This paper introduces a SOS-based method for decomposing modal formulas on nondeterministic probabilistic processes, simplifying the verification of process properties by reducing satisfaction checks to subprocesses.
Contribution
It presents a novel SOS-like framework for decomposing modal formulae in probabilistic processes, enabling the derivation of congruence formats for probabilistic behavioral equivalences.
Findings
01
Provides a decomposition method for modal formulae in probabilistic processes.
02
Establishes (pre)congruence formats for probabilistic bisimilarity and similarity.
03
Introduces a SOS-like machinery for open distribution terms.
Abstract
We propose a method for the decomposition of modal formulae on processes with nondeterminism and probability with respect to Structural Operational Semantics. The purpose is to reduce the satisfaction problem of a formula for a process to verifying whether its subprocesses satisfy certain formulae obtained from the decomposition. To deal with the probabilistic behavior of processes, and thus with the decomposition of formulae characterizing it, we introduce a SOS-like machinery allowing for the specification of the behavior of open distribution terms. By our decomposition, we obtain (pre)congruence formats for probabilistic bisimilarity, ready similarity and similarity.
Tables1
Table 1. Table 1. Derived decomposition mappings.
, for all other
, for all other
, , for all other
, , for all other
, , for all other
Equations329
f(π1,…,πn)(t)={∏i=1nπi(ti)0 if t=f(t1,…,tn) otherwise.
f(π1,…,πn)(t)={∏i=1nπi(ti)0 if t=f(t1,…,tn) otherwise.
\frac{\displaystyle\bigcup_{i=1,\ldots,\mathfrak{n}}\left\{\vartheta_{i}\xrightarrow{\,{q_{i,j}}\,}x_{i,j}\mid j\in J_{i}\right\}}{\displaystyle\left\{f(\vartheta_{1},\ldots,\vartheta_{\mathfrak{n}})\xrightarrow{\,{q_{k}}\,}f(x_{1,k(1)},\ldots,x_{\mathfrak{n},k(\mathfrak{n})})\;\Big{|}\;k\in\bigtimes_{i=1,\ldots,\mathfrak{n}}J_{i}\text{ and }q_{k}=\prod_{i=1,\ldots,\mathfrak{n}}q_{i,k(i)}\right\}}
\frac{\displaystyle\bigcup_{i=1,\ldots,\mathfrak{n}}\left\{\vartheta_{i}\xrightarrow{\,{q_{i,j}}\,}x_{i,j}\mid j\in J_{i}\right\}}{\displaystyle\left\{f(\vartheta_{1},\ldots,\vartheta_{\mathfrak{n}})\xrightarrow{\,{q_{k}}\,}f(x_{1,k(1)},\ldots,x_{\mathfrak{n},k(\mathfrak{n})})\;\Big{|}\;k\in\bigtimes_{i=1,\ldots,\mathfrak{n}}J_{i}\text{ and }q_{k}=\prod_{i=1,\ldots,\mathfrak{n}}q_{i,k(i)}\right\}}
\frac{\displaystyle\bigcup_{i=1,\ldots,\mathfrak{n}}\{\sigma(\vartheta_{i})\xrightarrow{\,{q_{i,h}}\,}t_{i,h}\mid h\in H_{i}\}}{\displaystyle\left\{f(\sigma(\vartheta_{1}),\ldots,\sigma(\vartheta_{\mathfrak{n}}))\xrightarrow{\,{q_{\kappa}}\,}f(t_{1,\kappa(1)},\ldots,t_{\mathfrak{n},\kappa(\mathfrak{n})})\;\Big{|}\;\kappa\in\bigtimes_{i=1,\ldots\mathfrak{n}}H_{i}\text{ and }q_{\kappa}=\prod_{i=1,\ldots,\mathfrak{n}}q_{i,\kappa(i)}\right\}}
\frac{\displaystyle\bigcup_{i=1,\ldots,\mathfrak{n}}\{\sigma(\vartheta_{i})\xrightarrow{\,{q_{i,h}}\,}t_{i,h}\mid h\in H_{i}\}}{\displaystyle\left\{f(\sigma(\vartheta_{1}),\ldots,\sigma(\vartheta_{\mathfrak{n}}))\xrightarrow{\,{q_{\kappa}}\,}f(t_{1,\kappa(1)},\ldots,t_{\mathfrak{n},\kappa(\mathfrak{n})})\;\Big{|}\;\kappa\in\bigtimes_{i=1,\ldots\mathfrak{n}}H_{i}\text{ and }q_{\kappa}=\prod_{i=1,\ldots,\mathfrak{n}}q_{i,\kappa(i)}\right\}}
DΣ⊢{πqmtm∣m∈M}⇔for all m∈M it holds π(tm)=qm and m∈M∑qm=1.
DΣ⊢{πqmtm∣m∈M}⇔for all m∈M it holds π(tm)=qm and m∈M∑qm=1.
DΣ⊢{πqmtm∣m∈M} implies π(tm)=qm for all m∈M and m∈M∑qm=1.
DΣ⊢{πqmtm∣m∈M} implies π(tm)=qm for all m∈M and m∈M∑qm=1.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Full text
\lmcsheading
1–LABEL:LastPageJan. 31, 2017Jun. 25, 2018
\titlecomment
A preliminary version of this paper appeared as [CGT16b]
SOS-based Modal Decomposition on Nondeterministic Probabilistic Processes
We propose a method for the decomposition of modal formulae on processes with nondeterminism and probability with respect to Structural Operational Semantics.
The purpose is to reduce the satisfaction problem of a formula for a process to verifying whether its subprocesses satisfy certain formulae obtained from the decomposition.
To deal with the probabilistic behavior of processes, and thus with the decomposition of formulae characterizing it, we introduce a SOS-like machinery allowing for the specification of the behavior of open distribution terms.
By our decomposition, we obtain (pre)congruence formats for probabilistic bisimilarity, ready similarity and similarity.
Key words and phrases:
SOS, nondeterministic probabilistic process algebras, logical characterization, decomposition of modal formulae
1991 Mathematics Subject Classification:
F.3.2
1. Introduction
Behavioral equivalences and modal logics have been successfully employed for the specification and verification of communicating concurrent systems, henceforth processes.
The former ones, in particular the family of bisimulations, provide a simple and elegant tool for the comparison of the observable behavior of processes.
The latter ones allow for an immediate expression of the desired properties of processes.
Since the work of [HM85] on the Hennessy-Milner logic (HML), these two approaches are connected by means of logical characterizations of behavioral equivalences: two processes are behaviorally equivalent if and only if they satisfy the same formulae in the logic.
Hence, the characterization of an equivalence subsumes both the fact that the logic is as expressive as the equivalence and the fact that the equivalence preserves the logical properties of processes.
However, the connection between behavioral equivalences and modal logics goes even further: modal decomposition of formulae exploits the characterization of an equivalence to derive its compositional properties.
Roughly speaking, the definition of the semantic behavior of processes by means of the Structural Operational Semantics (SOS) framework [Plo81] allowed for decomposing the satisfaction problem of a formula for a process into the verification of the satisfaction problem of certain formulae for its subprocesses (see [BFvG04, FvG16, FvGL17, FvGdW06, FvGdW12, LX91]) by means of the notion of ruloid [BIM95], namely inference transition rules that are derived from the SOS specification and define the behavior of open processes in terms of the behavior of their variables.
Then, in [BFvG04, FvG16, FvGL17, FvGdW12], the decomposition of modal formulae is used to systematically derive expressive congruence (precongruence) formats for several behavioral equivalences (preorders) from their modal characterizations.
Further, in [GF12] the semantic model of reactive probabilistic labeled transition systems [vGSS95] is considered and a method for decomposing formulae from a probabilistic version of HML [PS07] characterizing probabilistic bisimilarity wrt. a probabilistic transition system specification in the format of [LT09] is proposed.
Our purpose is to extend the SOS-driven decomposition approach to processes in which the nondeterministic behavior coexists with probability.
To this aim we take the very general semantic model of nondeterministic probabilistic transition systems (PTSs) of [DL12, Seg95b].
In the PTS model, processes perform actions and evolve to probability distributions over processes, i.e. an a-labeled transition is of the form taπ, with t a process and π a distribution holding all information on the probabilistic behavior arising from this transition.
All modal logics developed for the PTS model are equipped with modalities allowing for the specification of the quantitative properties of processes.
In essence, this means that some modal formulae are (possibly indirectly) evaluated on distributions.
In order to decompose this kind of formulae, we introduce a SOS-like machinery, called distribution specification, in which we syntactically represent open distribution terms as probability distributions over open terms.
More precisely, our distribution specification, consisting in a set of distribution rules defined on a signature, will allow us to infer the expression Θqt whenever a closed distribution term Θ assigns probability weight q to a closed term t.
Then, from these distribution rules we derive the distribution ruloids, which will play a fundamental rôle in the decomposition method.
In fact, as happens for ruloids on terms, our distribution ruloids will allow us to derive expressions of the form Θqt, for an arbitrary open distribution term Θ and open term t, by considering only the behavior of the variables occurring in Θ.
Hence, they will allow us to decompose the formulae capturing the quantitative behavior of processes since through them we can relate the satisfaction problem of a formula of this kind for a closed distribution term to the satisfaction problem of certain derived formulae for its subterms.
We stress that our distribution ruloids can support the decomposition of formulae in any modal logic for PTSs and moreover the distribution specification we have developed can be easily generalized to cover the case of models using sub-distributions in place of probability distributions (see for instance [LdV15, LdV16]).
We present the decomposition of formulae from the two-sorted boolean-valued modal logic L of [DD11].
This is an expressive logic, which characterizes probabilistic bisimilarity [DD11] and bisimilarity metric [CGT16a].
We apply our decomposition method also to two subclasses of formulae in L, denoted by Lr and L+, which we prove to characterize, respectively, probabilistic ready similarity and similarity.
Finally, to show the robustness of our approach we apply it to derive the congruence theorem for probabilistic bisimilarity wrt. the PGSOS format [DGL14] and the precongruence theorem for probabilistic ready similarity and similarity wrt. the PGSOS format and the positive PGSOS format, respectively.
Summarizing:
(1)
We present new logical characterizations of probabilistic ready similarity and similarity obtained by means of two sublogics of L, resp. Lr and L+ (Theorem 3).
2. (2)
We define a SOS machinery for the specification of the probabilistic behavior of processes, which can support the decomposition of any modal logic for PTSs.
3. (3)
We develop a method of decomposing formulae in L and in its sublogics Lr and L+ (Theorem 15 and Theorem 17).
4. (4)
We derive (pre)congruence formats for probabilistic bisimilarity, ready similarity and similarity by exploiting our decomposition method on the logics characterizing them (Theorem 18).
The paper is organized as follows: in Section 2 we recall some basic notions on the PTS model, the PGSOS specification, probabilistic (bi)simulations and their logical characterizations.
In particular we provide the characterization results for probabilistic ready similarity and similarity.
In Section 3 we introduce the SOS-like machinery for the specification of the behavior of distribution terms and in Section 4 we define the two classes of ruloids: the P-ruloids, built on a PGSOS specification P, and the distribution ruloids, derived from a distribution specification.
Section 5 is the core of our paper and provides our decomposition method and the derivation of the (pre)congruence formats for probabilistic bisimilarity, ready similarity and similarity.
Finally we end with some conclusions and discussion about future work in Section 6.
2. Probabilistic Transition Systems
2.1. The PTS model
A signature is given by a countable set Σ of operators.
We let f range over Σ and n range over the rank of f.
We assume a countable set of (state, or term) variablesVs disjoint from Σ.
The set T(Σ,V) of terms over Σ and a set of variables
V⊆Vs is the least set such that:
(i) x∈T(Σ,V)for all x∈V, and
(ii) f(t1,…,tn)∈T(Σ,V)whenever f∈Σ and t1,…,tn∈T(Σ,V).
The set of the closed termsT(Σ,∅) will be denoted also with T(Σ).
The set of all open termsT(Σ,Vs) wil be denoted also with T(Σ).
Nondeterministic probabilistic labelled transition systems (PTSs) [Seg95b] extend LTSs by allowing for probabilistic choices in the transitions.
The state space is the set of the closed terms T(Σ).
The transitions are of the form taπ, with t a term in T(Σ), a an action label, and π a probability distribution over T(Σ), i.e. a mapping π:T(Σ)→[0,1] with ∑t∈T(Σ)π(t)=1.
By Δ(T(Σ)) we denote the set of all probability distributions over T(Σ).
{defi}
[PTS, [Seg95b]]
A nondeterministic probabilistic labeled transition system (PTS) is a triple P=(T(Σ),A,), where:
(i) Σis a signature,
(ii) Ais a countable set of actions, and
(iii) ⊆T(Σ)×A×Δ(T(Σ))is a transition relation.
We write ta if there is a distribution π∈Δ(T(Σ)) with taπ, and t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} otherwise.
We define the initials of term t as the set init(t)={a∈A∣ta} of the actions that can be performed by t.
For each action a∈A, the set of a-derivatives of term t is defined as the set der(t,a)={π∈Δ(T(Σ))∣taπ} of the distributions reachable from t through action a.
We need some notation on distributions.
For a distribution π∈Δ(T(Σ)), we denote by supp(π) the support of π, namely supp(π)={t∈T(Σ)∣π(t)>0}.
For a term t∈T(Σ), we denote by δt the Dirac distribution such that δt(t)=1 and δt(s)=0 for all s=t.
For f∈Σ and πi∈Δ(T(Σ)), f(π1,…,πn) is the distribution defined by
[TABLE]
Finally, the convex combination ∑i∈Ipiπi of a family of distributions {πi}i∈I⊆Δ(T(Σ)) with pi∈(0,1] and ∑i∈Ipi=1 is defined by (∑i∈Ipiπi)(t)=∑i∈I(piπi(t)) for all t∈T(Σ).
2.2. Probabilistic bisimulation
A probabilistic bisimulation is an equivalence relation over T(Σ) equating two terms if they can mimic each other’s transitions and evolve to distributions related, in turn, by the same bisimulation.
To formalize this intuition, we need to lift relations over terms to relations over distributions on terms.
A binary relation R⊆T(Σ)×T(Σ) is a probabilistic simulation if, whenever sRt,
if saπs then there is a transition taπt such that πsR†πt.
2. (2)
A probabilistic simulation R is a probabilistic ready simulation if, whenever sRt,
if s\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} then t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
3. (3)
A probabilistic bisimulation is a symmetric probabilistic simulation.
The union of all probabilistic simulations (resp.: ready simulations, bisimulations) is the greatest probabilistic simulation (resp.: ready simulation, bisimulation) [LS91, Seg95b], denoted by ⊑ (resp.: ⊑r, ∼), called probabilistic similarity (resp.: ready similarity, bisimilarity), and is a preorder (resp.: preorder, equivalence).
2.3. Logical characterization
As a logic expressing behavioral properties over terms, we consider the modal logic L of [DD11], which extends the Hennessy-Milner Logic [HM85] with a probabilistic choice modality.
The classes of state formulaeLs and distribution formulaeLd over A are defined by the following BNF-like grammar:
[TABLE]
where:
(i) φ,φi,φjrange over Ls,
(ii) ψranges over Ld,
(iii) a∈A,
(iv) Jis an at most countable set of indexes with J=∅, and
(v) Iis an at most countable set of indexes with I=∅, ri∈(0,1] for each i∈I and ∑i∈Iri=1.
We shall write ⟨a⟩φ for ⟨a⟩⨁i∈Iriφi with I={i}, ri=1 and φi=φ.
Formulae are interpreted over a PTS.
In particular, formulae ⨁i∈Iriφi are evaluated on distributions.
Intuitively, a probability distribution π satisfies the distribution formula ⨁i∈Iriφi if, for each i∈I, π assigns probability (at least) ri to processes satisfying the state formula φi.
