Preservation properties

The preservation lemmas are similar to those for CCS, with some excep-tions. Most notably, as bound names can be communicated between the agents with the OPENand CLOSE-rules, any rule involving Parallel must take into account that the scope of the binders can change.

14.3.1 Output and Tau

The proofs that bisimilarity is preserved Output and Tau are straightfor-ward.

Lemma 14.13. If (P, Q) ∈ R then τ.P ,→Rτ.Q.

Proof. Follows from the definition of,→, the fact that τ.P and τ.Q can each only do aτ-action and (P, Q) ∈ R.

Lemma 14.14. If P .

∼ Q then τ.P .

∼ τ.Q .

Proof. Follows by coinduction and settingX to {(τ.P, τ.Q), (τ.Q, τ.P)}, and Lemma 14.13.

Lemma 14.15. If (P, Q) ∈ R then ab.P ,→Rab.Q.

Proof. Follows from the definition of,→, the fact that ab.P and ab.Q can each only do an output-action and (P, Q) ∈ R.

Lemma 14.16. If P .

∼ Q then ab.P .

∼ ab.Q .

Proof. Follows by coinduction, setting X to {(ab.P, ab.Q), (ab.Q, ab.P)}, and Lemma 14.15.

14.3.2 Match and Mismatch

Lemma 14.17. If P,→RQ and R ⊆ R⁰then [a=b]P ,→_R⁰[a=b]Q.

Proof. Follows from the definition of,→, the M^ATCHinversion rule from Figure 13.4.2 and the MATCH-rule from the operational semantics. The in-version rule ensures that a = b and hence the agents can do exactly the same transitions.

Lemma 14.18. If P .

∼ Q then [a=b]P .

∼ [a=b]Q .

Proof. Follows by coinduction and settingX to {([a =b]P, [a =b]Q), ([a = b]Q, [a=b]P)}, and Lemma 14.17.

Lemma 14.19. If P,→RQ and R ⊆ R⁰then [a6=b]P ,→_R⁰[a6=b]Q.

Proof. Follows from the definition of,→, the M^ISMATCHinversion rule from Figure 13.4.2 and the MISMATCH-rule from the operational semantics. The inversion rule ensures that a 6= b and therefore, the agents can do exactly the same transitions.

Lemma 14.20. If P .

∼ Q then [a6=b]P .

∼ [a6=b]Q .

Proof. Follows by coinduction and settingX to {([a 6=b]P, [a 6=b]Q), ([a 6=

b]Q, [a6=b]P)}, and Lemma 14.19.

14.3.3 Sum Lemma 14.21.

If P,→RQ and Id ⊆ R⁰and R ⊆ R⁰then P + R ,→_R⁰Q + R .

Proof. Follows from the definition of,→, the S^UMinversion rule from Fig-ure 13.4.2 and the SUM1 and SUM2-rule from the operational semantics. In the case where R does a transition, the assumption Id ⊆ R⁰is used to ensure that the derivatives remain inR⁰.

Lemma 14.22. If P .

∼ Q then P + R .

∼ Q + R .

Proof. Follows by coinduction and settingX to {(P + R , Q + R ), (Q + R , P + R )}, and Lemma 14.21.

14.3.4 Restriction Lemma 14.23.

P,→RQ

^R S y. (R, S) ∈ R

((νy)R, (νy)S) ∈ R⁰ R ⊆ R⁰ eqvtR eqvtR⁰ (νx)P ,→_R⁰(νx)Q

Proof. Follows from the definition of,→, the S^COPEinversion rule and the OPEN, SCOPEF and SCOPEB-rules from the operational semantics. The as-sumptionVR S y. (R, S) ∈ R =⇒ ((νy)R, (νy)S) ∈ R⁰is used in the OPEN-case, as the restricted names are dropped from the derivatives.

Lemma 14.24. If P .

∼ Q then (νx)P .

∼ (νx)Q .

