concludes the proof of this lemma.

Lemma D.8. Suppose that Pk(a)��!

�1 P 0, �

1

= el1

7! k and that �2

= el2

7! k.

Then P 0�2

= P 0�, where � = (el1

,el2

) 7! k.

Proposition D.9 (Prop. E.4). Suppose P 2 LAct

2

and (H1

B P )k�!

�

(H2

BQ) with H

2

= �(H1

), (i 7! k(a)) and k0 ] k,H1

, P ; then LH1

M |P | Lk0Mi !LH

2

M |Q.

Proof. We will provide a derivation for the transition we are required to find.

Suppose that:

1. (H1

B P )k�!

�

(H2

B Q)2. H

2

= H1

�, (i 7! k(a)).3. k0 ] k,H

1

, P

We need to show that LH1

M |P | Lk0Mi ! LH2

M |Q.

By definition of H2

and omitting index i for the moment, we can rewriteAssumption 1 as:

(H1

B P )k�!

�

(�(H1

), k(a) B Q)

By inversion, this transition can be deduced either by the LTSk(a) rule or bythe LTS? rule. Let us proceed by analysing each case.

LTSk(a) case : from this rule we deduce that a = a and Pk(a)��!

�1 Q (*) for some �1

.Moreover, we can infer by inversion on the CCS rules that �

1

= l 7! kfor some transaction name l, since this rule can only be applied when thedomain of the substitution �

1

is a single name l.

2 I think this proposition is true even when P 2 LAct[⌦ .


Consider now LH1

M |P | Lk0(a)Mi. By definition of translation L�M, recall that:

Lk0Mi =tco |

X

a2Act

a.!commit

ai

!

+ !before

i

+ ⌧.0 .k

!abort

i

|

from which, by virtue of the internal infinite sum and by rules CCS-Sum

and TrAct, we can derive:

Lk0Mi k(a)��!�2

qco |!commit

ai

.k

!abort

i

y(⇤⇤)

where �2

= (k0 7! k). By rule TrSync, (*) and (**), and by rule ParL, wecan derive:

LH1

M |P | Lk0Mi k(⌧)��!�

LH1

M� |qco |!commit

ai

.k

!abort

i

y�1

|Q�2

(⇤ ⇤ ⇤)

where �0 = (l, k0) 7! k. Because of Assumption 3, Q�2

= Q, since k0 does notoccur in Q. Moreover, by definition of Lk0M, transaction name l cannot oc-cur in Lk0M, and thus we can also infer that

qco |!commit

ai

.k

!abort

i

y�1

=qco |!commit

ai

.k

!abort

i

y. By definition of History Translation and by As-

sumption 2:

qco |!commit

ai

.k

!abort

i

y= Li 7! k(a)M by definition

LH1

M� | Li 7! k(a)M = LH1

, i 7! k(a)M by definition

LH1

�, i 7! k(a)M = LH2

M by Assumption 2

LH1

M |P | Lk0Mi ! LH2

M |Q by definition

which proves the first case.

LTS? case : from this rule we can only deduce a = ?. Suppose that Lk0M takes theinternal step ⌧ :

LH1

M |P | Lk0Mi ! LH1

M |qco .

k

!abort

i

y|Q (⇤)

By definition of History translation and (*), we have:

qco .

k

!abort

i

y= Li 7! k(?)M by definition

LH1

M | Li 7! k(?)M = LH1

, i 7! k(?)M by definition

LH1

, i 7! k(?)M = LH2

M by Assumption 2

LH1

M |P | Lk0Mi ! LH2

M |Q by definition

which proves the second case.


3

and (H1

B P )⌧�!

�

(H2

BQ); then LH

1

M |P ! LH2

M |Q.

3 Similarly, this proposition is true even when P 2 LAct[⌦ .


Proof. Let us prove it by induction on the derivation (H1

B P )⌧�!

�

(H2

B Q).Assume that:

1. (H1

B P )⌧�!

�

(H2

B Q)

We have to show that LH1

M |P ! LH2

M |Q.Condition 1 can only be derived by the rules LTS⌧ , LTSk(⌧), LTSnew, LTSco

and LTSab. Let us analyse each case.

LTS⌧ , LTSk(⌧): According to these rules, either P⌧�!

�

Q or Pk(⌧)��!

�

Q. Moreover, thehistory is not changed by this transition, except for a �-renaming; thusH

2

= H1

� (*).Whether P does a ⌧ or a k(⌧) does not matter, because in either case Pperforms just a �! transition. Thus we have:

LH1

M |P �! LH1

M� |Q by rule ParL

LH1

M |P �! LH1

�M |Q by Lemma D.1

LH1

M |P �! LH2

M |Q by (*)

which proves the case.