This is formalized by requiring that π can be rewritten as a convex combination of probability distributions πi, using the ri as weights of the combination, such that all the processes in the support of πi are guaranteed to satisfy the state formula φi.
Assume a PTS (T(Σ),A,).
The satisfaction relation⊨⊆(T(Σ)×Ls)∪(Δ(T(Σ))×Ld) is defined by structural induction on formulae by
•
t⊨⊤ always;
•
t⊨¬φ iff t⊨φ does not hold;
•
t⊨⋀j∈Jφj iff t⊨φj for all j∈J;
•
t⊨⟨a⟩ψ iff taπ for a distribution π∈Δ(T(Σ)) with π⊨ψ;
•
π⊨⨁i∈Iriφi iff π=∑i∈Iriπi for distributions πi with t⊨φi for all t∈supp(πi).
Dealing with L is motivated by its characterization of bisimilarity, proved in [DD11] (see Theorem 2 below), bisimilarity metric, proved in [CGT16a], and similarity and ready similarity, proved here (see Theorem 3 below).
Assume a PTS (T(Σ),A,) and terms s,t∈T(Σ).
Then, s∼t if and only if they satisfy the same formulae in Ls.
The characterization of ready similarity and similarity requires two subclasses of L.
{defi}
[Ready and positive formulae]
The class of ready formulaeLr is defined as
[TABLE]
where aˉ stays for ¬⟨a⟩⊤, and the class of positive formulaeL+ is defined as
[TABLE]
The classes Lr and L+ are strict sublogics of the one proposed in [DvGHM08] for the characterization of failure similarity and forward similarity [Seg95b].
In particular, the logic used in [DvGHM08] allows for arbitrary formulae to occur after the diamond modality.
We can show that these sublogics are powerful enough for the characterization of ready similarity and similarity.
Theorem 3**.**
Assume a PTS (T(Σ),A,) and terms s,t∈T(Σ). Then:
(1)
s⊑rt* iff for any formula φ∈Lrs, s⊨φ implies t⊨φ.*
2. (2)
s⊑t* iff for any formula φ∈L+s, s⊨φ implies t⊨φ.*
Proof 2.1**.**
We prove only the first item, namely the characterization of the ready simulation preorder.
The proof for simulation is analogous.
The proof that s⊑rt implies that for all formulae φ∈Lrs we have that s⊨φ implies t⊨φ is by structural induction over φ.
The other implication is proved by showing that the relation
{(s,t)∣s⊨φ implies t⊨φ for all φ∈Lrs} is a ready simulation.
**(⇒): **
Let φ∈Lrs.
We aim to prove that
[TABLE]
We proceed by structural induction over φ.
**•: **
Base case φ=⊤.
The proof obligation Equation (1) immediately follows.
**•: **
Base case φ=aˉ.
By Definition 2.3, s⊨aˉ gives s\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
Since s⊑rt, this implies that t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} from which we draw t⊨aˉ.
Therefore, the proof obligation Equation (1) follows also in this case.
**•: **
Inductive step φ=⋀j∈Jφj.
By Definition 2.3, s⊨⋀j∈Jφj gives that s⊨φj for each j∈J.
Hence, by structural induction we obtain that t⊨φj for each j∈J, thus implying t⊨⋀j∈Jφj.
Therefore, the proof obligation Equation (1) follows also in this case.
**•: **
Inductive step φ=⟨a⟩⨁i∈Iriφi.
By Definition 2.3, s⊨⟨a⟩⨁i∈Iriφi gives that there exists a distribution πs such that saπs and πs⊨⨁i∈Iriφi.
Since s⊑rt, saπs implies the existence of a distribution πt such that taπt and πs⊑r†πt.
Hence, to derive the proof obligation Equation (1) we need to prove that
[TABLE]
From πs⊨⨁i∈Iriφi we gather that πs=∑i∈Iriπi for some distributions πi such that whenever s′∈supp(πi) then s′⊨φi (Definition 2.3).
Moreover, by Definition 2.2 and Proposition 1, πs⊑r†πt and πs=∑i∈Iriπi together imply the existence of distributions πi′ such that πt=∑i∈Iriπi′ and for each s′∈supp(πi) there is a t′∈supp(πi′) such that s′⊑rt′.
Thus, from s′⊑rt′ and s′⊨φi, structural induction over φi gives t′⊨φi.
Hence, for each t′∈supp(πi′) it holds that t′⊨φi thus giving Equation (2).
Therefore, we can conclude that t⊨⟨a⟩⨁i∈Iriφi and the proof obligation Equation (1) follows also in this case.
**(⇐): **
Assume now that, for any φ∈Lrs, s⊨φ implies t⊨φ.
We define the relation
[TABLE]
We aim to show that R is a probabilistic ready simulation.
Let sRt.
We aim to prove that
[TABLE]
Assume first that s\mathrel{{\xrightarrow{\,{b}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
Then, by Definition 2.3, we derive s⊨bˉ.
From sRt we gather t⊨bˉ thus giving t\mathrel{{\xrightarrow{\,{b}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} and the proof obligation Equation (3) follows.
Next, consider any transition saπs.
To prove the proof obligation Equation (4) we need to show that there exists a probability distribution πt such that taπt and πsR†πt.
We recall that by definition of lifting of a relation (Definition 2.2) we have πsR†πt iff whenever πs=∑i∈Ipiδsi, for some set of indexes I, then πt=∑i∈Ipiδti for some processes ti such that siRti for each i∈I.
Since it is immediate to see that πs=∑s′∈supp(πs)πs(s′)δs′, by Proposition 1 to prove the proof obligation Equation (4) we need to show that there exists a probability distribution πt such that πt=∑s′∈supp(πs)πs(s′)πs′ for a family of probability distributions {πs′}s′∈supp(πs) s.t. whenever t′∈supp(πs′) then s′Rt′.
Thus, let us consider the set
[TABLE]
Our aim is to prove that there is at least one probability distribution πt∈der(t,a) which does not belong to the set Πt,a.
By construction, for each π∈Πt,a there are some processes sπ′∈supp(πs) and tπ′∈supp(πsπ′) and a ready state formula φπ for which sπ′⊨φπ but tπ′⊨φπ.
Thus, for each s′∈supp(πs) we have s′⊨{π∈Πt,a∣sπ′=s′}⋀φπ.
Moreover, for each π∈Πt,a with sπ′=s′ there is some tπ′∈supp(πs′) such that tπ′⊨{π∈Πt,a∣sπ′=s′}⋀φπ.
Consider now that ready state formula
[TABLE]
Then, it is clear that s⊨φ thus implying t⊨φ, as by hypothesis sRt.
From t⊨φ it follows that there exists a distribution πt such that taπt and
[TABLE]
namely πt=∑s′∈supp(πs)πs(s′)πs′′ for some distributions πs′′ such that whenever t′∈supp(πs′′) then t′⊨{π∈Πt,a∣sπ′=s′}⋀φπ.
Consequently, πt∈Πt,a and hence for all s′∈supp(πs) each t′∈supp(πs′′) is such that s′Rt′.
Therefore, from Proposition 1 we obtain δs′R†πs′′ and consequently (from the same Proposition 1) πsR†πt, thus proving the proof obligation Equation (4).
2.4. Probabilistic transition system specifications
PTSs are usually defined by means of SOS rules, which are syntax-driven inference rules allowing us to infer the behavior of terms inductively with respect to their structure.
Here we consider rules in the probabilistic GSOS format [DGL14] (see examples in Example 2.4 below), which allow for the specification of the semantics of most of probabilistic process algebras operators [GLT15, GT18].
In these rules we need syntactic expressions that denote probability distributions.
We assume a countable set of distribution variablesVd.
We denote by V the set of state and distribution variables V=Vs∪Vd.
We let μ,ν,… range over Vd and ζ range over V.
{defi}
[Distribution terms, [DGL14]]
Let Vs⊆Vs and
Vd⊆Vd.
The set of distribution termsDT(Σ,Vs,Vd), over Σ, Vs and Vd
is the least set satisfying:
(i) Vd⊆DT(Σ,Vs,Vd),
(ii) {δt∣t∈T(Σ,Vs)}⊆DT(Σ,Vs,Vd),
(iii) f(Θ1,…,Θn)∈DT(Σ,Vs,Vd)whenever f∈Σ and Θi∈DT(Σ,Vs,Vd), and
(iv) ∑i∈IpiΘi∈DT(Σ,Vs,Vd)whenever Θi∈DT(Σ,Vs,Vd) and pi∈(0,1] with ∑i∈Ipi=1.
We write DT(Σ) for the set of the closed distribution termsDT(Σ,∅,∅), and
DT(Σ) for the set of all open distribution termsDT(Σ,Vs,Vd).
Notice that closed distribution terms denote distributions.
Open distribution terms instantiate to distributions through closed substitutions.
We recall that a substitution is a mapping σ:Vs∪Vd→T(Σ)∪DT(Σ) with σ(x)∈T(Σ), if x∈Vs, and σ(μ)∈DT(Σ), if μ∈Vd.
Then, σ is closed if it maps term variables to closed terms and distribution variables to closed distribution terms.
By var(t) (resp. var(Θ)) we denote the set of the variables occurring in term t (resp. distribution term Θ).
A positive (resp. negative) literal is an expression of the form taΘ (resp. t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}) with t∈T(Σ), a∈A and Θ∈DT(Σ).
The literals taΘ and t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} are said to deny each other.
where f∈Σ, I={1,…,n}, Mi,Ni are finite indexes sets, ai,m,ai,n,a∈A are actions, xi∈Vs and μi,m∈Vd are variables and Θ∈DT(Σ) is a distribution term.
Furthermore, it is required that
(i) all μi,m for i∈I and m∈Mi are distinct,
(ii) all x1,…,xn are distinct, and
(iii) var(Θ)⊆{μi,m∣i∈I,m∈Mi}∪{x1,…,xn}.
A PGSOS probabilistic transition system specification (PGSOS-PTSS) is a tuple P=(Σ,A,R), with Σ a signature, A a countable set of actions and R a finite set of PGSOS rules.
The constraints ((i))–((iii)) in Definition 2.4 above, are exactly the constraints of the nondeterministic GSOS format [BIM95] with the difference that we have distribution variables as right hand sides of positive literals.
{exa}
The operators of synchronous parallel composition ∣ and probabilistic alternative composition +p, with p∈(0,1], are specified by the following PGSOS rules:
[TABLE]
For a PGSOS rule r, the positive (resp. negative) literals above the line are the positive premises, notation pprem(r) (resp. negative premises, notation nprem(r)).
The literal f(x1,…,xn)aΘ is called the conclusion, notation conc(r), the term f(x1,…,xn) is called the source, notation src(r), and the distribution term Θ is called the target, notation trg(r).
A PGSOS rule r is said to be positive if nprem(r)=∅.
Then we say that a PGSOS-PTSS P=(Σ,A,R) is positive if all the PGSOS rules in R are positive.
A PTS is derived from a PTSS through the notions of substitution and proof.
A substitution σ
extends to terms, literals and rules by element-wise application.
A closed substitution instance of a literal (resp. PGSOS rule) is called a closed literal (resp. closed PGSOS rule).
{defi}
[Proof]
A proof from a PTSS P=(Σ,A,R) of a closed literal α is a well-founded, upwardly branching tree, with nodes labeled by closed literals, such that the root is labeled α and, if β is the label of a node q and K is the set of labels of the nodes directly above q, then:
•
either β is positive and K/β is a closed substitution instance of a rule in R,
•
or β is negative and for each closed substitution instance of a rule in R whose conclusion denies β, a literal in K denies one of its premises.
A literal α is provable from P, notation P⊢α, if there exists a proof from P of α.
Each PGSOS-PTSS P is strictly stratifiable [vG96] which implies that Pinduces a unique model corresponding to the PTS (T(Σ),A,) whose transition relation contains exactly the closed positive literals provable from P.
Moreover, the stratification implies that P is also complete [vG96], thus giving that for any term t∈T(Σ) and action a∈A, either P⊢taπ for some π∈Δ(T(Σ)) or P\vdash t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
Finally, the notion of provability in Definition 2.4 (which is called supported in [vG96]) subsumes the negation as failure principle of [Cla77] for the derivation of negative literals: for each closed term t we have that P\vdash t\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} if and only if P⊢taπ for any distribution π∈Δ(T(Σ)).
Therefore, the PTS induced by P contains literals that do not deny each other.
3. Distribution specifications
The idea behind the decomposition of state (resp. distribution) formulae is to establish which properties the closed substitution instances of the variables occurring in a term (resp. distribution term) must satisfy to guarantee that the closed substitution instance of that term (resp. distribution term) satisfies the chosen state (resp. distribution) formula.
To support the decomposition it is therefore necessary to relate the behavior of any open term (resp. distribution term) with the behavior of its variables.
In the case of a term t, such a relation will be given by ruloids, which are inference rules derived from the PGSOS rules having transitions from t as conclusion and positive and negative transitions from the variables of t as premises.
To deal in the same way with a distribution term Θ, in this section we provide a set of inference rules, called Σ-distribution rules, which will be generalized in the next section to distribution ruloids, which
will be inference rules relating the behavior of any open distribution term with the behavior of its variables.
An example of Σ-distribution rule is given by the inference rule
[TABLE]
which, intuitively, states that whenever the distribution variable μ is characterized as the distribution {μqixi∣i∈I} over the state variables xi, and the distribution variable ν as the distribution {νqjxj∣j∈J} over the state variables xj, then the behavior of the distribution term μ∣ν can be inferred as the distribution \{\mu\mid\nu\xrightarrow{\,{q_{i}\cdot q_{j}}\,}x_{i}\mid x_{j}\;\big{|}\;i\in I,j\in J\} over the state terms xi∣xj.
We will also show that under a suitable notion of provability, Σ-distribution rules correctly specifies the semantics of closed distribution terms, meaning that they allow us to infer expressions of kind σ(Θ)qt for a closed substitution σ if and only if the distribution σ(Θ) assigns weight q to the closed term t.
We remark that our approach can be extended to decompose formulae of any logic offering modalities for the specification of the probabilistic properties of processes.
Moreover, it can be easily generalized to cover the case of sub-distributions, which are usually considered alongside a weak semantics for processes [LdV15, LdV16].
3.1. Σ-distribution rules
A distribution literal is an expression of the form Θqt, with Θ∈DT(Σ), q∈(0,1] and t∈T(Σ).
Given a set of (distribution) literals L we denote by lhs(L) the set of the left-hand sides of the (distribution) literals in L and by rhs(L) the set of right-hand sides of the (distribution) literals in L.
A set of distribution literals {Θqiti∣i∈I} is a distribution over terms if ∑i∈Iqi=1 and all terms ti are pairwise distinct.
This expresses that the possibly open distribution term Θ∈DT(Σ) is the distribution over possibly open terms in T(Σ) giving weight qi to ti.
Given an open distribution term Θ∈DT(Σ) and a distribution over terms L={Θqiti∣i∈I} we denote the set of terms in rhs(L) by supp(Θ)={ti∣i∈I}⊆T(Σ).
Our target is to derive distributions over terms {πqiti∣i∈I} for a distribution π∈Δ(T(Σ)) (which coincides with a closed distribution term) and closed terms ti∈T(Σ) such that:
(i) {πqiti∣i∈I}if and only if π(ti)=qi for all i∈I, and
(ii) {πqiti∣i∈I}is obtained inductively wrt. the structure of π.
To this aim, we introduce the Σ-distribution rules and the Σ-distribution specification.
Let δVs:={δx∣x∈Vs} denote the set of all instantiable Dirac distributions with a variable as term, and ϑ,ϑi,… denote distribution terms in DT(Σ) ranging over Vd∪δVs.
Then, for arbitrary sets S1,…,Sn, we denote by \bigtimesi=1nSi the set of tuples k=[s1,…,sn] with si∈Si. The i-th element of k is denoted by k(i).