Proof. Follows by coinduction and settingX to {((νx)P, (νx)Q) : P .

∼ Q }, and Lemma 14.23.

14.3.5 Parallel

The scope migrating capabilities of the pi-calculus make the proofs for Parallel more involved than their CCS counterparts. The first step is to prove what is required for simulation to be preserved by Parallel. We will start by proving a more general lemma, in which two simulations are composed.

Lemma 14.25.

P,→RQ (P, Q) ∈ R R,→_R⁰S (R, S) ∈ R⁰

^P⁰Q⁰R⁰S⁰. (P⁰, Q⁰) ∈ R (R⁰, S⁰) ∈ R⁰ (P⁰| R⁰, Q⁰| S⁰) ∈ R⁰⁰ P | R ,→_R⁰⁰Q | S

Proof. Follows from the,→-I introduction rule, the P^ARF and PARB inver-sion rule and the PAR, COMM and CLOSE-rules from the operational se-mantics. The requirement thatR⁰⁰is closed under restriction is used in the CLOSE-cases to allow for scope migration. The Isabelle proof can be found in Figure 14.1.

This lemma is more general than strictly necessary to prove that bisimilarity is preserved by Parallel. It will also be useful when we prove that bisimilarity is preserved by Replication. The lemma needed for parallel preservation is easily derivable.

Lemma 14.26.

P,→RQ (P, Q) ∈ R

^S T U. (S, T ) ∈ R

(S | U , T | U ) ∈ R⁰ ^S T x. (S, T ) ∈ R⁰ ((νx)S, (νx)T) ∈ R⁰ P | R ,→_R⁰Q | R

Proof. Follows from Lemma 14.25 by setting its relationsR⁰⁰toR⁰andR⁰ to the identity relation.

Before moving on to the bisimilarity part of this proof, we need to intro-duce the concept of a binding sequence.

The binders that have been discussed thus far have all been single binders in the sense that they are declared and bound one at a time. This turns out to be enough for most cases, but in bisimilarity proofs on parallel agents it becomes necessary to reason about sequences of binders. The reason for this is that the scope of binders can change using the OPENand CLOSE-rules.

A binding sequence is a finite, possibly empty, list of restrictions.

Definition 14.27 (Binding sequences). A sequence of namesy binding intoe an agent P is denoted (νy)P.e

(ν[])P = P (ν(x·y))P = (νx)(νee y)P

Figure 14.1: Isabelle proof that simulation is preserved by Parallel.

Page 1/4 lemma parCompose:

fixes P :: pi and Q :: pi and R :: pi and T :: pi

andR :: (pi × pi) set and R⁰ :: (pi × pi) set and R⁰⁰:: (pi × pi) set assumes P,→RQ and R,→_R⁰T and (P, Q) ∈ R and (R, T) ∈ R⁰

and Par:VP⁰Q⁰R⁰T⁰. [[(P⁰, Q⁰) ∈ R; (R⁰, T⁰) ∈ R⁰]] =⇒ (P⁰| R⁰, Q⁰| T⁰) ∈ R⁰⁰ and Res:VP⁰Q⁰x. (P⁰, Q⁰) ∈ R⁰⁰=⇒ ((νx)P⁰, (νx)Q⁰) ∈ R⁰⁰

shows P | R ,→_R⁰⁰Q | T

proof(induct rule: simCases) — Apply introduction rule,→-I case(Bound a x U)

from^〈x] (P | R)^〉have x] P and x ] R by simp+

from^〈Q | T −−−−→ U^{a(νx) 〉}show ∃S. P | R −−−−→ S ∧ (S, U) ∈ R^{a(νx) 00} proof(induct rule: parCasesB) — Apply PARB inversion rule from

Figure 13.4.2 PAR1 case

Given that Q −−−−→ Q^{a(νx) 0}prove that there exists an S such that P | R −−−−→ S and (S, Q^{a(νx) 0}| T ) ∈ R⁰⁰.