LTSnew: According to this rule, the history is untouched, i.e. H1

= H2

, and Pnew��! Q

(*). Since new is a � action, we can use rule ParL to derive:

LH1

M |P �! LH1

M |Q by (*)

LH1

M |P �! LH2

M |Q because H1

= H2


LTSco: According to this rule Pcok��! Q (*) and H

2

= H1

\co

k. From these informa-tion, the following chain of deductions holds:

LH1

M |P �! LH2

M |Q this is what we need to show

LH1

M |P �! LH1

\co

kM |Q because H2

= H1

\co

k

LH1

M |P cok��! LH1

\co

kM |Q because of rule ?

LH1

M cok��! LH1

\co

kM or k ] LH1

M by rule TrBroadcast or

TrIgn, and (*)

Let us prove the last statement by induction on the size of history H1

.Suppose that H

1

only contains no elements. Then LH1

M = L;M = 0. Sincek ] 0, the base case is proved. Let us now prove the inductive step. Suppose


that, for H1

of size n, LH1

M cok��! LH1

M\co

k or k ] LH1

M. We must show that

(LH1

, n+ 1 7! l(a)M cok��! L(H1

, n+ 1 7! l(a))\co

kM) or k ] LH1

, n+ 1 7! l(a)M.By Lemma D.2 and D.4, LH

1

, n+ 1 7! l(a)M\co

= LH1

M\co

| Ln+ 1 7! l(a)M\co

.

Thus, omitting the index n+1, we actually need to show that (LH1

M | Ll(a)M cok��!LH

1

M\co

k | Ll(a)M\co

k) or k ] LH1

M, Ll(a)M. We will prove this, by analysingeach form that l(a) can take, which is either ab, a, ?, l(a) or l(?).If l(a) = ab, then LabM = Lab\

co

kM = !abort

n+1

and obviously k ] !abort

n+1

. If

LH1

M cok��! LH1

\co

kM, then LH1

M | LabM cok��! LH1

\co

kM | Lab\co

kM by rule TrIgn.If k ] LH

1

M, then k ] LH1

M,!abort

n+1

. The same analysis holds if l(a) = a, sinceLaM = !commit

n+1

, and similarly for l(a) = ?. If l(a) and l 6= k, then k ] Ll(a)M,and we can prove this case by rule TrIgn, as for the previous cases.Suppose that l = k now. If l(a) = k(a), then Lk(a)M =

qco |!commit

ai

.k

!abort

i

y

and Li 7! l(a)M can perform a cok action:

qco |!commit

ai

.k

!abort

i

ycok��! !commit

ai

by the TrCo rule

Lk(a)M cok��! LaM by definition of Translation

Lk(a)M cok��! L(k(a))\co

kM by definition of \co

If LH1

M cok��! LH1

\cok

M, then this case can be proved by rule TrBroadcast

on the last deduction. If k ] LH1

M, then prove this case by rule TrIgn

on the last deduction. The proof for the case l(a) = k(?) is similar. SinceLk(?)M =

qco .

k

!abort

i

y, we can deduce that:

qco .

k

!abort

i

ycok��! 0 by the TrCo rule

Lk(?)M cok��! L?M by definition of Translation

Lk(?)M cok��! Lk(?)\co


We now prove this case as we did for the previous case, using rule TrBroad-

cast and TrIgn on the last deduction and the inductive hypothesis.Having proved all sub-cases, and this case is proved.

LTSab: According to this rule Pabk��! Q (*) and H

2

= H1

\ab

k. From these informa-tion, the following chain of deductions holds:

LH1

M |P �! LH2

M |Q this is what we need to show

LH1

M |P �! LH1

\ab

kM |Q because H2

= H1

\ab

k

LH1

M |P abk��! LH1

\ab

kM |Q because of rule ?

LH1

M abk��! LH1

\ab

kM or k ] LH1

M by rule TrBroadcast or

TrIgn, and (*)

Let us prove the last statement by induction on the size of History H1

.


If H1

has size 0, then it is empty and its translation is 0. Thus k ] LH1

M,which proves the base case. Let us consider the case in whichH

1

has size n+1.