{defi}
[Σ-distribution rules]
Assume a signature Σ. The set RΣ of the Σ-distribution rules consists of the least set containing the following inference rules:
(1)
[TABLE]
for any state variable x∈Vs;
2. (2)
[TABLE]
where:
(a)
f∈Σ,
2. (b)
the distribution terms ϑ1,…,ϑn are in Vd∪δVs and are all distinct,
3. (c)
for each i=1,…,n the state variables xi,j’s with j∈Ji are all distinct,
4. (d)
for each i=1,…,n we have ∑j∈Jiqi,j=1;
3. (3)
[TABLE]
where:
(a)
I is an at most countable set of indexes,
2. (b)
the distribution terms ϑi with i∈I are in Vd∪δVs and are all distinct,
3. (c)
for each i∈I the state variables xi,j’s with j∈Ji are all distinct,
4. (d)
for each i∈I we have ∑j∈Jiqi,j=1.
Then, the Σ-distribution specification (Σ-DS) is defined as the pair DΣ=(Σ,RΣ).
For each Σ-distribution rule rD, all sets above the line are called premises, notation prem(rD), and the set below the line is called conclusion, notation conc(rD).
Then, we name the distribution term on the left side of all distribution literals in the conclusion of rD as source of rD, notation src(rD), and the set of the terms in the right side of all distribution literals in the conclusion as target, notation trg(rD).
All premises in a Σ-distribution rule are distributions over terms.
This is immediate for rules as in Definition 3.1.1, follows by constraints 2c and 2d for rules as in Definition 3.1.2 and follows by constraints
3c and 3d for rules as in Definition 3.1.3.
We can show that also the conclusion is a distribution over terms (the detailed proof can be found in Appendix).
Proposition 4**.**
The conclusion of any Σ-distribution rule is a distribution over terms.
We conclude this section with an example of Σ-distribution rule for the distribution term μ∣ν, where ∣ is the synchronous parallel composition operator introduced in Example 2.4.
{exa}
An example of a Σ-distribution rule with source μ∣ν is the following:
[TABLE]
3.2. Reductions
The following notion of reduction wrt. a substitution allows us to extend the notion of substitution to distributions over terms and, then, to Σ-distribution rules.
{defi}
[Reduction wrt. a substitution]
Assume a substitution σ and a set of distribution literals L={Θqiti∣i∈I}.
We say that σreducesL to the set of distribution literals L′={σ(Θ)qjtj∣j∈J}, or that L′ is the reduction wrt. σ of L, denoted by σ(L)=L′, if:
•
{tj∣j∈J}={σ(ti)∣i∈I};
•
the terms {tj∣j∈J} are pairwise distinct;
•
for each index j∈J, we have qj=∑{i∈I∣σ(ti)=tj}qi.
A reduction wrt. σ of a distribution over terms is, in turn, a distribution over terms (the detailed proof can be found in Appendix).
Proposition 5**.**
For a substitution σ and a distribution over terms L, the set of distribution literals σ(L) is a distribution over terms.
{defi}
[Reduced instance of a Σ-distribution rule]
The reduced instance of a Σ-distribution rule rD wrt. a substitution σ is
the inference rule σ(rD) defined as follows:
(1)
If rD is as in Definition 3.1.1 then σ(rD) is the Σ-distribution rule
[TABLE]
2. (2)
If rD is as in Definition 3.1.2 then σ(rD) is the Σ-distribution rule
[TABLE]
where
{σ(ϑi)qi,hti,h∣h∈Hi}=σ({ϑiqi,jxi,j∣j∈Ji}).
3. (3)
If rD is as in Definition 3.1.3 then σ(rD) is the Σ-distribution rule
[TABLE]
where {σ(ϑi)qi,hti,h∣h∈Hi}=σ({ϑiqi,jxi,j∣j∈Ji}).
{exa}
Consider the Σ-distribution rule rD for the distribution term μ∣ν given in Example 3.1 and consider the substitution σ with
[TABLE]
where nil denotes the process that cannot perform any action.
Then we have that the reduced instance of rD wrt. σ is given by
[TABLE]
Notice that Proposition 5 ensures that the premises of σ(rD) are distributions over terms.
Proposition 4 and Proposition 5 ensure that also the conclusion of σ(rD) is a distribution over terms.
Proposition 6**.**
Let DΣ be the Σ-DS.
The conclusion of a reduced instance of a Σ-distribution rule in DΣ is a distribution over terms.
3.3. Semantics of distribution terms
We conclude this section by showing that the Σ-distribution specification correctly defines the semantics of closed distribution terms as probability distributions over closed terms as in Section 2.4.
{defi}
[Proof from the Σ-DS]
A proof from the Σ-DS DΣ of a closed distribution over terms L is a well-founded, upwardly branching tree, whose nodes are labeled by closed distributions over terms, such that the root is labeled L, and, if β is the label of a node q and K is the set of labels of the nodes directly above q, then K/β is a closed reduced instance of a Σ-distribution rule in RΣ.
A closed distribution over terms L is provable from DΣ, notation DΣ⊢L, if there exists a proof from DΣ for L.
{exa}
Consider any signature Σ containing the operator of synchronous parallel composition ∣ and let DΣ be the Σ-DS built on it.
We want to show that
the following distribution over terms is provable from the Σ-DS:
[TABLE]
To this aim, we first consider
the following upwardly tree-structure, whose nodes are Σ-distribution rules.
Then, the proof for L confirming that DΣ⊢L is the proof tree that is obtained by firstly replacing each of these Σ-distribution rules with its conclusion and, then, by applying to the obtained set of distribution literals the following closed substitution σ:
[TABLE]
[TABLE]
Notice that we decided to use as nodes the Σ-distribution rules instead of using the σ-closed substitution instances of their conclusions to improve readability.
Since Σ-distribution rules have only positive premises, the set of the distribution over terms provable from the Σ-DS is unique.
The following result confirms that all probability distributions over T(Σ) can be inferred through the Σ-DS.
This result is necessary for the decomposition of distribution formulae.
Theorem 7**.**
Assume a signature Σ.
Let π∈DT(Σ) be a closed distribution term and
{tm}m∈M⊆T(Σ) a set of pairwise distinct closed terms.
Then
[TABLE]
Proof 3.1**.**
The first implication is proved by induction over the length of the closed proof over DΣ giving {πqmtm∣m∈M}.
The second implication is by structural induction over π.
**(⇒): **
We aim to prove that
[TABLE]
We proceed by induction over the length of a closed proof γ of {πqmtm∣m∈M} from DΣ.
**•: **
Base case ∣γ∣=1.
Since the only distributions over terms derivable in one step are the closed reduced substitution instances of distribution axioms, we have one of the following two cases:
**(1): **
π=δt* for some t∈T(Σ).
The only Σ-distribution rule defining the instantiable Dirac function δt is the distribution axiom rD={δx1x} (Definition 3.1.1), which should be reduced by a closed substitution σ such that σ(x)=t, thus giving σ(rD)={δt1t} by Definition 5.1.
Consequently the hypothesis DΣ⊢{πqmtm∣m∈M} instantiates to
DΣ⊢{δt1t} for which the proof obligation Equation (5) is straightforward.*
2. **(2): **
π=c* for some constant operator c∈Σ.
From Definition 3.1.2 and considering that by convention ∏∅=1, it is not hard to see that the only Σ-distribution rule defining the behavior of constant operator c is the distribution axiom rD={c1c}, which independently on the substitution σ is reduced to σ(rD)={c1c} by Definition 5.2.
Therefore, we can conclude that the hypothesis DΣ⊢{πqmtm∣m∈M} instantiates to
DΣ⊢{c1c} for which the proof obligation Equation (5) is straightforward.*
**•: **
Inductive step ∣γ∣>1.
We can distinguish two cases, based on the structure of the closed distribution term π.
**(1): **
π=f(π1,…,πn), for some f∈Σ and πi∈DT(Σ) for i=1,…,n.
Then, the bottom of the closed proof γ is constituted by the closed reduced instance of a Σ-distribution rule rD∈RΣ of the form
[TABLE]
(see Definition 3.1.2) with respect to a closed substitution σ with σ(ϑi)=πi.
By Definition 5.2 we get that σ(rD) has the form
[TABLE]
where
**–: **
ti,h* is a closed term in ∈T(Σ) for all i∈I and h∈Hi, since σ is closed;*
**–: **
for each i=1,…,n, the closed terms ti,h are pairwise distinct for h∈Hi, since
{πiqi,hti,h∣h∈Hi} is obtained as σ({ϑiqi,jxi,j∣j∈Ji}) and we apply Proposition 6.
**–: **
there is a bijection f:\bigtimesi=1nHi→M with f(t1,κ(1),…,tn,κ(n))=tf(κ) and qκ=qf(κ) for each κ∈\bigtimesi=1nHi.
For each i=1,…,n there is a proof shorter than γ for {πiqi,hti,h∣h∈Hi} from DΣ.
By the inductive hypothesis, this implies that
[TABLE]
In particular, we have that for each κ∈\bigtimesi=1nHi
[TABLE]
from which we draw
[TABLE]
Summarizing, we have obtained that qm=π(tm) for each m∈M.
Moreover, we have that
[TABLE]
thus giving Equation (5).
2. **(2): **
π=∑i∈Ipiπi* for some πi∈DT(Σ), pi∈(0,1] for each i∈I and ∑i∈Ipi=1.
Then, the bottom of the closed proof γ is constituted by the closed reduced instance of a Σ-distribution rule rD∈RΣ of the form*
[TABLE]
(see Definition 3.1.3) with respect to a closed substitution σ with σ(ϑi)=πi.
By Definition 5.3 we get that σ(rD) is of the form
[TABLE]
where
**–: **
ti,h* is a closed term in T(Σ) for all h∈Hi, since σ is closed;*
**–: **
for each i∈I the closed terms ti,h are pairwise distinct for h∈Hi, since
{πiqi,hti,h∣h∈Hi} is obtained as σ({ϑiqi,jxi,j∣j∈Ji}) and we apply Proposition 6;
**–: **
there is a bijection f:{ti,h∣i∈I∧h∈Hi}→M with u=tf(u) and qu=qf(u) for each u∈{ti,h∣i∈I∧h∈Hi}.
For each i∈I there is a proof shorter than γ for {πiqi,hti,h∣h∈Hi} from DΣ.
By the inductive hypothesis, this implies that
[TABLE]
Then, we have
[TABLE]
Thus, we have obtained that qm=π(tm) for each m∈M.
Moreover, we have
[TABLE]
thus giving Equation (5).
**(⇐): **
We aim to prove that
[TABLE]
We proceed by structural induction over π∈DT(Σ).
**•: **
Base case π=δt for some t∈T(Σ).
Consider the Σ-distribution rule rD{δx1x} (Definition 3.1.1) and a closed substitution σ such that σ(x)=t.
By Definition 5.1 we get that σ(rD) is of the form
{δt1t}, from which we can directly conclude that DΣ⊢{δt1t}, thus giving Equation (8).
**•: **
Inductive step π=f(π1,…,πn) for some πi∈DT(Σ) for each i=1,…,n and f∈Σ.
For each i=1,…,n there is a set of indexes Mi such that:
**(1): **
πi(ti,m)=qi,m* for all m∈Mi,*
2. **(2): **
∑m∈Miqi,m=1* and*
3. **(3): **
the terms ti,m∈T(Σ) are pairwise distinct for each m∈Mi.
Let M=\bigtimesi=1nMi.
We have supp(π)={f(t1,κ(1),…,tn,κ(n))∣κ∈M} and
[TABLE]
for each κ∈M.
Hence, to prove Equation (8) we need to exhibit a proof of
[TABLE]
from DΣ.
By the inductive hypothesis, for each i=1,…,n items (1)–(3) above give
[TABLE]
Consider the Σ-distribution rule rD
[TABLE]
as in Definition 3.1.2 and a closed substitution σ with σ(ϑi)=πi and σ(xi,m)=ti,m for each m∈Mi, i∈{1,...,n}, s.t. the closed reduced instance σ(rD) is of the form:
[TABLE]
We observe that trg(σ(rD))=supp(π) and since the premises of σ(rD) are provable from DΣ (Equation (9)) we can conclude that
[TABLE]
thus proving Equation (8).
**•: **
Inductive step π=∑i∈Ipiπi for some πi∈DT(Σ), pi∈(0,1] and ∑i∈Ipi=1.
For each i∈I there is a set of indexes Mi such that for each m∈Mi such that
**(1): **
πi(ti,m)=qi,m,
2. **(2): **
∑m∈Miqi,m=1* and*
3. **(3): **
the terms ti,m∈T(Σ) are pairwise distinct for each m∈Mi.
Let T={ti,m∣i∈I and m∈Mi}.
We have supp(π)=T and, for each u∈T,
[TABLE]
To prove Equation (8) we need to exhibit a proof of {πquu∣u∈T} from DΣ.
By the inductive hypothesis, for all i∈I by items (1)–(3) above we get
[TABLE]
Consider the Σ-distribution rule rD
[TABLE]
as in Definition 3.1.3 and a closed substitution σ with σ(ϑi)=πi and σ(xi,m)=ti,m for each i∈I and m∈Mi s.t. the closed reduced instance σ(rD) is of the form:
[TABLE]
We observe that trg(σ(rD))=supp(π) and since the premises of σ(rD) are provable from DΣ (Equation (10)) we can conclude that
[TABLE]
thus proving Equation (8).
4. Ruloids and distribution ruloids.
In this section we introduce the concept of ruloid [BFvG04, BIM95], namely a derived inference rule
with an arbitrary term as source
allowing us to deduce the behavior of that source term directly from the behavior of the variables occurring in it.
This feature makes ruloids fundamental for the decomposition method.
The characterization theorems (Theorem 2 and Theorem 3) assert that each formula satisfied by a process captures a different aspect of its behavior.
Hence, the aim of a decomposition method, which we recall is to reduce the satisfaction problem of a formula for a process to the satisfaction problem of derived formulae for its subprocesses, can be restated by saying that we need to find a method to relate the behavior of a process to the behavior of its subprocesses.
This is where ruloids play their rôle: they give us the constraints, expressed as premises of an inference rule, that the closed substitution instances of the variables occurring in the source term of the ruloid must satisfy in order to guarantee that the closed substitution instance of the source term behaves accordingly to the considered formula.
Formally, in Section 4.1 we introduce P-ruloids, namely the class of ruloids built from a PGSOS-PTSS P and in Section 4.2 we introduce Σ-distribution ruloids, namely derived Σ-distribution rules allowing us to infer the behavior of any distribution term directly from the behavior of the variables occurring in it.
We prove that both classes of ruloids are sound and specifically witnessing [BIM95], i.e. a closed literal α (resp. a distribution over terms L) is provable from a PGSOS-PTSS P (resp. the Σ-DS) iff α (resp. L) is a closed substitution instance of the conclusion of a P-ruloid (resp. Σ-distribution ruloid) (Theorem 9 and Theorem 13).
4.1. Ruloids
Ruloids are a generalization of PGSOS rules that allow us to infer the behavior of all open terms directly from the behavior of their variables.
Informally, given an arbitrary open term, for instance x+p(y∣z) for x,y,z∈Vs, we aim to construct an inference rule, the ruloid, allowing us to derive the behavior of x+p(y∣z) from the behavior of x, y and z (as done in Example 4.1 below).
Notice that this purpose cannot be met by using only the SOS rules, since in the source of rules only one operator is admitted, and therefore there is no rule with source x+p(y∣z).
A ruloid has the chosen open term as source, and positive and negative premises for the variables occurring in that term.
Ruloids are defined by an inductive composition of PGSOS rules.
In detail, from a rule r and a substitution σ, a ruloid ρ with conclusion σ(conc(r)) is built as follows:
(1) for each positive premise α in σ(r), either we put α among the premises of ρ, if the left side of α is a variable, or, otherwise,
we take any ruloid having α as conclusion and we put its premises among the premises of ρ;
(2) for each negative premise α in σ(r), either we put α among the premises of ρ, if the left side of α is a variable, or, otherwise, for each ruloid ρ′ having any literal denying α as conclusion, we select any premise β of ρ′, we take any literal β′ denying β, and we put β′ among the premises of ρ.