case(cPar1 Q⁰)

from^〈P,→RQ^{〉 〈}Q −−−−→ Q^{a(νx) 0〉 〈}x] P^〉obtain P⁰

where PTrans: P −−−−→ P^{a(νx) 0}and P⁰RQ⁰: (P⁰, Q⁰) ∈ R by(blast dest: elim) from PTrans^〈x] R^〉have P | R −−−−→ P^{a(νx) 0}| R by(rule Par1B)

moreover from P⁰RQ^0〈(R, T) ∈ R^0〉have (P⁰| R, Q⁰| T) ∈ R⁰⁰by(rule Par) ultimately show ∃PR⁰. P | R −−−−→ PR^{a (νx) 0}∧ (PR⁰, Q⁰| T) ∈ R⁰⁰by blast next

PAR2 case

Given that T −−−−→ T^{a(νx) 0}prove that there exists an S such that P | R −−−−→ S and (S, Q | T^{a(νx) 0}) ∈ R⁰⁰.

case(cPar2 T⁰)

from^〈R,→_R⁰T^{〉 〈}T −−−−→ T^{a(νx) 0〉 〈}x] R^〉obtain R⁰

where RTrans: R −−−−→ R^{a(νx) 0}and R⁰R⁰T⁰: (R⁰, T⁰) ∈ R⁰by(blast dest: elim) from RTrans^〈x] P^〉have P | R −−−−→ P | R^{a(νx) 0}by(rule Par2B)

moreover from^〈(P, Q) ∈ R^〉R⁰R⁰T⁰have (P | R⁰, Q | T⁰) ∈ R⁰⁰by(rule Par) ultimately show ∃PR⁰. P | R −−−−→ PR^{a (νx) 0}∧ (PR⁰, Q | T⁰) ∈ R⁰⁰by blast qed

Page 2/4 next

case(Freeα QT⁰)

from^〈Q | T −→ QT^{α 0〉}show ∃PR⁰. P | R −→ PR^{α 0}∧ (PR⁰, QT⁰) ∈ R⁰⁰ proof(induct rule: parCasesF[where C=(P, R)]) — P^ARF inversion rule

PAR1 case

Given that Q −→ Q^{α 0}prove that there exists an S such that P | R −→ S and (S, Q^{α 0}| T ) ∈ R⁰⁰.

case(cPar1 Q⁰)

from^〈P,→RQ^{〉 〈}Q −→ Q^{α 0〉}obtain P⁰

where PTrans: P −→ P^{α 0}and PR: (P⁰, Q⁰) ∈ R by(blast dest: elim) from PTrans have P | R −→ P^{α 0} | R by(rule Par1F)

moreover from PR^〈(R, T) ∈ R^0〉have (P⁰| R, Q⁰ | T) ∈ R⁰⁰by(rule Par) ultimately show ∃PR⁰. P | R −→ PR^{α 0}∧ (PR⁰, Q⁰| T) ∈ R⁰⁰by blast next

PAR2 case

Given that T −→ T^{α 0}prove that there exists an S such that P | R −→ S and (S, Q | T^{α 0}) ∈ R⁰⁰.

case(cPar2 T⁰)

from^〈R,→_R⁰T^{〉 〈}T −→ T^{α 0〉}obtain R⁰

where RTrans: R −→ R^{α 0}and RR: (R⁰, T⁰) ∈ R⁰by(blast dest: elim) from RTrans have P | R −→ P | R^{α 0}by(rule earlySemantics.Par2F) moreover from^〈(P, Q) ∈ R^〉RR have (P | R⁰, Q | T⁰) ∈ R⁰⁰by(rule Par) ultimately show ∃PR⁰. P | R −→ PR^{α 0}∧ (PR⁰, Q | T⁰) ∈ R⁰⁰by blast next

COMM1 case

Given that Q −−→ Q^{ab 0}and T −−−→ T^{a [b] 0}prove that there exists an S such that P | R −→ S and (S, Q^{τ 0}| T⁰) ∈ R⁰⁰.