We need to show that (LH1

, n+ 1 7! l(a)M abk��! L(H1

, n+ 1 7! l(a))\ab

kM) or k ]LH

1

, n+ 1 7! l(a)M. By similar considerations as in the previous LTSco case

using Lemma D.2 and D.5 this time, we actually need to show that (LH1

M | Ll(a)M abk��!LH

1

\ab

kM | Ll(a)\ab

kM) or k ] LH1

M, Ll(a)M. By inductive hypothesis, assume

that LH1

M abk��! LH1

\ab

kM or k ] LH1

M. Let us analyse case by case l(a). Ifl(a) = ab, then LabM = Lab\

ab

kM = !abort

i

, and obviously k ] !abort

i

. If

LH1

M abk��! LH1

\ab

kM, then this case can be proved by rule TrIgn. If k ] LH1

M,then obviously k ] LH

1

M,!abort

i

.Suppose that l(a) = a. Then a\

ab

= a, and k ] LaM because LaM = !commit

ai

.The same also analysis holds if l(a) = l(a) or l(?), with l 6= k, becausel(a)\

ab

k = l(a) and k ] Ll(a)M. We can use rules TrBroadcast and TrIgn

to prove this case, as we have done previously. If l(a) = k(a) and k = l, thenthe case can be proved as in the case l(a) = ab, because k(a)\

ab

k = ab.Having proved proved all sub-cases, case LTSab is proved too.

Proposition D.11 (Prop. E.6). Suppose P,Q 2 LAct

and LH1

M | Lk0Mi |P !�LH

2

M |Q with H2

= H1

, (i 7! k(a)) and k0 ] k,H1

, P ; then (H1

B P )k�!

�

(H2

BQ).

Proof. Let us prove this proposition by induction on the transition LH1

M | Lk0Mi |P !LH

2

M |Q.Let us assume that:

1. P,Q 2 LAct

2. LH1

M | Lk0Mi |P ! LH2

M� |Q3. H

2

= H1

, (i 7! k(a))4. k0 ] k,H

1

, P

We have to prove that (H1

B P )k�!

�

(H2

B Q).

Starting from Assumption 2, we can deduce the following:

LH1

M | Lk0Mi |P ! LH2

M |Q this is Assumption 2

LH1

M | Lk0Mi |P ! LH1

, i 7! k(a)M |Q by Assumption 3

LH1

M | Lk0Mi |P ! LH1

M | Li 7! k(a)M |Q by Lemma D.2

LH1

M | Lk0Mi |P ⌧�!�

LH1

M� | Li 7! k(a)M� |Q or

LH1

M | Lk0Mi |P k(⌧)��! LH1

M� | Li 7! k(a)M� |Q by the rules in 6

Lk0Mi |P ⌧�!�

Li 7! k(a)M� |Q or

Lk0Mi |P k(⌧)��! Li 7! k(a)M� |Q by rule ParL and Assumption 4


Recall that:

LkMi =tco |

X

a2Act

a.!commit

ai

!

+ !before

i

+ ⌧.0 .k

!abort

i

|,

Li 7! k(a)M =qco |!commit

ai

.k

!abort

i

yand

Li 7! k(?)M =qco .

k

!abort

i

y

Notice that Lk0M cannot perform a pure ⌧ action, because it is a transaction.We can thus exclude that Lk0Mi |P ⌧�!

�

Li 7! k(a)M� |Q can happen in the lastdeduction, and only assume that:

Lk0Mi |P k(⌧)��! Li 7! k(a)M� |Q because Lk0M cannot perform a ⌧

Let us now analyse this last deduction case by case, depending on which forma can take, that is, if a = a or a = ⇤. If a = a, then we have:

Lk0Mi |P k(⌧)��! Li 7! k(a)M� |Q this is the last deduction

Lk0Mi |P k(⌧)��! Li 7! k(a)M� |Q because a = a

Lk0Mi |P k(⌧)��!qco |!commit

ai

.k

!abort

i

y� |Q by definition of Translation

Lk0Mi |P k(⌧)��!qco |!commit

ai

.k

!abort

i

y|Q by Assumtion 4 and Lemma D.8

Pk(a)��! Q by the premises of TrSync, which is

the only rule that can be applied here

(H1

B P )k�!

�

(H2

B Q) by rule LTSk(a)

which proves the case.Suppose now that a = ?. Then we can derive:

Lk0Mi |P k(⌧)��! Li 7! k(a)M� |Q this is the previous deduction

Lk0Mi |P k(⌧)��! Li 7! k(?)M� |Q because a = ?

Lk0Mi |P k(⌧)��!qco .

k

!abort

i

y� |Q by definition of Translation

P = Q because the only possible case is that Lk0Mi

takes a ⌧ step, and thus P does not change

If P = Q and a = ?, then we can immediately derive that (H1

B P )k�!

(H1

, k(⇤) B P ) by rule LTS?, which proves the theorem.



and LH1

M |P ! LH2

M |Q;

then for some �: (H1

B P )⌧�!

�

(H2

B Q).

Proof. Let us prove this proposition by induction on transitions LH1

M |P �!LH

2

M |Q.