For a PGSOS-PTSS P=(Σ,A,R), let Lit(P) denote the set of literals that can be built with terms in T(Σ)∪DT(Σ) and actions in A.
{defi}
[Ruloids]
Let P=(Σ,A,R) be a PGSOS-PTSS.
The set of P-ruloidsℜP is the smallest set such that:
•
xaμxaμ is a P-ruloid for all x∈Vs, a∈A and μ∈Vd;
•
For a
PGSOS rule r∈R of the form
[TABLE]
and a substitution σ with σ(xi)=ti for i=1,…,n and σ(Θ′)=Θ, the inference rule
[TABLE]
is a P-ruloid if the following constraints are satisfied:
–
for every positive premise xiai,mμi,m of r
either σ(xi) is a variable and Hi,m={σ(xi)ai,mσ(μi,m)},
*
or there is a P-ruloid ρi,m=σ(xi)ai,mσ(μi,m)Hi,m;
–
for every negative premise x_{i}\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} of r
either σ(xi) is a variable and \mathcal{H}_{i,n}=\{\sigma(x_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\},
*
or Hi,n=opp(pick(ℜσ(xi),ai,nP)), where:
i.
ℜσ(xi),ai,nP∈P(P(Lit(P))) is the set containing the sets of premises of all P-ruloids with conclusion σ(xi)ai,nθ for any distribution term θ∈DT(Σ), formally
[TABLE]
2. ii.
pick:P(P(Lit(P)))→P(Lit(P)) is any mapping such that, given any sets of literals Lk with k∈K, pick({Lk∣k∈K})={lk∣k∈K∧lk∈Lk}, namely pick selects exactly one literal from each set Lk,
3. iii.
opp:P(Lit(P))→P(Lit(P)) is any mapping satisfying
opp(L)={opp(l)∣l∈L} for all sets of literals L, where
\mathbf{opp}(t^{\prime}\xrightarrow{\,{a}\,}\theta)=t^{\prime}\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}, and
\mathbf{opp}(t^{\prime}\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!})=t^{\prime}\xrightarrow{\,{a}\,}\theta for some fresh distribution term θ, namely opp applied to any literal returns a denying literal;
–
the sets of the right hand side variables in Hi,m and Hi,n are all pairwise disjoint, formally rhs(Hi,h)∩rhs(Hj,k)=∅ for any h∈Mi∪Ni and k∈Mj∪Nj implies h=k and i=j.
{exa}
From the rules in Example 2.4, we derive the following ruloids for term x+p(y∣z):
[TABLE]
We describe the construction of the first ruloid:
[TABLE]
Accordingly to the second PGSOS rule in Example 2.4, whenever the term x makes an a-move to the distribution variable μ and the term y∣z cannot execute action a, then the term x+p(y∣z) makes an a-move to μ.
As the left-hand side of the positive premise xaμ is already a variable, then there is nothing more to do.
Conversely, the left-hand side of the negative premise y|z\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} is a term.
By Definition 4.1 we need to consider all the PGSOS rules having a literal y∣zaΘ, for some Θ in DT(Σ), as conclusion, namely any proper instance of the first rule in Example 2.4.
Then we need to choose one premise for each of those rules, for instance the one having y as left-hand side, and deny the ones we have selected.
In our example, from this construction we obtain the single negative premise y\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} whose left-hand side is a variable and thus concludes the construction of the first P-ruloid for the term x+p(y∣z).
We can show that if the PGSOS-PTSS P is positive then also the derived P-ruloids are positive.
This ensures that if P is positive then all formulae obtained by the decomposition method will not contain any negation.
Lemma 8**.**
Let P be a positive PGSOS-PTSS.
Then all the P-ruloids in ℜP are positive.
Proof 4.1**.**
The proof follows immediately from Definition 4.1 by noticing that since no rule in P contains negative premises, then the function opp is never applied.
Therefore positive literals are never transformed into negative.
The following result states that ruloids define completely the behavior of all open terms.
More precisely, Theorem 9 shows that ruloids allows us to infer the behavior of the closed substitution instances of any open term t from the behaivor of the closed substitution instances of its variables.
This is crucial to support the decomposition method, which will decompose state formulae for t into state formulae for its variables by exploiting the ruloids having t as source.
Theorem 9** (Ruloid theorem).**
Assume a PGSOS-PTSS P, a closed substitution σ, a term t∈T(Σ) and a closed distribution term Θ′∈DT(Σ).
Then P⊢σ(t)aΘ′ if and only if there are a P-ruloid taΘH and a closed substitution σ′ with σ′(t)=σ(t), σ′(Θ)=Θ′ and P⊢σ′(H).
Proof 4.2**.**
We proceed by structural induction on the term t∈T(Σ).
**Base case: **
t=x∈Vs.
**(⇒): **
The thesis follows immediately for the P-ruloid xaμxaμ and any closed substitution σ′ with σ′(x)=σ(x) and σ′(μ)=Θ′.
**(⇐): **
Accordingly to Definition 4.1, a P-ruloid having x as source is of the form xaμxaμ.
Thus, from σ′(x)=σ(x), σ′(μ)=Θ′ and P⊢σ′(x)aσ′(μ) we can immediately infer that P⊢σ(x)aΘ′.
**Inductive step: **
t=f(t1,…,tn)∈T(Σ)* for some n-ary operator f.*
**(⇒): **
We proceed by structural induction over a closed proof γ of σ(t)aΘ′ from P.
The bottom of the closed proof γ is constituted by a PGSOS rule r∈R of the form
[TABLE]
together with a closed substitution ς such that:
**(1): **
ς(xi)=σ(ti)* for each i∈I;*
2. **(2): **
ς(υ)=Θ′;
3. **(3): **
for all i∈I and m∈Mi there is a proof shorter than γ of ς(xi)ai,mς(μi,m) from P;
4. **(4): **
for all i∈I and n∈Ni there is a proof shorter than γ of \varsigma(x_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} from P.
Let ς0 be any substitution with ς0(xi)=ti for each i∈I.
Considering that ς(xi)=σ(ti)=σ(ς0(xi)), from items (3) and (4) above we get that P⊢σ(ς0(xi))ai,mς(μi,m), for i∈I and m∈Mi, and P\vdash\sigma(\varsigma_{0}(x_{i}))\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}, for i∈I and n∈Ni.
Consider any σ(ς0(xi))ai,mς(μi,m).
By the inductive hypothesis, there are a P-ruloid
[TABLE]
and a closed substitution σi,m′ with
**•: **
σi,m′(ς0(xi))=σ(ς0(xi)),
**•: **
σi,m′(Θi,m)=ς(μi,m), and
**•: **
P⊢σi,m′(Hi,m).
Let us consider now any \varsigma_{0}(x_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
By definition, P\vdash\sigma(\varsigma_{0}(x_{i}))\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} only if P⊢σ(ς0(xi))ai,nπ for any π∈DT(Σ).
By structural induction on ς0(xi)=ti, this implies that for all P-ruloids of the form
[TABLE]
and for all closed substitutions σ′′ with σ′′(ς0(xi))=σ(ς0(xi)), it holds that P⊢σ′′(HΘi,n).
We can distinguish two cases.
a**): **
There is a negative literal αΘi,n in HΘi,n such that P⊢σ′′(αΘi,n) for any closed substitution σ′′ with σ′′(ς0(xi))=σ(ς0(xi)).
Then the completeness of P ensures that there are at least one positive literal βΘi,n denying αΘi,n and one closed substitution σi,n′ with σi,n′(ς0(xi))=σ(ς0(xi)) s.t. P⊢σi,n′(βΘi,n).
2. b**): **
The closed substitution instances of negative literals possibly occurring in HΘi,n, wrt. all closed substitutions σ′′ with σ′′(ς0(xi))=σ(ς0(xi)), are provable from P.
In this case, since the condition P⊢σ′′(HΘi,n) holds for all closed substitutions σ′′ as above, we can infer that there is at least one positive literal in HΘi,n, say αΘi,n, s.t. P⊢σ′′(αΘi,n) for all such closed substitutions σ′′.
In detail, if we assume wlog. that αΘi,n is of the form yaν for some y∈var(ς0(xi)) and ν∈Vd, then we have obtained that given any closed substitution σ′′, with σ′′(ς0(xi))=σ(ς0(xi)), we have P⊢σ′′(y)aπ for any π∈DT(Σ).
By completeness of P, this implies that P\vdash\sigma^{\prime\prime}(y)\mathrel{{\xrightarrow{\,{a}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
In general, given a literal βΘi,n denying αΘi,n and any closed substitution σi,n′ with σi,n′(ς0(xi))=σ(ς0(xi)), we obtain that P⊢σi,n′(βΘi,n).
Therefore, if we consider Hi,n=⋃Θi,nβΘi,n and we take a closed substitution σi,n′ as described in the two cases above, then we obtain
[TABLE]
We remark that since we are working with a countable set of variables, we can always assume that the variables in rhs(Hi,m) for i∈I and m∈Mi and the variables in rhs(Hi,n) for i∈I and n∈Ni are pairwise disjoint.
Moreover, all those variables are disjoint from var(t).
Therefore, we can define a closed substitution σ′ as follows:
**(1): **
σ′(y)=σ(y)* for all y∈var(t);*
2. **(2): **
σ′(μ)=σi,m′(μ)* for all μ∈rhs(Hi,m), with i∈I and m∈Mi;*
3. **(3): **
σ′(μ)=σi,n′(μ)* for all μ∈rhs(Hi,n), with i∈I and n∈Ni.*
Then define
[TABLE]
Moreover, let ς1 be a substitution with ς1(xi)=ti and ς1(μi,m)=Θi,m for all i∈I and m∈Mi.
We can show that the P-ruloid
[TABLE]
together with the substitution σ′ satisfies the required properties:
**(1): **
First we prove that σ′(f(t1,…,tn))=σ(f(t1,…,tn)).
This immediately follows from σ′(y)=σ(y) for all y∈var(f(t1,…,tn)).
2. **(2): **
Then we prove that P⊢σ′(H), which is derived from the following considerations:
**(a): **
Substitutions σ′ and σi,m′ agree on all variables occurring in ς0(xi)ai,mΘi,mHi,m for all i∈I and m∈Mi.
Indeed, assume any i∈I and m∈Mi.
Since var(f(t1,…,tn))=⋃i=1nvar(ti)=⋃i=1nvar(ς0(xi)), and, moreover, σ and σ′ agree on var(f(t1,…,tn)) we obtain that σ′(ς0(xi))=σ(ς0(xi)) for each i∈I.
Moreover, by construction we have that σi,m′(ς0(xi))=σ(ς0(xi)), thus giving σ′(ς0(xi))=σi,m′(ς0(xi)), namely σ′ and σi,m′ agree on var(ς0(xi)).
Then, by definition σ′ and σi,m′ agree on all variables in Hi,m.
Finally, as var(Θi,m)⊆var(ς0(xi))∪rhs(Hi,m) we can infer that σ′ and σi,m′ agree also on var(Θi,m).
2. **(b): **
With a similar argument we obtain that σ′ and σi,n′ agree on all variables occurring in \frac{\displaystyle\mathcal{H}_{i,n}}{\displaystyle\varsigma_{0}(x_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}} for all i∈I and n∈Ni.
3. **(c): **
By item 2a above, for all i∈I and m∈Miσ′ agrees with σi,m′ on all variables in Hi,m, hence P⊢σi,m′(Hi,m) implies P⊢σ′(Hi,m).
Analogously, by item 2b above,
for all i∈I and n∈Niσ′ agrees with σi,n′ on all variables in Hi,n, hence P⊢σi,n′(Hi,n) implies P⊢σ′(Hi,n).
Then, since H=⋃i∈I,m∈MiHi,m∪⋃i∈In∈NiHi,n we can conclude that P⊢σ′(H).
3. **(3): **
Finally, we prove that σ′(ς1(υ))=Θ′.
Notice that the substitutions ς0 and ς1 agree on var(f(t1,…,tn)) thus giving σ(ς0(xi))=σ(ς1(xi)) for all i∈I.
Then we have that σ′(ς1(xj))=σ′(tj)=σ(tj)=ς(xj) for j=1,…,n.
Moreover, since σ′ and σi,m′ agree on var(Θi,m), we can infer that σ′(ς1(μi,m))=σ′(Θi,m)=σi,m′(Θi,m)=ς(μi,m) for all i∈I and m∈Mi.
As var(υ)⊆{x1,…,xn}∪{μi,m∣m∈Mi,i∈I}, it follows that σ′(ς1(υ))=ς(υ)=Θ′.
**(⇐): **
Assume that there a P-ruloid ρ=taΘH and a closed substitution σ′ with P⊢σ′(H), σ′(t)=σ(t) and σ′(Θ)=Θ′.
We note that the thesis P⊢σ(t)aΘ′ is equivalent to P⊢σ′(t)aσ′(Θ).
Accordingly to Definition 4.1, let r and σ0 be resp. the PGSOS rule and the substitution from which ρ is built, namely let r be of the form
[TABLE]
for I={1,…,n}, and σ0 be such that σ0(xi)=ti and σ0(Θ′′)=Θ.
Then ρ is of the form
[TABLE]
where:
**•: **
For every positive premise xiai,mμi,m of r:
**–: **
Either σ0(xi) is a variable and Hi,m={σ0(xi)ai,mσ0(μi,m)}={tiai,mσ0(μi,m)}.
Hence from P⊢σ′(H) we can directly infer that P⊢σ′(ti)ai,mσ′(σ0(μi,m)).
**–: **
Or there is a P-ruloid ρi,m=σ0(xi)ai,mσ0(μi,m)Hi,m=tia,mσ0(μi,m)Hi,m.
Since P⊢σ′(H) implies P⊢σ′(Hi,m), by structural induction on ti we can infer that P⊢σ′(ti)ai,mσ′(σ0(μi,m)).
We can therefore conclude that the closed substitution instances wrt. σ′∘σ0 of the positive premises of r are provable from P.
**•: **
For every negative premise x_{i}\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} of r:
**–: **
Either σ0(xi) is a variable and \mathcal{H}_{i,n}=\{\sigma_{0}(x_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\}=\{t_{i}\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\}.
Hence from P⊢σ′(H) we can immediately infer that P\vdash\sigma^{\prime}(t_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
**–: **
Or Hi,n=opp(pick(ℜσ0(xi),ai,nP)), namely (see Definition 4.1) for each P-ruloid ρ′ such that conc(ρ′)=σ0(xi)ai,nθ, for any θ∈DT(Σ), we have that Hi,n contains at least one literal denying a literal in prem(ρ′).
Hence, since P⊢σ′(H) implies P⊢σ′(Hi,n), we can infer that P⊢σ′(prem(ρ′)).
Hence, the structural induction on σ0(xi)=ti (case (⇒)) gives that P⊢σ′(ti)ai,nσ′(σ0(θ)), for any θ∈DT(Σ), thus implying P\vdash\sigma^{\prime}(t_{i})\mathrel{{\xrightarrow{\,{a_{i,n}}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}.
We can therefore conclude that the closed substitution instances wrt. σ′∘σ0 of the negative premises of r are provable from P.
We have obtained that all the closed substitution instances wrt. σ′∘σ0 of the premises of r are provable from P and therefore we can infer that there is a proof from P of σ′(t)aσ′(Θ), which concludes the proof.
If the PGSOS-PTSS P is positive, then the ruloid theorem can be reformulated by stressing that the involved P-ruloids are positive.
This will be necessary in the decomposition of formulae in the sublogic L+.
Indeed, the absence of negative premises in the P-ruloids will ensure that by decomposing formulae in L+ one gets formulae that have no negation and, therefore, are still in L+.
Corollary 10**.**
Let P be a positive PGSOS-PTSS.