case(cComm1 Q⁰T⁰a b)

from^〈P,→RQ^{〉 〈}Q −−→ Q^{ab 0〉}obtain P⁰

where PTrans: P −−→ P^{ab 0}and P⁰RQ⁰: (P⁰, Q⁰) ∈ R by(blast dest: elim) from^〈R,→_R⁰T^{〉 〈}T −−→ T^{ab 0〉}obtain R⁰

where RTrans: R −−→ R^{ab 0}and RRT⁰: (R⁰, T⁰) ∈ R⁰by(blast dest: elim) from PTrans RTrans have P | R −→ P^{τ 0}| R⁰by(rule Comm1)

moreover from P⁰RQ⁰RRT⁰have (P⁰| R⁰, Q⁰ | T⁰) ∈ R⁰⁰by(rule Par) ultimately show ∃PR⁰. P | R −→ PR^{τ 0}∧ (PR⁰, Q⁰| T⁰) ∈ R⁰⁰by blast

Page 3/4 next

COMM2 case

Given that Q −−−→ Q^{a [b] 0}and T −−→ T^{ab 0}prove that there exists an S such that P | R −→ S and (S, Q^{τ 0}| T⁰) ∈ R⁰⁰.

case(cComm2 Q⁰T⁰a b)

from^〈P,→RQ^{〉 〈}Q −−→ Q^{ab 0〉}obtain P⁰

where PTrans: P −−→ P^{ab 0}and P⁰RQ⁰: (P⁰, Q⁰) ∈ R by(blast dest: elim) from^〈R,→_R⁰T^{〉 〈}T −−→ T^{ab 0〉}obtain R⁰

where RTrans: R −−→ R^{ab 0}and R⁰R⁰T⁰: (R⁰, T⁰) ∈ R⁰by(blast dest: elim) from PTrans RTrans have P | R −→ P^{τ 0}| R⁰by(rule Comm2)

moreover from P⁰RQ⁰R⁰R⁰T⁰have (P⁰| R⁰, Q⁰| T⁰) ∈ R⁰⁰by(rule Par) ultimately show ?case by blast

next

CLOSE1 case

Given that Q −−→ Q^{ax 0}and T −−−−→ T^{a(νx) 0}prove that there exists an S such that P | R −→ S and (S, (νx)(Q^{τ 0}| T⁰)) ∈ R⁰⁰.

case(cClose1 Q⁰T⁰a x) from^〈x] (P, R)^〉have x] P and x ] R by simp+

from^〈P,→RQ^{〉 〈}Q −−→ Q^{ax 0〉}obtain P⁰

where PTrans: P −−→ P^{ax 0}and P⁰RQ⁰: (P⁰, Q⁰) ∈ R by(blast dest: elim) from^〈R,→_R⁰T^{〉 〈}T −−−−→ T^{a (νx) 0〉 〈}x] R^〉obtain R⁰

where RTrans: R −−−−→ R^{a (νx) 0}and R⁰R⁰T⁰: (R⁰, T⁰) ∈ R⁰ by(blast dest: elim)

from PTrans RTrans^〈x] P^〉 have P | R −→ (νx)(P^{τ 0} | R⁰) by(rule Close1) moreover from P⁰RQ⁰R⁰R⁰T⁰have ((νx)(P⁰| R⁰), (νx)(Q⁰ | T⁰)) ∈ R⁰⁰

by(blast intro: Par Res) ultimately show ?case by blast

Page 4/4 next

CLOSE2 case

Given that Q −−−−→ Q^{a(νx) 0}and T −−→ T^{ax 0}prove that there exists an S such that P | R −→ S and (S, (νx)(Q^{τ 0}| T⁰)) ∈ R⁰⁰.