Let us assume that:

1. LH1

M |P �! LH2

M |Q2. P 2 L

Act

3. ftn(H1

) ✓ ftn(P )

We need to show that 9�.(H1

B P ) �! ⌧�

(H2

B Q).According to rules ?, ? and ? either one of these three cases is possible:

1. LH1

M |P ⌧�! LH2

M |Q2. LH

1

M |P k(⌧)��! LH2

M |Q3. LH

1

M |P k(�)��! LH2

M |Q

Let us analyse each case separately.

Case 1) Looking at the LTS, there are 6 rules that can produce a ⌧ transition:CCSsum, CCSsync, CCSrec, TrTau, Restr and ParL. Let us analyse eachcase separately.

CCSsum: Since LH1

M |P is not a sum, this case is invalid.CCSsync: This case is invalid as well. In fact, by Lemma D.6 LH

1

M cannot producethe pure a action required by the premises, if a 2 L

Act

. If it producesa barb ! 2 L

⌦

, then P cannot produce a complementary barb actionbecause of Assumption 2. Thus this case is invalid.

CCSrec: This case is invalid too, because LH1

M |P is not in the shape of a recursiveconstruct.

TrTau: This case is invalid too, because CCSsync is not in the form of a trans-action.

Restr: This case is invalid as well, because CCSsync is not in the form of arestriction.

ParL: This rule is symmetric: in one case it is the operand on the left-hand sideof the parallel to perform an ↵ action, in the other it is the right-handside. The first case is invalid, because, as we have argued for the caseCCSsync using Lemma D.6 and Assumption 2.

Let us consider the second case. By the premise and side condition ofrule ParL, we have that P

↵�!�

P 0 (*) and range(�) ] Q. From theconsequences of this rule, we gather that H

2

= H1

�(**). Remember alsothat we are considering the case in which LH

1

M |P can perform a ⌧ action,thus we consider ↵ = ⌧ in this case. Given this considerations, we canapply rule LTS⌧ on (*) and H

1

to obtain directly that (H1

B P )⌧�!

(H2

B Q), which proves the case (since we can use the � from (*)).


Case 2) Looking at the LTS, there are 5 rules that can produce a ⌧ transition: TrSum,TrAct, TrSync, Restr and ParL. As in the previous case, not all cases canbe applied to LH

1

M |P , because Assumption 1 does not match the syntaxrequired in the rules. In particular, rules TrSum, TrAct and Restr cannotbe applied. Moreover, the case for rule ParL can be demonstrated exactly asin Case 1), because rule LTS⌧ acts on ⌧ and k(⌧) actions indiscriminately.Thus we shall only consider rule TrSync.

TrSync: This case is invalid as well. As we have already reasoned in Case 1) forrule CCSsync, by Lemma D.6 any translation of H

1

cannot produce anaction a or k(a), for a 2 Act. P cannot perform barb actions ! 2 L

⌦

either by Assumption 2. Thus, there is no action a on which LH1

M andP can synchronise, and thus this case is invalid too.

Case 3) Looking at the LTS, there are 6 rules that can produce a � transition: TrCo,TrAb, TrNew, TrBroadcast, TrIgn and TrRestrBeta. Looking atthe syntax, we can notice straightaway that we cannot apply rules TrCo,TrAb, TrNew and TrRestrBeta. Thus we need only concentrate onrules TrBroadcast, TrIgn. Moreover, the action � in rule ? can be eithercok, abk or new k. Let us analyse each case separately.

TrBroadcast: According to the premises of this rule, LH1

M ��! LH 01

M (*) and P��! P 0

(**), where � 2 {cok, abk}. Let us analyse the cases in which � = cokand � = abk:

� = cok: To prove the main theorem, we can apply rule LTSco using (**); butwe must prove that LH

2

M = LH1

\co

kM. We can prove by induction onthe length of history H

1

, assuming (*).Let us consider the case of length zero. The translation of the emptyhistory is the nil process 0, which cannot perform a cok action, thusbreaking assumption (*). The base case is thus trivial. Let us nowassume that the length of history H

1

is n+1, with H1

= (H 01

, n+1 7!l(a)), and that, if LH 0

1

M cok��! LH 02

M, then H 02

= H 01

\co

k. Notice that:

LH1

M = LH 01

, n+ 1 7! l(a)M by definition of H1

LH1

M = LH 01

M | Ll(a)M by Lemma D.2

We need to analyse two further cases for transaction names l and k,one in which l 6= k, and one in which l = k:

l 6= k: In this case, the only applicable rule to obtain (*) is rule TrIgn,

from which we infer that LH 01

M | Ll(a)M cok��! LH 02

M | Ll(a)M. From thisconsideration, we have:

LH 02

M | Ll(a)M = LH 01

M\co

k | Ll(a)M by inductive hypothesis

= LH 01

M\co

k | Ll(a)\co

kM by def. of \co

and because l 6= k

= L(H 01

, l(a))\co

kM by Lemma D.2 and D.4

= LH1

\co

kM by inductive hypothesis



l = k: In this case, we notice that:

(1) LH1

M = LH 01

M |qco |!commit

an+1

.k

!abort

n+1

yif a = a

(2) LH1

M = LH 01

M |qco .

k

!abort

n+1

yif a = ?