Then P⊢σ(t)aΘ′ for t∈T(Σ), Θ′∈DT(Σ) and σ a closed substitution, iff there are a positive P-ruloid H/taΘ and a closed substitution σ′ with P⊢σ′(H), σ′(t)=σ(t) and σ′(Θ)=Θ′.
Proof 4.3**.**
The proof follows immediately from Lemma 8 and Theorem 9.
4.2. Distribution ruloids
Σ-distribution ruloids are a generalization of Σ-distribution rules and define the behavior of arbitrary open distribution terms.
More precisely, they allow us to infer the behavior of a distribution term as a probability distribution over terms from the distribution over terms that characterize the behavior of the variables occurring in it.
For instance, distribution ruloids allow us to infer the behavior of a distribution term of the form 52μ+53(ν∣v) from the behavior of the variables μ, ν and v.
Notice that distribution rules are not enough to meet this purpose, since in the source of distribution rules only one operator over distributions is admitted, and therefore there is no Σ-distribution rule with source 52μ+53(ν∣v).
Similarly to P-ruloids, a Σ-distribution ruloid is defined by an inductive composition of Σ-distribution rules and the left-hand sides of its premises are the variables occurring in the source, which is an arbitrary open distribution term.
As the Σ-DS is positive, the definition of Σ-distribution ruloids results technically simpler than that of P-ruloids.
{defi}
[Σ-distribution ruloids]
Let DΣ=(Σ,RΣ) be the Σ-DS.
The set of Σ-distribution ruloidsℜΣ is the smallest set such that:
•
The inference rule
[TABLE]
is a Σ-distribution ruloid for any x∈Vs;
•
The inference rule
[TABLE]
is a Σ-distribution ruloid for any μ∈Vd, provided that ∑i∈Iqi=1 and all variables xi with i∈I are distinct;
•
For a Σ-distribution rule rD∈RΣ of the form
[TABLE]
as in Definition 3.1.2 and a substitution σ with σ(rD) of the form
is a Σ-distribution ruloid if for every i∈I we have that:
–
either Θi is a variable or a Dirac distribution and Hi={Θiqi,hti,h∣h∈Hi},
–
or there is a Σ-distribution ruloid ρiD={Θiqi,hti,h∣h∈Hi}Hi.
{exa}
Consider the distribution term 52μ+53(ν∣υ) (which is an instance of the target of the fourth P-ruloid in Example 4.1).
Then, we can build the following Σ-distribution ruloid:
[TABLE]
Proposition 11**.**
The conclusion of a Σ-distribution ruloid is a distribution over terms.
The following structural property of Σ-distribution ruloids will be exploited to prove that these ruloids define completely the behavior of all open distribution terms (Theorem 13).
Lemma 12**.**
Any Σ-distribution ruloid {Θqmtm∣m∈M}H is such that:
(1)
for all μ∈Vd, μ∈var(Θ) iff μ is the left-hand side of a
premise in H;
2. (2)
for all x∈Vs, x∈var(Θ) iff δx is the left-hand side of a
premise in H;
3. (3)
⋃m∈Mvar(tm)=rhs(H).
Proof 4.4**.**
The proof follows by structural induction over the source term Θ∈DT(Σ).
We are now ready to show that Σ-distribution ruloids define completely the behavior of all open distribution terms.
More precisely, Theorem 13 shows that distribution ruloids allows us to infer the behavior of the closed substitution instances of any open distribution term Θ from the behaviour of the closed substitution instances of its variables.
This is crucial to support the decomposition method, which will decompose distribution formulae for Θ into state and distribution formulae for its variables by exploiting the distribution ruloids having Θ as source.
Theorem 13** (Distribution ruloid theorem).**
Assume the Σ-DS DΣ, a closed substitution σ,
a distribution term Θ∈DT(Σ) and closed terms tm∈T(Σ) with m∈M pairwise distinct.
Then DΣ⊢{σ(Θ)qmtm∣m∈M} if and only if there are a Σ-distribution ruloid {Θqmum∣m∈M}H and a closed substitution σ′ with σ′(Θ)=σ(Θ), σ′(um)=tm for each m∈M and DΣ⊢σ′(H).
Proof 4.5**.**
We proceed by structural induction over Θ∈DT(Σ).
(1)
Base case: Θ is a Dirac distribution Θ=δx for some x∈Vs.
**(⇒): **
The thesis follows immediately for the Σ-distribution ruloid
[TABLE]
and the closed substitution σ′=σ.
**(⇐): **
By Definition 4.2 the only possible Σ-distribution ruloid for Θ has the form
[TABLE]
Thus the thesis follows immediately from DΣ⊢σ′({δx1x}) and the choice of σ′.
2. (2)
Base case: Θ is a variable μ∈Vd.
**(⇒): **
The thesis immediately follows for the Σ-distribution ruloid
[TABLE]
and the closed substitution σ′ with σ′(μ)=σ(μ) and σ′(xm)=tm for each m∈M.
**(⇐): **
By Definition 4.2 the considered Σ-distribution ruloid for Θ has the form
[TABLE]
Thus the thesis follows immediately from DΣ⊢σ′({μqmxm∣m∈M}) and the choice of σ′.
3. (3)
Inductive step Θ=f(Θ1,…,Θn) for some f∈Σ and Θi∈DT(Σ) for i=1,…,n.
**(⇒): **
First of all, we recall that by Theorem 7 we have DΣ⊢{σ(Θ)qmtm∣m∈M} iff σ(Θ)(tm)=qm for each m∈M and ∑m∈Mqm=1.
Thus, for the particular choice of σ(Θ), we have that the closed terms tm are of the form tm=f(t1,m,…,tn,m) for some {ti,m∣i=1,…,n}⊆T(Σ), for m∈M, so that ti,m∈supp(σ(Θi)) for each m∈M.
Next, let us consider a closed proof γ of {σ(Θ)qmtm∣m∈M} from DΣ.
The bottom of γ is constituted by the closed reduced instance of a Σ-distribution rule rD∈RΣ of the form
[TABLE]
wrt. a closed substitution ς with ς(ϑi)=σ(Θi) for i=1,…,n.
More precisely, let ς(rD) be the inference rule of the form
[TABLE]
where
**•: **
each set {σ(Θi)qi,hti,h∣h∈Hi} is the reduction wrt. σ of the corresponding set {ϑiqi,jxi,j∣j∈Ji},
**•: **
there is bijection f:\bigtimesi=1nHi→M with ti,κ(i)=ti,f(κ) for each i=1,…,n,
**•: **
for all i=1,…,n there is a proof shorter than γ of {σ(Θi)qi,hti,h∣h∈Hi} from DΣ.
Let ς0 be a substitution with ς0(ϑi)=Θi for i=1,…,n.
Considering that ς(ϑi)=σ(Θi)=σ(ς0(ϑi)), we have ς(ϑi)=σ(ς0(ϑi)) for i=1,…,n.
As a consequence, {σ(ς0(ϑi))qi,hti,h∣h∈Hi} for i=1,…,n, is provable from DΣ with a proof shorter than γ.
Hence, by structural induction over each Θi=ς0(ϑi), for each i=1,…,n there are a Σ-distribution ruloid
[TABLE]
and a closed substitution σi with
**(a): **
σi(ς0(ϑi))=σ(ς0(ζi)),
2. **(b): **
σi(ui,h)=ti,h, and
3. **(c): **
DΣ⊢σi(Hi).
Consider a closed substitution σ′ with
**•: **
σ′(ζ)=σ(ζ)* for all ζ∈var(Θ),*
**•: **
σ′(rhs(Hi))=σi(rhs(Hi))* for all i=1,…,n*
and let H=⋃i=1nHi.
Moreover, let ς1 be a substitution with ς1(ϑi)=Θi and ς1(xi,j)=ui,h for some h∈Hi accordingly to the reduced instance ς(rD), for all i=1,…,n and j∈Ji.
We recall that σi(ui,κ(i))=ti,κ(i)=ti,f(κ) for each i=1,…,n and we show that the Σ-distribution ruloid
[TABLE]
together with the substitution σ′ satisfies the required properties:
**(a): **
*First we prove that σ′(Θ)=σ(Θ).
This immediately follows from σ′(ζ)=σ(ζ) for all ζ∈var(Θ).
*
2. **(b): **
Then we show that DΣ⊢σ′(H), which is derived from the following considerations:
**(i): **
Notice that var(Θ)=⋃i=1nvar(Θi)=⋃i=1nvar(ς0(ϑi)).
Thus, since σ and σ′ agree on var(Θ) we obtain that σ′(ς0(ϑi))=σ(ς0(ϑi)) for each i=1,…,n.
Moreover, by construction we have that σi(ς0(ϑi))=σ(ς0(ϑi)) for each i=1,…,n, thus giving σ′(ς0(ϑi))=σi(ς0(ϑi)) for each i=1,…,n.
Further, by definition σ′ and σi agree on all variables in rhs(Hi).
As by Lemma 12.3, rhs(Hi)=⋃h∈Hivar(ui,h), we can conclude that σ′ and σi agree on all variables occurring in {ς0(ϑi)qi,hui,h∣h∈Hi}Hi for each i=1,…,n.
2. **(ii): **
As by the previous item we know that σ′ agrees with σi on all variables in Hi and DΣ⊢σi(Hi), we infer that DΣ⊢σ′(Hi), for i=1,…,n.
Then, from H=⋃i=1nHi, we can immediately conclude that DΣ⊢σ′(H).
3. **(c): **
Finally, we prove that σ′(f(u1,κ(1),…,un,κ(n)))=tf(κ) for each κ∈\bigtimesi=1nHi.
By Lemma 12.3 we have that var(f(u1,κ(1),…,un,κ(n)))⊆rhs(H).
In addition, we have
**•: **
var(ui,κ(i))⊆rhs(Hi);
**•: **
σ′* agrees with σi on all variables in rhs(Hi), for all i=1,…,n;*
**•: **
rhs(H)=⋃i=1nrhs(Hi).
Therefore, we have that σ′(ui,κ(i))=σi(ui,κ(i))=ti,κ(i)=ti,f(κ) for each i=1,…,n and for each κ∈\bigtimesi=1nHi.
Hence, we can conclude that for each κ∈\bigtimesi=1nHi we have \sigma^{\prime}\big{(}f(u_{1,\kappa(1)},\ldots,u_{\mathfrak{n},\kappa(\mathfrak{n})})\big{)}=t_{\mathfrak{f}(\kappa)}.
**(⇐): **
We aim to show that DΣ⊢{σ(Θ)qmtm∣m∈M}.
To this aim it is enough to show that DΣ⊢{σ′(Θ)qmσ′(um)∣m∈M} which, since the closed terms tm are pairwise distinct by the hypothesis, by the choice of σ′ is equivalent to DΣ⊢{σ(Θ)qmtm∣m∈M}.
Notice that by the choice of Θ we have that the open terms um are of the form um=f(u1,m,…,un,m) for some {ui,m∣i=1,…,n}⊆T(Σ) for m∈M, so that ui,m∈supp(Θi) for each m∈M.
Accordingly to Definition 4.2, let rD and σ0 be resp. the Σ-distribution rule and the substitution from which ρD is built, namely let rD be of the form
[TABLE]
as in Definition 3.1.2 and σ0 be such that σ0(rD) is of the form
[TABLE]
(see Definition 5.2) and there is a bijection f:\bigtimesi=1,…,nHi→M so that ui,κ(i)=ui,f(κ) for each i=1,…,n, and qκ=qf(κ) for each κ∈\bigtimesi=1,…,nHi.
Then ρD is of the form
[TABLE]
where for each i=1,…,n we have that:
**•: **
Either σ0(ϑi)=Θi is a variable or a Dirac distribution and Hi={Θiqi,hui,h∣h∈Hi}.
Hence from DΣ⊢σ′(H) we can immediately infer that DΣ⊢σ′({Θiqi,hui,h∣h∈Hi}).
**•: **
Or there is a Σ-distribution ruloid ρiD={σ0(ϑ)qi,hui,h∣h∈Hi}Hi.
Since DΣ⊢σ′(H) implies DΣ⊢σ′(Hi), by structural induction on Θi we can infer that DΣ⊢σ′({Θiqi,hui,h∣h∈Hi}).
Hence, we have obtained that the closed substitution instances wrt. σ′∘σ0 of the premises of rD are provable from DΣ and therefore we can infer that there is a proof from DΣ of {σ′(Θ)qmσ′(um)∣m∈M}.
By the choice of σ′, we can conclude that DΣ⊢{σ(Θ)qmtm∣m∈M}.
4. (4)
Inductive step Θ=∑i∈IpiΘi for some Θi∈DT(Σ), pi∈[0,1] for i∈I and ∑i∈Ipi=1.
**(⇒): **
First of all, we recall that by Theorem 7DΣ⊢{σ(Θ)qmtm∣m∈M} iff σ(Θ)(tm)=qm and ∑m∈Mqm=1.
Thus, for the particular choice of σ(Θ), we have that the closed terms tm are such that {tm∣m∈M}=⋃i∈Isupp(σ(Θi)).
Next, let us consider a closed proof γ of {σ(Θ)qmtm∣m∈M} from DΣ.
The bottom of γ is constituted by the closed reduced instance of a Σ-distribution rule rD∈RΣ of the form
[TABLE]
wrt. a closed substitution ς with ς(ϑi)=σ(Θi) for i∈I.
More precisely, let ς(rD) be the inference rule of the form
[TABLE]
where
**•: **
each set {σ(Θi)qi,hti,h∣h∈Hi} is the reduction wrt. σ of the corresponding set {ς(ϑi)qi,jς(xi,j)∣j∈Ji},
**•: **
there is bijection f:{ti,h∣h∈Hi,i∈I}→M so that u=tf(u) for each u∈{ti,h∣h∈Hi,i∈I} and
**•: **
for each i∈I there is a proof shorter than γ of {σ(Θi)qi,hti,h∣h∈Hi} from DΣ.
Let ς0 be a substitution with ς0(ϑi)=Θi for each i∈I.
Considering that ς(ϑi)=σ(Θi)=σ(ς0(ϑi)), we have ς(ϑi)=σ(ς0(ϑi)) for each i∈I.
As a consequence, {σ(ς0(ϑi))qi,hti,h∣h∈Hi} for each i∈I, is provable from DΣ with a proof shorter than γ.
Hence, by structural induction over each Θi=ς0(ϑi), for each i∈I there are a Σ-distribution ruloid
[TABLE]
and a closed substitution σi with
**(a): **
σi(ς0(ϑi))=σ(ς0(ϑi)),
2. **(b): **
σi(ui,h)=ti,h, and
3. **(c): **
DΣ⊢σi(Hi).
So let us consider a closed substitution σ′ with
**•: **
σ′(ζ)=σ(ζ)* for all ζ∈var(Θ),*
**•: **
σ′(rhs(Hi))=σi(rhs(Hi))* for all i∈I*
and let H=⋃i∈IHi.
Moreover, let ς1 be a substitution with ς1(ϑi)=Θi and ς1(xi,j)=ui,h for some h∈Hi accordingly to the reduced instance ς(rD), for all j∈Ji,i∈I.
We recall that σi(ui,h)=ti,h for each h∈Hi,i∈I.
and we prove that the Σ-distribution ruloid
[TABLE]
together with the substitution σ′ satisfies the required properties:
**(a): **
First we prove that σ′(Θ)=σ(Θ).
This immediately follows from σ′(ζ)=σ(ζ) for all ζ∈var(Θ).
2. **(b): **
Then we prove that DΣ⊢σ′(H), which is derived from the following considerations:
**(i): **
Notice that var(Θ)=⋃i∈Ivar(Θi)=⋃i∈Ivar(ς0(ϑi)).
Thus, since σ and σ′ agree on var(Θ) we obtain that σ′(ς0(ϑi))=σ(ς0(ϑi)) for each i∈I.