case(cClose2 Q⁰T⁰a x) from^〈x] (P, R)^〉have x] P and x ] R by simp+

from^〈P,→RQ^{〉 〈}Q −−−−→ Q^{a (νx) 0〉 〈}x] P^〉obtain P⁰

where PTrans: P −−−−→ P^{a (νx) 0}and P⁰RQ⁰: (P⁰, Q⁰) ∈ R by(blast dest: elim) from^〈R,→_R⁰T^{〉 〈}T −−→ T^{ax 0〉}obtain R⁰

where RTrans: R −−→ R^{ax 0}and R⁰R⁰T⁰: (R⁰, T⁰) ∈ R⁰ by(blast dest: elim)

from PTrans RTrans^〈x] R^〉have P | R −→ (νx)(P^{τ 0}| R⁰) by(rule Close2) moreover from P⁰RQ⁰R⁰R⁰T⁰have ((νx)(P⁰| R⁰), (νx)(Q⁰ | T⁰)) ∈ R⁰⁰

by(blast intro: Par Res) ultimately show ?case by blast qed

qed

Binding sequences recursively bind the names of a sequence to an agent.

A lemma which will be used extensively in the upcoming proofs is the following, which states what is required for a simulation to be closed under a binding sequence.

Lemma 14.28.

eqvtR ^R S x. (R, S) ∈ R

((νx)R, (νx)S) ∈ R P,→RQ (νey)P,→R(νy)Qe

Proof. By induction ony.e

Base case (y =[]): Follows immediately from the assumption P ,→e RQ.

Inductive step (y = xe x): Frome the induction hypothesis we get that (νex)P ,→R (νex)Q, and hence by Lemma 14.23 that (νx)(νex)P,→R(νx)(νex)Q

The intuition behind the lemma is quite simple. If a simulation relation R is preserved by the Restriction and P simulates Q preserving R, then sinceR is preserved by restriction and thus (νx)P simulates (νx)Q preserv-ingR for an arbitrary name x, then by induction (νx)P must simulate (νx)Q

preservingR wherex is an arbitrary chain of restricted names. The fact thate the proof is an inductive proof requires the candidate relationR to be the same in the assumptions and the conclusion. This is a general lemma which is used repeatedly when proving bisimilarites involving Parallel.

This section has touched briefly on the notion of binding sequences, and what is needed for this formalisation of the pi-calculus. Most notably, any reasoning about alpha-equivalence of agents with binding sequences has been omitted. Binding sequences is a research area in its own right and will be covered extensively in Part IV where they form an integral part of the calculi being formalised.

We can now prove that bisimilarity is preserved by Parallel.

Lemma 14.29. If P .

∼ Q then P | R .

∼ Q | R .

Proof. Follows by coinduction and settingX to {((νx)(P | R ), (νx)(Q | R )) : P .

∼ Q }, and Lemmas 14.26 and 14.28.

14.3.6 Replication

As for CCS, in order to prove that bisimilarity is preserved by the Replication, we inductively define a candidate relation which is preserved by the Replication. The scope migrating capabilities of the pi-calculus require that any candidate relation involving Parallel is preserved by restriction as well.

Definition 14.30 (bangRel). The bangRel relation is parametrised with a re-lationR.

If (P, Q) ∈ R then (!P, !Q) ∈ bangRel R.

If (R, T ) ∈ R and (P, Q) ∈ bangRel R then (R | P , T | Q ) ∈ bangRel R.

If (P, Q) ∈ bangRel R then ((νa)P, (νa)Q) ∈ bangRel R.

The predicate bangRel takes a relation as an argument, and returns a re-lation which is closed by Replication, Parallel, and Restriction. Moreover, the agents appearing on the right hand side of the |-operator are members of bangRelR; the intuition is that as with Replication the bangRel predicate can be unfolded, adding new parallel agents an arbitrary number of times.

The next step is to prove what is required of a relationR for a simulation to preserve bangRelR.

In document ACTA UNIVERSITATIS UPSALIENSIS Uppsala Dissertations from the Faculty of Science and Technology 1214 (Page 168-176)