This time the only applicable rule TrBroadcast, thus both theright-hand side transactions in (1) and (2) have to commit. Inthe first case, we have:

LH1

M = LH 01

M |qco |!commit

an+1

.k

!abort

n+1

ythis is case (1)

LH 01

M |qco |!commit

an+1

.k

!abort

n+1

ycok��! LH 0

2

M |!commit

an+1

by rule TrBroadcast

LH2

M = LH 02

M |!commit

an+1

by the previous deduction

LH2

M = LH 02

M | Ln+ 1 7! aM by definition of translation

LH2

M = LH 02

M | Ln+ 1 7! k(a)\co


LH2

M = LH 01

\co

kM | Ln+ 1 7! k(a)\co


LH2

M = L(H 01

, n+ 1 7! k(a))\co


LH2

M = LH1

\co

kM by hypothesis

which proves the main theorem for case (1). Let us prove case(2):

LH1

M = LH 01

M |qco .

k

!abort

n+1

ythis is case (2)

LH 01

M |qco .

k

!abort

n+1

ycok��! LH 0

2

M | 0 by rule TrBroadcast

LH2

M = LH 02

M | 0 by the previous deduction

LH2

M = LH 02

M | Ln+ 1 7! ?M by definition of translation

LH2

M = LH 02

M | Ln+ 1 7! k(?)\co


LH2

M = LH 01

\co

kM | Ln+ 1 7! k(?)\co


LH2

M = L(H 01

, n+ 1 7! k(?))\co


LH2

M = LH1

\co

kM by hypothesis

which proves the main theorem for case (2).� = abk: To prove the main theorem, we can apply rule LTSab using (**); but

we must prove that LH2

M = LH1

\ab

kM. We can prove by induction onthe length of history H

1

, assuming (*).Let us consider the case of length zero. Again, the base case in whichthe history is empty is trivial, since its translation is the inert process0, which cannot perform an abk action; this breaks assumption (*).


Let us now assume that the length of history H1

is n+1, with H1

=

(H 01

, n + 1 7! l(a)), and that, if LH 01

M abk��! LH 02

M, then H 02

= H 01

\ab

k.Again, note that:

LH1

M = LH 01

, n+ 1 7! l(a)M by definition of H1

LH1

M = LH 01

M | Ll(a)M by definition of translation

and again we have to analyse the case in which l 6= k and in whichl = k. Let us analyse each case:

l 6= k: In this case, the only applicable rule to obtain (*) is rule TrIgn,

from which we infer that LH 01

M | Ll(a)M abk��! LH 02

M | Ll(a)M. From thisconsideration, we have:

LH 02

M | Ll(a)M = LH 01

M\ab

k | Ll(a)M by inductive hypothesis

= LH 01

M\ab

k | Ll(a)\ab

kM by definition of \ab

when l 6= k

= L(H 01

, l(a))\co


= LH1

\ab


which proves the case.l = k: In this case, we notice that:

(1) LH1

M = LH 01

M |qco |!commit

an+1

.k

!abort

n+1

yif a = a

(2) LH1

M = LH 01

M |qco .

k

!abort

n+1

yif a = ?

The only applicable rule in this case isTrBroadcast, thus boththe right-hand side transactions in (1) and (2) have to abort. Thistime it does not matter whether we are in case (1) or (2), because

in both cases Lk(a)M abk��! !abort

n+1

. Thus we have:

LH1

M = LH 01

M | Ll(a)M this is our hypothesis

LH 01

M | Ll(a)M abk��! LH 02

M |!abort

n+1

by rule TrBroadcast

LH2

M = LH 02

M |!abort

n+1

by the previous deduction

LH2

M = LH 02

M | Ln+ 1 7! abM by definition of translation

LH2

M = LH 02

M | Ln+ 1 7! k(a)\ab

kM by definition of \ab

LH2

M = LH 01

\ab

kM | Ln+ 1 7! k(a)\ab


LH2

M = L(H 01

, n+ 1 7! k(a))\ab


LH2

M = LH1

\ab

kM by hypothesis

which proves the case.TrIgn: This is a symmetric rule, so according to the premises, we have two

cases:1) � ] H

1

and P��! Q


2) � ] P and H1

��! H2

Case 2) is not applicable. In fact, if � ] P , then � ] H1

by Assumption3. Thus we only have Case 1) to prove. This case is easily provedby applying either rule LTSco, LTSab or LTSnew. Just notice thatH

1

\co

k = H1

\ab

k = H1

by definition of the respective operationswhen k 2 � ] H

1

. This case is thus proved.