Moreover, by construction we have that σi(ς0(ϑi))=σ(ς0(ϑi)) for each i∈I, thus giving σ′(ς0(ϑi))=σi(ς0(ϑi)) for each i∈I.
Furthermore, by definition σ′ and σi agree on all variables in rhs(Hi).
As by Lemma 12.3, rhs(Hi)=⋃h∈Hivar(ui,h), we can conclude that σ′ and σi agree on all variables occurring in {ς0(ϑi)qi,hui,h∣h∈Hi}Hi for each i∈I.
2. **(ii): **
As by the previous item σ′ agrees with σi on all variables in Hi and DΣ⊢σi(Hi), we infer DΣ⊢σ′(Hi), for each i∈I.
Then, from H=⋃i∈IHi, we can immediately conclude that DΣ⊢σ′(H).
3. **(c): **
Finally, we prove that σ′(u)=tf(u) for each u∈{ti,h∣h∈Hi,i∈I}.
By Lemma 12.3 we have that var(u)⊆rhs(H).
Furthermore, we have that
**•: **
var(ui,h)⊆rhs(Hi);
**•: **
σ′* agrees with σi on all variables in rhs(Hi), for all i∈I;*
**•: **
rhs(H)=⋃i∈Irhs(Hi).
Therefore, we have that σ′(ui,h)=σi(ui,h)=ti,h for each h∈Hi,i∈I.
Hence, we can conclude that σ′(u)=tf(u) for each u∈{ti,h∣h∈Hi,i∈I}.
**(⇐): **
We aim to show that DΣ⊢{σ(Θ)qmtm∣m∈M}.
To this aim it is enough to show that DΣ⊢{σ′(Θ)qmσ′(um)∣m∈M} which, since the closed terms tm are pairwise distinct by the hypothesis, by the choice of σ′ is equivalent to DΣ⊢{σ(Θ)qmtm∣m∈M}.
Accordingly to Definition 4.2, let rD and σ0 be resp. the Σ-distribution rule and the substitution from which ρD is built, namely let rD be of the form
[TABLE]
as in Definition 3.1.3 and σ0 be such that σ0(rD) is of the form
[TABLE]
(see Definition 5.3).
Then ρD is of the form
[TABLE]
where for each i∈I we have that:
**•: **
Either σ0(ϑi)=Θi is a variable or a Dirac distribution and Hi={Θiqi,hui,h∣h∈Hi}.
Hence from DΣ⊢σ′(H) we can immediately infer that DΣ⊢σ′({Θiqi,hui,h∣h∈Hi}).
**•: **
Or there is a Σ-distribution ruloid ρiD={σ0(ϑ)qi,hui,h∣h∈Hi}Hi.
Since DΣ⊢σ′(H) implies DΣ⊢σ′(Hi), by structural induction on Θi we can infer that DΣ⊢σ′({Θiqi,hui,h∣h∈Hi}).
Hence, we have obtained that the closed substitution instances wrt. σ′∘σ0 of the premises of rD are provable from DΣ and therefore we can infer that there is a proof from DΣ of {σ′(Θ)qmσ′(um)∣m∈M}.
By the choice of σ′, we can conclude that DΣ⊢{σ(Θ)qmtm∣m∈M}.
{exa}
Consider the distribution term Θ=52μ+53(ν∣υ) and the closed substitution σ with \sigma(\Theta)=\frac{2}{5}(\frac{1}{4}\delta_{t_{1}}+\frac{3}{4}\delta_{t_{2}})+\frac{3}{5}\big{(}(\frac{1}{3}\delta_{t_{3}}+\frac{2}{3}\delta_{t_{4}})\mid\delta_{t_{5}}\big{)}.
Notice that σ(Θ) is the source term of the distribution over terms L in Example 3.3.
Thus, we know that
[TABLE]
Consider the Σ-distribution ruloid ρD for Θ given in Example 4.2
[TABLE]
We want to exhibit a proper closed substitution σ′ such that ρD and σ′ satisfy Theorem 13 wrt. σ(Θ).
Let
[TABLE]
Then we have
[TABLE]
Moreover
[TABLE]
thus giving that σ′(trg(ρD))=rhs(L).
Finally, we remark that
•
the proof presented for {σ(μ2)1/4t1,σ(μ2)3/4t2} with σ(μ2)=41δt1+43δt2 in Example 3.3 gives us DΣ⊢{σ′(μ)1/4t1,σ′(μ)3/4t2};
•
the proof presented for {σ(μ1)1/3t3,σ(μ1)2/3t4} with σ(μ1)=31δt3+32δt4 in Example 3.3 gives us DΣ⊢{σ′(ν)1/3t3,σ′(ν)2/3t4};
•
the proof presented for {σ(ν1)1t5} with σ(ν1)=δt5 in Example 3.3 gives us DΣ⊢{σ′(υ)1t5}.
We have therefore obtained that DΣ⊢σ′(prem(ρD)) and thus that ρD and σ′ satisfy Theorem 13 wrt. σ(Θ).
4.3. Related work
The only paper dealing with ruloids for specifications of probabilistic process calculi is [GF12].
As previously outlined, [GF12] deals with reactive transition systems, which are less expressive than PTSs as they
do not admit internal nondeterminism.
Transitions are of the form ta,pt′, denoting that t evolves by a to t′ with probability p.
Informally, our P-ruloids generalize those in [GF12] in the same way PTSSs generalize reactive systems.
In fact, to deal with the quadruple ta,pt′, ruloids in [GF12] are defined by keeping track of rules and ruloids used in their construction, in order to assign a proper probability weight to their conclusion.
In detail, to guarantee the property of semi-stochasticity, i.e. the sum of the probabilities of all transitions for an action from a term is either [math] or 1, a partitioning over ruloids is needed in [GF12]: given a term t the ruloids in the partition for t related to action a allow one to derive a-labeled transitions from t whose total probability is 1.
To do so, one also has to constantly keep track of the rules and ruloids used in the construction of the ruloids in a partition, because the exact probability weight of a transition depends on this construction.
An analogous technicality was already necessary in the SOS transition rules in [LT09], on which [GF12] builds.
Here we do not need this technicality, since probabilities are directly managed by Σ-distribution ruloids and we can use P-ruloids to derive the transitions leading to probability distributions.
More precisely, we should say that given a term t, all ruloids in one partition for t of [GF12] are captured by one of our P-ruloids and one Σ-distribution ruloid.
The P-ruloid captures all the requirements that the subterms of t must satisfy to derive the transition to the desired probability distribution over terms.
The proper probability weights are then automatically assigned to terms by the Σ-distribution ruloid, without the need of keeping track of all the rules and ruloids used in the construction.
5. The decomposition method
In this section we present our method for decomposing formulae in L, Lr and L+.
To this purpose we exploit the two classes of ruloids introduced in Section 4.
In fact, the idea behind the decomposition of state (resp. distribution) formulae is to establish which properties the closed substitution instances of the variables occurring in a (distribution) term must satisfy to guarantee that the closed substitution instance of that (distribution) term satisfies the chosen state (resp. distribution) formula.
Thus, since (Σ-distribution) ruloids derive the behavior of a (distribution) term directly from the behavior of the variables occurring in it, the decomposition method is firmly related to them.
Formally, starting from the class L, the decomposition of state formulae follows those in [BFvG04, FvG16, FvGL17, FvGdW06, FvGdW12, GF12] and consists in assigning to each term t∈T(Σ) and formula φ∈Ls, a set of functions ξ:Vs→Ls, called decomposition mappings, assigning to each variable x in t a proper formula in Ls such that for any closed substitution σ it holds that σ(t)⊨φ iff σ(x)⊨ξ(x) for each x∈var(t) (Theorem 15).
Each mapping ξ will be defined on a P-ruloid having t as source, P being the considered PGSOS-PTSS.
Similarly, the decomposition of distribution formulae consists in assigning to each distribution term Θ∈DT(Σ) and distribution formula ψ∈Ld a set of decomposition mappings η:V→Ld∪Ls such that for any closed substitution σ we get that σ(Θ)⊨ψ iff σ(ζ)⊨η(ζ) for each ζ∈var(Θ) (Theorem 15).
Each mapping η will be defined on a Σ-distribution ruloid having Θ as source.
Then, as Lr and L+ are subclasses of L, we will show how we can easily derive the decomposition method for them from the one proposed for L (Theorem 17).
5.1. Decomposition of formulae in L
In this section we consider the logic L.
First we need to introduce the notion of matching for a distribution over terms and a distribution formula, seen as a probability distribution over state formulae [CGT16a, DD11].
{defi}
[Matching]
Assume a distribution over terms L={Θqmtm∣m∈M} and a distribution formula ψ=⨁i∈Iriφi∈Ld.
Then a matching for L and ψ is a distribution over the product space w∈Δ(T(Σ)×Ls) having L and ψ as left and right marginals respectively, that is ∑i∈Iw(tm,φi)=qm for all m∈M and ∑m∈Mw(tm,φi)=ri for all i∈I.
We denote by W(L,ψ) the set of all matchings for L and ψ.
{defi}
[Decomposition of formulae in L]
Let P=(Σ,A,R) be a PGSOS-PTSS and let DΣ be the Σ-DS.
We define the mappings
•
⋅−1:T(Σ)→(Ls→P(Vs→Ls)), and
•
⋅−1:DT(Σ)→(Ld→P(V→L))
as follows.
For each term t∈T(Σ) and state formula φ∈Ls, t−1(φ)∈P(Vs→Ls) is the set of decomposition mappingsξ:Vs→Ls such that for any univariate term t we have:
(1)
ξ∈t−1(⊤) iff ξ(x)=⊤ for all x∈Vs;
2. (2)
ξ∈t−1(¬φ) iff there is a function f:t−1(φ)→var(t) such that
[TABLE]
3. (3)
ξ∈t−1(⋀j∈Jφj) iff there exist decomposition mappings ξj∈t−1(φj) for all j∈J such that
[TABLE]
4. (4)
ξ∈t−1(⟨a⟩ψ) iff there exist a P-ruloid taΘH and a decomposition mapping η∈Θ−1(ψ) such that:
[TABLE]
5. (5)
ξ∈(σ(t))−1(φ) for a non injective substitution σ:var(t)→Vs iff there is a decomposition mapping ξ′∈t−1(φ) such that
[TABLE]
Then, for each distribution term Θ∈DT(Σ) and distribution formula ψ∈Ld, Θ−1(ψ)∈P(V→L) is the set of decomposition mappingsη:V→L such that for any univariate distribution term Θ we have:
(6)
η∈Θ−1(⨁i∈Iriφi) iff there are a Σ-distribution ruloid {Θqmtm∣m∈M}H and a matching w∈W({Θqmtm∣m∈M},⨁i∈Iriφi) such that for all m∈M and i∈I there is a decomposition mapping ξm,i with
{ξm,i∈tm−1(φi)ξm,i∈tm−1(⊤)if w(tm,φi)>0otherwise
and we have
(a)
for all μ∈Vd,
η(μ)=⎩⎨⎧μqjxj∈H⨁qjm∈Mi∈I⋀ξm,i(xj)1⊤ if μ∈var(Θ) otherwise
2. (b)
for all x∈Vs,
η(x)=⎩⎨⎧m∈Mi∈I⋀ξm,i(x)⊤ if x∈var(Θ) otherwise.
2. (7)
η∈(σ(Θ))−1(ψ) for a non injective substitution σ:var(Θ)→V iff there is a decomposition mapping η′∈Θ−1(ψ) such that
for all ζ∈var(σ(Θ)) it holds that
η′(z)=η′(z′) for all z,z′∈σ−1(ζ) and
[TABLE]
We explain our decomposition method for the diamond modality for state formulae (Definition 5.1.4) and for distribution formulae (Definition 5.1.6).
For the other modalities on state formulae, which do not directly involve the quantitative properties of processes, we refer to [FvGdW06].
We discuss first the decomposition of a state formula φ=⟨a⟩ψ∈Ls.
Given any term t∈T(Σ) and closed substitution σ, we need to identify in ξ∈t−1(φ) which properties each σ(x) with x∈var(t) has to satisfy in order to guarantee σ(t)⊨φ.
By Definition 2.3 we have that σ(t)⊨φ if and only if P⊢σ(t)aπ for some probability distribution π such that π⊨ψ.
By Theorem 9 there is such a transition if and only if there are a P-ruloid H/taΘ and a closed substitution σ′ with σ′(t)=σ(t) and
(i) P⊢σ′(H)and
(ii) σ′(Θ)⊨ψ.
The validity of condition ((i)) follows if, for each x∈var(t), the literals in H having x as left hand side test only the provable behavior of σ′(x).
More precisely, we need that σ′(x)⊨¬⟨c⟩⊤ for each x\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\in\mathcal{H} and that σ′(x)⊨⟨b⟩η(μ) for each xbμ∈H, for a chosen decomposition mapping η∈Θ−1(ψ) with σ′(μ)⊨η(μ) for each μ∈var(Θ).
The decomposed formula ξ(x) is then defined as the conjunction of such formulae.
Moreover, we also add in ξ(x) a conjunct η(x) to capture the potential behavior of x as a subterm of the target term Θ.
Further, the choice of η and its use in ξ also guarantees that condition ((ii)) holds.
We discuss now the decomposition of a distribution formula ψ=⨁i∈Iriφi∈Ld.
Given any distribution term Θ∈DT(Σ) and a closed substitution σ, we need to identify in η∈Θ−1(ψ) which properties each σ(ζ) with ζ∈var(Θ) has to satisfy in order to guarantee σ(Θ)⊨ψ.
By Definition 2.3 we have that σ(Θ)⊨ψ if and only if σ(Θ)=∑i∈Iriπi with t⊨φi for all t∈supp(πi).
Assume supp(σ(Θ))={tm∣m∈M} and σ(Θ)(tm)=qm.
By Theorem 7, this is equivalent to have DΣ⊢{σ(Θ)qmtm∣m∈M} which, by Theorem 13, is equivalent to say that there are a Σ-distribution ruloid H/{Θqmum∣m∈M} and a closed substitution σ′ with σ′(Θ)=σ(Θ) and
(i) DΣ⊢σ′(H)and
(ii) σ′(um)⊨φiwhenever σ′(um)∈supp(πi).
Since the weights qm are univocally determined by the distributions over terms in H and moreover they already represent the exact probability weights of σ(Θ), we define, for each μ∈var(Θ)∩Vd, the decomposition mapping η(μ) using as weights the qj in the distributions over terms {μqjxj}∈H.
Then, to guarantee condition ((ii)), we define w(um,φi) to be positive if σ′(um)∈supp(πi) so that we can assign the proper decomposed formula ξm,i(x) to each x∈var(um) such that σ′(x)⊨ξm,i(x).
Moreover, since each σ′(um) may occur in the support of more than one πi, we impose that each x∈var(um) satisfies the conjunction of all the decomposed formulae ξm,i(x).
Therefore, also condition ((i)) follows.
{exa}
We exemplify two decomposition mappings in the set t−1(φ) for term t=x+2/5(y∣z), which is the term considered in Example 4.1 with p=2/5, and
the formula φ=⟨a⟩ψ, with ψ=21⟨a⟩⊤⊕21¬⟨a⟩⊤.
As this example is aimed at providing a deeper insight on the mechanism of our decomposition method, we will choose arbitrarily the ruloids and the matchings for the considered terms and formulae in order to minimize the number of mappings involved in the decomposition and improve readability.
Let ρ be the last ruloid for t in Example 4.1, Θ=52μ+53(ν∣υ) denote its target, and ρD be the Σ-distribution ruloid for Θ showed in Example 4.2.
By Definition 5.1.4, the decomposition mappings ξ∈t−1(φ) built over ρ are such that:
[TABLE]
where η∈Θ−1(ψ).
Consider the matching w∈W(conc(ρD),ψ) for conc(ρD) and ψ defined by
[TABLE]
For the terms and the formulae to which w gives a positive weight, we obtain the decomposition mappings in Table 1, where ξ3 and ξ4 derive from Definition 5.1.2.