Proposition D.13 (Prop. E.8). Let LH1

M |P ⇠=rbe

LH 01

M |P 0with

P, P 0 2 LAct H1

, H 01

compatible i 62 dom(H1

)

1. if LH1

M | LkMi |P ! LH2

M |Q then there exist H 02

and Q0 2 LAct

such that

LH 01

M | LkMi |P 0 ) LH 02

M |Q0 LH2

M |Q ⇠=rbe

LH 02

M |Q0 H2

, H 02

compatible

2. if LH1

M |P ! LH2


and Q0 2 LAct

such that

LH 01

M |P 0 ) LH 02

M |Q0 LH2

M |Q ⇠=rbe

LH 02

M |Q0 H2

, H 02

compatible

Proof. Let us prove each case separately.

Case 1: Assume that:1. LH

1

M |P ⇠=rbe

LH 01

M |P 0

2. P, P 0 2 LAct

3. H1

, H 01

compatible4. H

2

= H1

, i 7! k(a)5. i 62 dom(H

1

)6. LH

1

M | LkMi |P ! LH2

M |Q

We need to find H 02

and Q0 2 LAct

such that:1. LH 0

1

M |P 0 | LkMi ) LH 02

M |Q0

2. LH2

M |Q ⇠=rbe

LH 02

M |Q0

3. H2

, H 02

compatibleBecause the processes in Assumption 1) are reduction barbed equivalent,they must continue to be so under any other context R. If we take R = LkMi,we have:

LH1

M |P ⇠=rbe

LH 01

M |P 0 by Assumption 1

LH1

M |P | LkMi ⇠=rbe

LH 01

M |P 0 | LkMi by Condition 4 of rbe

LH1

M | LkMi |P ⇠=rbe

LH 01

M | LkMi |P 0 transitions in the LTS commute over parallel

By Condition 2 of reduction barbed equivalence, Assumption 1 and 6 implythat LH 0

1

M | LkMi |P 0 ) Z (*) and LH2

M |Q ⇠=rbe

Z (**). Let us find out howZ is composed. By repeatedly applying Lemma D.7 on (*), we can derivethat Z = LH 00

2

M |Z 0. Moreover, by Assumption 2, we have that the barbs inLH 0

1

M cannot be synchronise neither LkMi nor P 0, thus we can infer that H 002


has the same barbs as H 01

; by Assumption 3, we have that H 002

is compatiblewith H

1

.We will now argue that Z 0 = Li 7! l(a)M |Q0, for some transaction name l. ByAssumption 4, we have that LH

2

M = LH1

M | Lk(a)M. We have to distinguish twocases, one in which k(a) = k(a) and one in which k(a) = k(?). If k(a) = k(a)first we can rewrite (**) as LH

1

M |qco |!commit

ai

.k

!abort

i

y|Q ⇠=

rbe

LH 002

M |Z 0.Thus we have that the left-hand side of (**) can perform + !commit

ai

and+ !abort

ai

. Since they are reduction barbed equivalent, the right-hand side of(**) must be able to perform the same barbs. Recall that by Assumption 2processes P and P 0 cannot contribute barbs; moreover, by Assumption 5 andsince H

1

and H 002

are compatible, H 002

cannot contribute these barbs. Thusonly Lk0Mi can contribute them. Because of this, for some transaction namel and depending on how LkMi is evaluated, Z 0 can take one of these forms:

1) !abort

ai

|Q0 if Lk0Mi is aborted2)

qco .

l

!abort

ai

y|Q0 if Lk0Mi performs a ⌧ step

3)rco |!before

i

.l

!abort

ai

z|Q0 if it chooses to perform !before

i

4)qco |!commit

bi

.l

!abort

ai

y|Q0with a 6= b if it performs a b action

5)qco |!commit

ai

.l

!abort

ai

y|Q0 if it performs an a action

Case 1 is impossible, because Z 0 would have the barb !abort

ai

, which the left-hand side of (**) does not have. Case 2 is not possible too, because if theleft-hand side of (**) commits, then Z 0 lacks the !commit

ai

barb. Case 3 isimpossible as well, because the left-hand side of (**) lacks the !before

i

barbin case of commit. Case 4 is impossible too, because the left-hand side of (**)lacks the !commit

bi

(recall that a 6= b) in case of commit. The only possibleoption is thus Case 5. The same analysis holds when k(a) = k(?), with theexception that Case 2 is the only possible one and Case 4 and 5 are collapsedinto a single case.We can now rewrite (**) as follows:

LH1

M | Li 7! k(a)M |Q ⇠=rbe

LH 002

M | Li 7! l(a)M |Q0 by previous deductions

LH2

M |Q ⇠=rbe

LH 002

M | Li 7! l(a)M |Q0 by Lemma D.2 and Assm. 4

LH2

M |Q ⇠=rbe

LH 02

M |Q0 by definition of translation

with H 02

= H 002

, i 7! l(a)

The last deduction proves Requirement 2 of the main theorem. Requirement1 is proved by (*), if we consider that Z = LH 0

2

M |Q0. Since H1

and H 002

arecomparable, and both Li 7! k(a)M and Li 7! l(a)M are not pure a transactionsand do not count towards compatibility, we have that H

2

is comparable withH 0

2

, which proves Requirement 3. All requirements are proved, and thus themain case is proved

Case 2: Assume that:


1. LH1

M |P ⇠=rbe

LH 01

M |P 0

2. P, P 0 2 LAct

3. H1

, H 01

compatible4. i 62 dom(H

1

)5. LH

1

M |P ! LH2

M |Q

We need to find H 02

and Q0 2 LAct

such that:1. LH 0

1

M |P 0 ) LH 02

M |Q0

2. LH2

M |Q ⇠=rbe

LH 02

M |Q0

3. H2

, H 02

compatible

By Condition 2 of reduction barbed equivalence, we can derive from As-sumption 5 that LH 0

1

M |P 0 ) Q00. By repeatedly applying Lemma D.7, we candeduce that Q00 = LH 0

2

M |Q0, for some H 02

and Q0. Thus LH 01

M |P 0 ) LH 02

M |Q0

(*). By Condition 2 of reduction barbed equivalence, we can also derive fromAssumption 5 that LH

2

M |Q ⇠=rbe

LH 02

M |Q0 (**). Consideration (*) and (**) re-spectively prove Point 1 and 2 of the main theorem.

There only remains to prove that H2

and H 02

are compatible. Recall thatH

2

and H 02

are compatible when the following property is satisfied:

8i 2 I.H2

(i) = a , H 02

(i) = a

To prove this, we need to analyse two directions:

)) H2

(i) = a implies H 02

(i) = a() H 0

2

(i) = a implies H2

(i) = a

Let us prove the first direction. Suppose that H2

(i) = a. Then LH2

(i)M =!commit

ai

, and thus LH2

M |Q + !commit

ai

. Because of (**), LH 02

M |Q0 + !commit

ai

. This

is only possible if there exists R and R0 such that LH 02

(i)M |Q0 ) R!

commit

ai��! R0.By Assumption 2, we can deduce that Q0 2 L

Act

. Thus the process where an!commit

ai

barb occurs can only be H 02

(i). By the definition of history translation,there are only two possible cases: either H 0

2

(i) = a, or H 02

(i) = k(a). If thefirst is the case, the histories are compatible and the theorem is proven. Wewill now show that the second case leads to contradiction. In fact, suppose thatH 0

2

(i) = k(a). Then LH2

(i)M =qco |!commit

ai

.k

!abort

i

y. Because of this, we have

that LH 02

M |Q0 + !abort

i

. But notice now, that LH2

M |Q 6+ !abort

i

, because thetranslation LH

2

(i)M = !commit

ai

, which does not contain the barb !abort

i

. Thuswe have that LH

2

M |Q 6⇠=rbe

LH 02

M |Q0, since they have di↵erent barbs. But thiscontradicts (**), thus we must reject that H 0

2

(i) = k(a). This finishes the prooffor the first direction. The proof for the second direction is symmetric.

E Completeness of Weak Bisimulation

LAct]⌦

?


Definition E.1 (Translation of k-transition).

LkMi =tco |

X

a2Act

a.!commit

ai

!

+ !before

i

+ ⌧.0 .k

!abort

i

|

Definition E.2 (Translation of a History).

L;M = 0LH, (i 7! k(a))M = LHM | Li 7! k(a)M

Li 7! k(a)M =qco |!commit

ai

.k

!abort

i

y

Li 7! aM = !commit

ai

Li 7! k(?)M =qco .

k

!abort

i

y

Li 7! ?M = 0Li 7! abM = !abort

i

To prove completeness we will need the following propositions.