Next, we construct the decomposition mappings for the variable ν in Θ wrt. ρD and w.
By Definition 5.1.6a we consider the weights of the premises of ρD having ν as left-hand side, namely Hν={ν1/3y1,ν2/3y2}, and use them as weights of the ⨁ operator.
Then for each of the variables y1,y2 in the right side of Hν, we consider the conjunction of the formulae assigned to it by one decomposition mapping from each set in the first column of Table 1.
In detail, by omitting multiple occurrences of the ⊤ formulae in conjunctions, for y1 we consider ξ1(y1)∧ξ2(y1)∧ξ3(y1)∧ξ5(y1)=¬⟨a⟩⊤ and ξ1(y1)∧ξ2(y1)∧ξ4(y1)∧ξ5(y1)=⊤, and for y2 we consider ξ1(y2)∧ξ2(y2)∧ξ3(y2)∧ξ5(y2)=⟨a⟩⊤ and ξ1(y1)∧ξ2(y1)∧ξ4(y1)∧ξ5(y1)=⟨a⟩⊤.
Hence the choice between ξ3 or ξ4 generates two different decomposition mappings in Θ−1(ψ): by ξ3 we obtain the decomposition mapping η1∈Θ−1(ψ) with η1(ν)=31¬⟨a⟩⊤⊕32⟨a⟩⊤
and by ξ4 we obtain the decomposition mapping η2∈Θ−1(ψ) with η2(ν)=31⊤⊕32⟨a⟩⊤.
By applying the same reasoning to μ and υ we obtain
[TABLE]
[TABLE]
where we have omitted multiple occurrences of the ⊤ formulae in conjunctions.
Finally, we obtain two decomposition mappings in t−1(φ) by substituting η with either η1 or η2 in Equation (11), obtaining respectively
[TABLE]
[TABLE]
We show now that by decomposing formulae in L we get formulae in L.
This is essential to derive the congruence theorem for probabilistic bisimulation (Theorem 18.1):
the congruence theorem exploits the characterization of probabilistic bisimulation with the logic L recalled in Theorem 2, and requires that the formulae for composed terms and those obtained for their subterms through the decomposition method are all formulae in the characterizing logic L.
Lemma 14**.**
Assume the terms t∈T(Σ) and Θ∈DT(Σ) and the formulae φ∈Ls and ψ∈Ld. Then:
(1)
For all x∈Vs we have ξ(x)∈Ls for each ξ∈t−1(φ).
2. (2)
For all ζ∈Vd we have η(ζ)∈Ld for each η∈Θ−1(ψ).
3. (3)
For all ζ∈Vs we have η(ζ)∈Ls for each η∈Θ−1(ψ).
Proof 5.1**.**
The proof follows immediately from Definition 5.1.
The following result confirms that our decomposition method is correct.
Theorem 15** (Decomposition theorem).**
Let P=(Σ,A,R) be a PGSOS-PTSS and let DΣ be the Σ-DS.
For any term t∈T(Σ), closed substitution σ and state formula φ∈Ls we have
[TABLE]
and for any distribution term Θ∈DT(Σ), closed substitution σ and distribution formula ψ∈Ld we have
[TABLE]
Proof 5.2**.**
We start with univariate terms.
We proceed by structural induction over ϕ∈L to prove that for any univariate t∈T(Σ), closed substitution σ and ϕ=φ∈Ls we have
[TABLE]
and for any univariate Θ∈DT(Σ), closed substitution σ and ϕ=ψ∈Ld we have
[TABLE]
•
Base case ϕ=⊤.
Then by Definition 5.1.1 we have that ξ∈t−1(⊤) iff ξ(x)=⊤ for all x∈Vs.
Then the proof obligation Equation (12) directly follows from the definition of ⊨ (Definition 2.3).
•
Inductive step ϕ=¬φ for some φ∈Ls.
We have
[TABLE]
where the second relation follows by the inductive hypothesis and the last relation follows by construction of t−1(¬φ) (Definition 5.1.2).
Hence, the proof obligation Equation (12) holds also in this case.
•
Inductive step ϕ=⋀j∈Jφj for some j∈J and φj∈Ls.
We have
[TABLE]
where the second relation follows by the inductive hypothesis and the last relation follows by construction of t−1(⋀j∈Jφj) (Definition 5.1.3).
Hence, the proof obligation Equation (12) holds also in this case.
•
Inductive step ϕ=⨁i∈Iriφi for some φi∈Ls, with ri∈(0,1] for i∈I and ∑i∈Iri=1.
Notice that in this case we have ϕ∈Ld and therefore we need to show Equation (13).
To this aim, we prove the two implications separately.
**(⇒): **
Assume first that σ(Θ)⊨⨁i∈Iriφi.
Then, by definition of ⊨ (Definition 2.3), this implies that there exists a family of probability distributions {πi}i∈I⊆Δ(T(Σ)) with σ(Θ)=∑i∈Iriπi and whenever t∈supp(πi) for some t∈T(Σ), then t⊨φi.
Notice that supp(σ(Θ))=⋃i∈Isupp(πi).
Let us order the elements of the support of the distribution σ(Θ) through indexes in a suitable set M, namely supp(σ(Θ))={tm∣m∈M}, with tm,tm′ pairwise distinct for all m,m′∈M with m=m′.
We have σ(Θ)=∑m∈Mqmδtm, for some qm∈(0,1] such that ∑m∈Mqm=1.
In particular, this gives qm=σ(Θ)(tm), which, by Theorem 7, implies that D⊢{σ(Θ)qmtm∣m∈M}.
By Theorem 13, DΣ⊢{σ(Θ)qmtm∣m∈M} implies that there are a Σ-distribution ruloid ρD={Θqmum∣m∈M}H and a closed substitution σ′ with DΣ⊢σ′(H), σ′(Θ)=σ(Θ) and σ′(um)=tm for each m∈M.
Let us show that the rewriting of σ′(Θ) as convex combination of the {πi}i∈I gives rise to a matching for conc(ρD) and ⨁i∈Iriφi.
Define w∈W(conc(ρD),⨁i∈Iriφi) as w(um,φi)=riπi(σ′(um)), then w is a matching with left marginal conc(ρD), and right marginal the distribution formula ⨁i∈Iriφi.
More precisely, we have
[TABLE]
and
[TABLE]
We derive that:
**(1): **
from σ′(Θ)=σ(Θ) we obtain that σ′(ζ)=σ(ζ) for all variables ζ∈var(Θ);
2. **(2): **
whenever w(um,φi)>0 it holds that σ′(um)∈supp(πi) and, therefore, we infer σ′(um)⊨φi.
By the inductive hypothesis we derive that there is a decomposition mapping ξm,i∈um−1(φi) such that σ′(x)⊨ξm,i(x) for all x∈var(um);
3. **(3): **
from DΣ⊢σ′(H) we obtain that for all premises {ζqjxj∣j∈J}∈H we have DΣ⊢{σ′(ζ)qhth′∣h∈H}, where
{σ′(ζ)qhth′∣h∈H} is σ′({ζqjxj∣j∈J}),
for a suitable set of indexes H and proper terms th′.
By Theorem 7, DΣ⊢{σ′(ζ)qhth′∣h∈H} iff
σ′(ζ)(th′)=qh and ∑h∈Hqh=1.
Hence we have that
[TABLE]
We remark that this reasoning holds since we assumed that Θ is univariate, and therefore there is only one set of distribution premises in H with left-hand side ζ, for each ζ∈var(Θ).
Let η∈Θ−1(⨁i∈Iriφi) be the decomposition mapping defined as in Definition 5.1.6 by means of the Σ-distribution ruloid {Θqmum∣m∈M}H and the decomposition mappings ξm,i as in item (2) above for each m∈M and i∈I such that w(um,φi)>0, and ξm,i defined by ξm,i(x)=⊤ for all x∈Vs for those m,i such that w(um,φi)=0.
We aim to show that for this η it holds that σ′(ζ)⊨η(ζ) for each ζ∈var(Θ).
By construction,
[TABLE]
For each variable y∈{xj∣j∈J}∪{x} and for each m∈M and i∈I, we can distinguish three cases:
**(4): **
y∈var(um)* and w(um,φi)>0.
Then, by item (2) above, we have σ′(y)⊨ξm,i(y).*
2. **(5): **
y∈var(um)* and w(um,φi)=0.
Then by construction ξm,i(y)=⊤, thus giving that σ′(y)⊨ξm,i(y) holds trivially also in this case.*
3. **(6): **
y∈var(um). Then, whichever is the value of w(um,φi), we have ξm,i(y)=⊤ (see Definition 5.1) and consequently σ′(y)⊨ξm,i(y) holds trivially also in this case.
Since these considerations apply to each m∈M and i∈I we can conclude that if ζ∈Vd then for all {ζqjxj∣j∈J}∈H it holds that for each xj with j∈J we have σ′(xj)⊨⋀m∈M,i∈Iξm,i(xj).
Furthermore, by item (3) above, if {ζqjxj∣j∈J}∈H then DΣ⊢σ′(H) gives σ′(ζ)=∑j∈Jqjδσ′(xj), from which we can conclude that
[TABLE]
Similarly, if ζ=x∈Vs then
[TABLE]
Thus, we can conclude that for each ζ∈var(Θ) it holds that σ′(ζ)⊨η(ζ).
Since moreover σ(ζ)=σ′(ζ) (item (1) above), we can conclude that σ(ζ)⊨η(ζ) as required.
**(⇐): **
Assume now that there is a decomposition mapping η∈Θ−1(⨁i∈Iriφi) such that σ(ζ)⊨η(ζ) for all ζ∈var(Θ).
Following Definition 5.1.6, the existence of such a decomposition mapping η entails the existence of a Σ-distribution ruloid ρD={Θqmtm∣m∈M}H with ∑m∈Mqm=1 (Proposition 11) and of a matching w∈W(conc(ρD),⨁i∈Iriφi) from which we can build the following decomposition mappings:
[TABLE]
In particular, we have that for each μ∈var(Θ)
[TABLE]
and for each x∈var(Θ)
[TABLE]
We define a closed substitution σ′ such that σ′(ζ)=σ(ζ) for each ζ∈var(Θ) and σ′(x)=σ(x) for each x∈rhs(H).
Then, the following properties hold:
**(a): **
From σ′(ζ)=σ(ζ) and σ(ζ)⊨η(ζ) we derive σ′(ζ)⊨η(ζ).
In particular we obtain that σ′(x)⊨⋀i∈I,m∈Mξm,i(x) for each x∈var(Θ).
2. **(b): **
As σ′(μ)⊨η(μ) for each μ∈var(Θ), by previous item ((a)), we derive that there are probability distributions πj such that σ′(μ)=∑j∈Jqjπj and whenever t∈supp(πj), for some t∈T(Σ), then t⊨⋀i∈I,m∈Mξm,i(xj).
By Definition 5.1.6a, the weights of the distribution formula η(μ) coincide with the weights of the distribution literals in {μqjxj∣∑j∈Jqj=1}∈H.
Therefore, we have that σ′(μ)=∑j∈Jqjδσ′(xj) from which we gather σ′(xj)⊨⋀i∈I,m∈Mξm,i(xj), for each j∈J.
3. **(c): **
From σ(ζ)=σ′(ζ) for each ζ∈var(Θ) we infer that σ′(Θ)=σ(Θ).
Moreover, by Lemma 12.3 we have that rhs(H)=⋃m∈Mvar(tm), so that σ′(x)=σ(x) for each x∈rhs(H) implies σ′(tm)=σ(tm) for each m∈M.
From items ((a)), ((b)) above and by structural induction we gather σ′(tm)⊨φi for each m∈M,i∈I with w(tm,φi)>0.
Moreover, from σ′(ζ)⊨η(ζ) for each ζ∈var(Θ), item ((a)) above, we obtain that DΣ⊢σ′(H), namely DΣ proves the reduced instance w.r.t, σ′ of each set of distribution premises {ζqjxj∣∑j∈Jqj=1}∈H.
This fact taken together with item ((c)) above and Theorem 13 gives that DΣ proves the reduced instance of {Θqmtm∣m∈M} wrt. σ, that is DΣ⊢{σ(Θ)qhth′∣h∈H} for a suitable set of indexes H and a proper set of closed terms th′ such that for each h∈H there is at least one m∈M such that th′=σ′(tm) and moreover qh=∑{m∈M∣σ′(tm)=th′}qm (Definition 3.2).
In addition, by Theorem 7 it follows that qh=σ(Θ)(th′) for each h∈H and ∑h∈Hqh=1.
Since moreover qh∈(0,1] for each h∈H, this is equivalent to say that σ(Θ)=∑h∈Hqhδσ′(th).
Finally, we notice that
[TABLE]
where for each i∈I, πi=∑m∈Mriw(tm,φi)δσ′(tm) is a probability distribution as it is obtained as a convex combination of probability distributions (∑m∈Mriw(tm,φi)=1).
Moreover, the πi are such that whenever σ′(t)∈supp(πi) it holds that σ′(t)⊨φi.
In fact, we have that whenever w(tm,φi)>0, then the only closed term in the support of δσ′(tm) is indeed σ′(tm).
Furthermore, whenever σ′(tm)⊨φi we are granted that w(tm,φi)=0, thus giving that σ′(tm) is not in the support of πi.
Therefore, we can conclude that σ(Θ)⊨⨁i∈Iriφi as requested.
Hence, the proof obligation Equation (13) follows from the two implications.
•
Inductive step ϕ=⟨a⟩ψ for some ψ∈Ld and a∈A.
Notice that in this case we have ϕ∈Ls and therefore we need to show Equation (12).
To this aim, we prove the two implications separately.
**(⇒): **
Assume first that σ(t)⊨⟨a⟩ψ.
Then, by definition of relation ⊨ (Definition 2.3), there exists a probability distribution π∈Δ(T(Σ)) with P⊢σ(t)aπ and π⊨ψ.
By Theorem 9, P⊢σ(t)aπ implies that there are a P-ruloid taΘH and a closed substitution σ′ with P⊢σ′(H), σ′(t)=σ(t) and σ′(Θ)=π.
We infer the following facts:
**(1): **
from σ′(t)=σ(t) we obtain that σ′(x)=σ(x) for all x∈var(t);
2. **(2): **
from σ′(Θ)=π and π⊨ψ, we gather σ′(Θ)⊨ψ and by the inductive hypothesis we obtain that there exists a η∈Θ−1(ψ) such that σ′(ζ)⊨η(ζ) for all ζ∈var(Θ);
3. **(3): **
from P⊢σ′(H) we obtain that whenever xbμ∈H we have P⊢σ′(x)bσ′(μ).
Then, if μ∈var(Θ), by previous item (2), we get σ′(μ)⊨η(μ).
Otherwise, if μ∈var(Θ), we have η(μ)=⊤ thus giving σ′(μ)⊨η(μ) also in this case.
Hence, σ′(μ)⊨η(μ) and σ′(x)⊨⟨b⟩η(μ) in all cases.
4. **(4): **
from P⊢σ′(H) we obtain that whenever x\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\in\mathcal{H} we have P\vdash\sigma^{\prime}(x)\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}, namely P⊢σ′(x)cυ for any υ∈DT(Σ), giving σ′(x)⊨¬⟨c⟩⊤.
Let ξ∈t−1(⟨a⟩ψ) be defined as in Definition 5.1.4 by means of the P-ruloid taΘH and the decomposition mapping η introduced in item (2) above.
We aim to show that for this ξ it holds that σ′(x)⊨ξ(x) for each x∈var(t).
By construction,
[TABLE]
By item (3) above we have σ′(x)⊨⟨b⟩η(μ) for each xbμ∈H.
By item (4) above we have σ′(x)⊨¬⟨c⟩⊤ for each x\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\in\mathcal{H}.
Finally, if x∈var(Θ) by item (2) above we get σ′(x)⊨η(x).