Proposition E.3. If P 2 LAct

and (H1

B P )⇣�!

�

(H2

B Q) then Q 2 LAct

,

and when ⇣ = k, there exist i, a such that H2

= H1

, (i 7! k(a)).

Proof. Trivial, by induction on the transition. ut

Proposition E.4. Suppose P 2 LAct

4

and (H1

B P )k�!

�

(H2

B Q) with H2

=H

1

, (i 7! k(a)) and k0 ] k,H1

, P ; then LH1

M |P | Lk0Mi ! LH2

M |Q.


5

and (H1

B P )⌧�!

�

(H2

B Q); then

LH1

M |P ! LH2

M |Q.

Proposition E.6. Suppose P,Q 2 LAct

and LH1

M |P | Lk0Mi ! LH2

M |Q with

H2

= H1

, (i 7! k(a)) and k0 ] k,H1

, P ; then for some �: (H1

B P )k�!

�

(H2

BQ).


and LH1

M |P ! LH2

M |Q; then for some �:

(H1

B P )⌧�!

�

(H2

B Q).

Proposition E.8. Let LH1

M |P ⇠=rbe

LH 01

M |P 0with

P, P 0 2 LAct H1

, H 01

consistent i 62 dom(H1

)

1. if LH1

M |P | LkMi ! LH2


and Q0 2 LAct

such that

LH 01

M |P 0 | LkMi ) LH 02

M |Q0 LH2

M |Q ⇠=rbe

LH 02

M |Q0 H2

, H 02

consistent

4 I think this proposition is true even when P 2 LAct[⌦ .

5 Similarly, this proposition is true even when P 2 LAct[⌦ .


2. if LH1

M |P ! LH2


and Q0 2 LAct

such that

LH 01

M |P 0 ) LH 02

M |Q0 LH2

M |Q ⇠=rbe

LH 02

M |Q0 H2

, H 02

consistent

Definition E.9 (Relation X ).

X= {((H B P ), (H 0 B P 0)) | P, P 2 LAct

, H,H 0consistent, LHM |P ⇠=

rbe

LH 0M |P 0}

Theorem E.10 (Completeness). X is a weak bisimulation.

Proof. Let (H1

B Q) X (H 01

B Q0); we need to show that the conditions ofDef. 3.7 are satisfied. The first condition is true by construction of X . Thesecond is trivially true because X only contains processes in L

Act

. We only needto show the third condition of the definition (and its converse, which we omithere).

Let (H1

B P )⇣�!

�

(H2

B Q). We take cases on this transition:

1. ⇣ = k:

(H1

B P )k�!

�

(H2

B Q)

by Prop. E.3, 9i, a : Q 2 LAct

H2

= H1

, (i 7! k(a))

by Prop. E.4, for fresh k0 : LH1

M |P | Lk0Mi ! LH2

M |Qby Prop. E.8(1), 9H 0

2

, Q0 2 LAct

: LH 01

M |P 0 | Lk0Mi ) LH 02

M |Q0

LH2

M |Q ⇠=rbe

LH 02

M |Q0

H2

, H 02

consistent

thus 9l, b : H 02

= H 002

, (i 7! l(b))

by Prop(s). E.6 and E.7 (repeatedly), 9�0 : (H 01

B P 0)⌧

=)�

0 (H 02

B Q0)

and by Def. E.9 : (H2

B Q) X (H 02

B Q0)

2. ⇣ = ⌧ :

(H1

B P )⌧�!

�

(H2

B Q)

by Prop. E.3 : Q 2 LAct

by Prop. E.5 : LH1

M |P ! LH2

M |Qby Prop. E.8(2), 9H 0

2

, Q0 2 LAct

: LH 01

M |P 0 ) LH 02

M |Q0

LH2

M |Q ⇠=rbe

LH 02

M |Q0

H2

, H 02

consistent

by Prop. E.7 (repeatedly), 9�0 : (H 01

B P 0)⌧

=)�

0 (H 02

B Q0)

and by Def. E.9 : (H2

B Q) X (H 02

B Q0) ut

Corollary E.11 (Top-Level Completeness). For any P,Q 2 LAct

, if P ⇠=rbe

Q then P ⇡ Q.

Proof. Let P,Q 2 LAct

and P ⇠=rbe

Q. Then (; B P ) X (; B Q) by Def. E.9. ByThm. E.10, X is a weak bisimulation, and therefore (; B P ) ⇡ (; B Q); thusP ⇡ Q.

Documents

· 16 V. Koutavas, C. Spaccasassi, M. Hennessy A Additions to Previous Sections A.1 Addition to Section 2 Deﬁnition of Local Commit ( co): We now explain the e↵ect of commits