If x∈var(Θ) then we have η(x)=⊤ (Definition 5.1.6b) thus giving σ′(x)⊨η(x) also in this case.
Hence, σ′(x)⊨η(x) in all cases.
Thus, we can conclude that σ′(x)⊨ξ(x).
Since, by item (1) above, σ(x)=σ′(x) we can conclude that σ(x)⊨ξ(x) as required.
**(⇐): **
Assume now that there is a ξ∈t−1(⟨a⟩ψ) such that σ(x)⊨ξ(x) for all x∈var(t).
Following Definition 5.1.4, we construct ξ in terms of some P-ruloid taΘH and decomposition mapping η∈Θ−1(ψ).
In particular, we have that for each x∈var(t)
[TABLE]
We define a closed substitution σ′ such that the following properties hold:
**(a): **
σ′(x)=σ(x)* for all x∈var(t).
As a consequence, from σ(x)⊨ξ(x) we derive σ′(x)⊨ξ(x).*
2. **(b): **
As σ′(x)⊨ξ(x), by previous item ((a)), we derive that σ′(x)⊨⟨b⟩η(μ) for each xbμ∈H.
This implies that for each positive premise in H there exists a probability distribution πb,μ such that P⊢σ′(x)bπb,μ and πb,μ⊨η(μ).
We define σ′(μ)=πb,μ thus obtaining that for each xbμ∈H we have P⊢σ′(x)bσ′(μ) and σ′(μ)⊨η(μ).
3. **(c): **
As σ′(x)⊨ξ(x), by previous item ((a)), we derive that σ′(x)⊨¬⟨c⟩⊤ for each x\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\in\mathcal{H}.
Therefore, we obtain that P\vdash\sigma^{\prime}(x)\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!} for each x\mathrel{{\xrightarrow{\,{c}\,}}\makebox[0.0pt][r]{\not\hskip 8.61108pt}}{\!}\in\mathcal{H}.
4. **(d): **
Since var(Θ)⊆var(t)∪rhs(H), previous items ((b)) and ((c)) we obtain that σ′(μ)⊨η(μ) for each μ∈Vd.
5. **(e): **
σ′(x)⊨η(x)* for each x∈var(Θ).*
From items ((d)), ((e)) and structural induction, we gather σ′(Θ)⊨ψ.
Moreover, items ((b)) and ((c)) give P⊢σ′(H).
Hence, by Theorem 9 we obtain P⊢σ′(t)aσ′(Θ).
From item ((a)) we have that σ′(t)=σ(t) and, therefore, we can conclude that σ(t)⊨⟨a⟩ψ.
Hence, the proof obligation Equation (12) follows from the two implications.
Finally, let us deal with terms that are not univariate.
Assume first that t is not univariate, namely t=ς(s) for some univariate s and non-injective substitution ς:var(s)→Vs.
Then, σ(ς(s))⊨φ iff there exists a decomposition mapping ξ′∈s−1(φ) such that σ(ς(y))⊨ξ′(y), which by Definition 5.1.5 is equivalent to require that there exists a decomposition mapping ξ′∈s−1(φ) such that for each x∈var(t) we have σ(x)⊨⋀y∈ς−1(x)ξ′(y).
By defining the decomposition mapping ξ∈t−1(φ) as ξ(x)=⋀y∈ς−1(x)ξ′(y), we obtain the thesis.
Assume now that Θ is not univariate, namely Θ=ς(Θ1) for some univariate Θ1 and non-injective substitution ς:var(Θ1)→Vd∪δVs.
Then, σ(ς(Θ1))⊨ψ iff there exists a decomposition function η1∈Θ1−1(ψ) such that σ(ς(z))⊨η1(z), which by Definition 5.1.7 is equivalent to require that there exists a decomposition mapping η′∈Θ1−1(ψ) such that for each ζ∈var(Θ) we have η′(z)=η′(z′) for all z,z′∈ς−1(ζ) and, for a chosen z~∈ς−1(ζ), σ(ζ)⊨η′(z~).
By defining the decomposition mapping η∈Θ−1(ψ) as η(ζ)=η′(z~), for z~∈ς−1(ζ), we obtain the thesis.
5.2. Decomposition of formulae in Lr and L+
In this section we consider the logics Lr and L+, whose decomposition
can be derived from the one for L.
{defi}
[Decomposition of formulae in Lr and L+]
Let P=(Σ,A,R) be a PGSOS-PTSS and let DΣ be the Σ-DS.
The mappings ⋅−1:T(Σ)→(Lrs→P(Vs→Lrs)) and ⋅−1:DT(Σ)→(Lrd→P(V→Lr)) are
obtained as in Definition 5.1 by rewriting Definition 5.1.2 and Definition 5.1.4, respectively, by
(2)
ξ∈t−1(aˉ) iff there is a function f:t−1(⟨a⟩⊤)→var(t) such that
[TABLE]
2. (4)
ξ∈t−1(⟨a⟩ψ) iff there are a ruloid taΘH and a decomposition mapping η∈Θ−1(ψ) such that
[TABLE]
Moreover, if P is positive, then the mappings ⋅−1:T(Σ)→(L+s→P(Vs→L+s)) and ⋅−1:DT(Σ)→(L+d→P(V→L+)) are obtained as in Definition 5.1 by removing
Definition 5.1.2 and by rewriting Definition 5.1.4 by
(4)
ξ∈t−1(⟨a⟩ψ) iff there are a positive P-ruloid taΘH and a decomposition mapping η∈Θ−1(ψ) such that
[TABLE]
We show now that by decomposing formulae in Lr (resp. L+) we get formulae in Lr (resp. L+).
Again, this is necessary for the precongruence theorem Theorem 18.2 (resp. Theorem 18.3), which exploits the characterization of probabilistic ready simulation with the logic Lr (resp. the characterization of probabilistic simulation with the logic L+) given in Theorem 3 and requires that the formulae for composed terms and those obtained for their subterms through the decomposition method are all formulae in the characterizing logic Lr (resp. L+).
Lemma 16**.**
Let P be a PGSOS-PTSS and consider the term t∈T(Σ) and the formulae φ∈Lrs, ψ∈Lrd, φ′∈L+s and ψ′∈L+d.
(1)
•
For all x∈Vs we have ξ(x)∈Lrs for each ξ∈t−1(φ).
•
For all ζ∈Vd we have η(ζ)∈Lrd for each η∈Θ−1(ψ).
•
For all ζ∈Vs we have η(ζ)∈Lrs for each η∈Θ−1(ψ).
2. (2)
If P is positive, then
•
For all x∈Vs we have ξ(x)∈L+s for each ξ∈t−1(φ′).
•
For all ζ∈Vd we have η(ζ)∈L+d for each η∈Θ−1(ψ′).
•
For all ζ∈Vs we have η(ζ)∈L+s for each η∈Θ−1(ψ′).
Proof 5.3**.**
The proofs of items (1) and (2) follow immediately from Definition 5.2.
Then, we can show that also the decomposition methods for Lr and L+ are correct.
Theorem 17** (Decomposition theorem II).**
Let P=(Σ,A,R) be a PGSOS-PTSS and DΣ be the Σ-DS.
Assume the decomposition mappings as in Definition 5.2. Then:
•
The results in Theorem 15 hold for φ∈Lrs and ψ∈Lrd.
•
Moreover, if P is positive, then the results in Theorem 15 hold for φ∈L+s and ψ∈L+d.
Proof 5.4**.**
The proof of both items can be obtained by following the one of Theorem 15 wrt. the decompositions of the two logics (Definition 5.2).
In particular, we remark that in the proof for the diamond modality in L+, we use Corollary 10 in place of Theorem 9.
5.3. (Pre)congruence theorems
To support the compositional reasoning, the congruence (resp. precongruence) property is required for any behavioral equivalence (resp. preorder) R.
It consists in verifying whether f(t1,…,tn)Rf(t1′,…,tn′) whenever tiRti′ for i=1,…,n.
In [DGL14] it is proved that probabilistic bisimilarity is a congruence for all operators defined by a PGSOS-PTSS.
We can restate this result as a direct consequence of the characterization result of [DD11] (Theorem 2) combined with our first decomposition result in Theorem 15.
Then, by our characterization results in Theorem 3 and our decomposition results in Theorem 17 we can derive precongruence formats for both ready similarity and similarity.
Theorem 18** ((Pre)congruence theorem).**
Let P=(Σ,A,R) be a PGSOS-PTSS. Then:
(1)
Probabilistic bisimilarity is a congruence for all operators defined by P;
2. (2)
Probabilistic ready similarity is a precongruence for all operators defined by P;
3. (3)
If P is positive, then probabilistic similarity is a precongruence for all operators defined by P.
Proof 5.5**.**
(1)
Let t∈T(Σ) and let σ,σ′ be two closed substitutions.
We aim to show that
[TABLE]
Considering the characterization result of L for probabilistic bisimilarity (Theorem 2), to prove the proof obligation Equation (14) we simply have to show that σ(t) and σ′(t) satisfy the same formulae in L.
Assume that σ(t)⊨φ, for some state formula φ∈L.
By Theorem 15, there is a decomposition mapping ξ∈t−1(φ) such that σ(x)⊨ξ(x) for each x∈var(t).
From Lemma 14 we gather that ξ(x)∈Ls and moreover by Theorem 2 from σ(x)∼σ′(x) we obtain that σ′(x)⊨ξ(x) for each x∈var(t).
By applying Theorem 15 once again, we obtain that σ′(t)⊨φ, thus proving Equation (14).
2. (2)
The proof for probabilistic ready simulation is analogous to the one for item 1 by exploiting Theorem 3.1* in place of Theorem 2, Theorem 17.1 in place of Theorem 15 and Lemma 16.1 in place of Lemma 14.*
3. (3)
Under the assumption of P positive, the proof for probabilistic simulation is analogous to the one for item 1 by exploiting Theorem 3.2* in place of Theorem 2, Theorem 17.2 in place of Theorem 15 and Lemma 16.2 in place of Lemma 14.*
6. Conclusions
We developed a modal decomposition of formulae in L and its subclasses Lr,L+, on nondeterministic probabilistic processes.
The modal logic L was introduced in [DD11] for the characterization of probabilistic bisimilarity and we have proved here that Lr and L+ are powerful enough to characterize ready similarity and similarity, respectively.
Our decomposition method is novel with respect to the ones existing in the literature (see for instance [BFvG04, FvG16, FvGL17, FvGdW06, FvGdW12, GF12]) as it is based on the structural operational semantics of nondeterministic probabilistic processes in the PTS model.
The dual nature of these processes, and of the classes of formulae characterizing them, enforced the introduction of a SOS framework tailored for the specification of distribution terms, namely the Σ-distribution specification in which we have syntactically represented open distribution terms as probability distributions over open terms.
Moreover, the Σ-distribution ruloids, built from this new specification, provide a general tool that can be used to support the decomposition of any modal logic with modalities specifying quantitative properties for the PTS model.
Moreover, they can be easily adapted to models admitting subdistributions (see among others [LdV15, LdV16]).
To prove the robustness of our decomposition method we have showed how the congruence theorems for probabilistic bisimilarity, ready similarity and similarity with respect to the PGSOS format can be restated as an application of our decomposition theorems.
As future work, we will investigate the application of our decomposition method to modal formulae characterizing different behavioral semantics for nondeterministic probabilistic processes, as trace [BDL14, CT17, Seg95a], testing [BDL14, DvGHM08] and weak semantics [AW06, LdV15, LdV16], and we will derive robust (pre)congruence formats for them from their modal characterizations, as done in [BFvG04, FvG16, FvGL17, FvGdW12] in the non probabilistic setting.
Moreover, in [CGT16a] it is proved that by the modal logic L we can provide a logical characterization of the bisimulation metric [DCPP06, DGJP04, vBW01].
Inspired by this result, we aim to start a new research line, that is deriving the compositional properties of a behavioral pseudometric from the modal decomposition of formulae characterizing them.
As the metric semantics provide notions of distance over processes, the formats for them guarantee that a small variance in the behavior of the subprocesses leads to a bounded small variance in the behavior of the composed processes (uniform continuity [GLT15, GLT16]).
Then, we aim to use the decomposition method to re-obtain the formats for the bisimilarity metric proposed in [GT14, GT15, GT18] and to automatically derive original formats for weak metric semantics [DJGP02] and metric variants of branching bisimulation equivalence [AW06].
Appendix A Proofs of auxiliary results
Proof of Proposition 4.
We proceed by a case analysis over the form of Σ-distribution rules.
•
For Σ-distribution rules rD={δx1x}, for some x∈Vs, and rD={c1c}, for some constant function c∈Σ, the thesis is immediate.
•
Consider a Σ-distribution rule rD as in Definition 3.1.2.
Then, to prove the thesis we need to show that ∑k∈\bigtimesi=1nJiqk=1.
We have
[TABLE]
where \sum_{k\in\bigtimes_{i=1}^{\mathfrak{n}}J_{i}}\Big{(}\prod_{i=1}^{\mathfrak{n}}q_{i,k(i)}\Big{)}=\prod_{i=1}^{\mathfrak{n}}\Big{(}\sum_{j\in J_{i}}q_{i,j}\Big{)} follows by the distributive property of the summation wrt. the product and can be formally proved by induction over n, with inductive step \sum_{k\in\bigtimes_{i=1}^{\mathfrak{n}-1}J_{i}}\Big{(}\prod_{i=1}^{\mathfrak{n}-1}q_{i,(i)}\Big{)}=\prod_{i=1}^{\mathfrak{n}-1}\Big{(}\sum_{j\in J_{i}}q_{i,j}\Big{)}, as follows:
[TABLE]
•
Finally, consider a Σ-distribution rule rD as in Definition 3.1.3.
Then, to prove the thesis we need to show that ∑x∈{xi,j∣j∈Ji,i∈I}qx=1.
We have
[TABLE]
∎
Proof of Proposition 5.
The thesis follows directly by the definition of σ(L).
In fact, if we let σ(L)={σ(Θ)qjtj∣j∈J}, then the targets tj are pairwise distinct by construction and moreover we have
[TABLE]
∎
Proof of Proposition 11.
As the conclusion of a Σ-distribution ruloid coincides with the conclusion of a reduced instance of the Σ-distribution rule on which the Σ-distribution ruloid is built, the thesis follows immediately from Proposition 6.
∎
Bibliography39
The reference list from the paper itself. Each links out to its DOI / PubMed record.
1[AW 06] Suzana Andova and Tim A.C. Willemse. Branching bisimulation for probabilistic systems: characteristics and decidability. Theoret. Comput. Sci. , 356(3):325–355, 2006.
2[BDL 14] Marco Bernardo, Rocco De Nicola, and Michele Loreti. Revisiting trace and testing equivalences for nondeterministic and probabilistic processes. Logical Methods in Computer Science , 10(1), 2014.
3[B Fv G 04] Bard Bloom, Wan J. Fokkink, and Rob J. van Glabbeek. Precongruence formats for decorated trace semantics. ACM Trans. Comput. Log. , 5(1):26–78, 2004.
4[BIM 95] Bard Bloom, Sorin Istrail, and Albert R. Meyer. Bisimulation can’t be traced. J. ACM , 42(1):232–268, 1995.
5[CGT 16a] Valentina Castiglioni, Daniel Gebler, and Simone Tini. Logical characterization of bisimulation metrics. In Proc. QAPL 2016 , Electronic Proceedings in Theoretical Computer Science, 2016.
6[CGT 16b] Valentina Castiglioni, Daniel Gebler, and Simone Tini. Modal decomposition on nondeterministic probabilistic processes. In Proc. CONCUR 2016 , pages 36:1–36:15, 2016.
7[Cla 77] Keith L. Clark. Negation as failure. In Logic and Data Bases , pages 293–322, 1977.
8[CT 17] Valentina Castiglioni and Simone Tini. Logical characterization of trace metrics. In Proceedings of QAPL@ETAPS 2017 , volume 250 of EPTCS , pages 39–74, 2017.