Divide and Congruence III: From Decomposition of Modal Formulas to Preservation of Stability and Divergence
Wan Fokkink, Rob van Glabbeek, Bas Luttik

TL;DR
This paper extends the decomposition method for modal formulas to include stability and divergence considerations, enabling congruence formats for weak semantics that respect stability and divergence properties in transition systems.
Contribution
It introduces a relaxation of congruence formats for stability-respecting weak semantics and links divergence-preserving semantics to stability-respecting formats through a new proof approach.
Findings
Relaxed congruence formats for stability-respecting semantics
Inclusion of priority operator within stability-respecting formats
Establishment of a connection between divergence-preserving and stability-respecting semantics
Abstract
In two earlier papers we derived congruence formats with regard to transition system specifications for weak semantics on the basis of a decomposition method for modal formulas. The idea is that a congruence format for a semantics must ensure that the formulas in the modal characterisation of this semantics are always decomposed into formulas that are again in this modal characterisation. The stability and divergence requirements that are imposed on many of the known weak semantics have so far been outside the realm of this method. Stability refers to the absence of a -transition. We show, using the decomposition method, how congruence formats can be relaxed for weak semantics that are stability-respecting. This relaxation for instance brings the priority operator within the range of the stability-respecting branching bisimulation format. Divergence, which refers to the presence…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Divide and Congruence III: From Decomposition of
Modal Formulas to Preservation of Stability and Divergence
Wan Fokkink Department of Computer Science
Vrije University Amsterdam, The Netherlands [email protected] Data61, CSIRO, Sydney, AustraliaSchool of Computer Science and Engineering
University of New South Wales, Sydney, AustraliaDepartment of Mathematics and Computer Science, Technische Universiteit Eindhoven, The Netherlands
Rob van Glabbeek Data61, CSIRO, Sydney, AustraliaSchool of Computer Science and Engineering
University of New South Wales, Sydney, Australia [email protected] Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, The Netherlands
Bas Luttik Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, The Netherlands [email protected]
Abstract
In two earlier papers we derived congruence formats with regard to transition system specifications for weak semantics on the basis of a decomposition method for modal formulas. The idea is that a congruence format for a semantics must ensure that the formulas in the modal characterisation of this semantics are always decomposed into formulas that are again in this modal characterisation. The stability and divergence requirements that are imposed on many of the known weak semantics have so far been outside the realm of this method. Stability refers to the absence of a -transition. We show, using the decomposition method, how congruence formats can be relaxed for weak semantics that are stability-respecting. This relaxation for instance brings the priority operator within the range of the stability-respecting branching bisimulation format. Divergence, which refers to the presence of an infinite sequence of -transitions, escapes the inductive decomposition method. We circumvent this problem by proving that a congruence format for a stability-respecting weak semantics is also a congruence format for its divergence-preserving counterpart.
1998 ACM Subject Classification: F.3.2 Operational semantics, F.4.1 Modal logic
Keywords: Structural Operational Semantics, Weak Semantics, Modal Logic
1 Introduction
Structural operational semantics [28] provides specification languages with an interpretation in terms of a mathematical notion of behaviour. It generates a labelled transition system, in which states are the closed terms over a (single-sorted, first-order) signature, and transitions between states carry labels. The transitions between states are obtained from a transition system specification (TSS), which consists of a set of proof rules called transition rules. States in labelled transition systems can be identified by a wide range of behavioural equivalences, based on e.g. branching structure or decorated versions of execution sequences. Van Glabbeek [16] classified so-called weak semantics, which take into account the internal action . A significant number of the weak semantics based on a bisimulation relation carry a stability or divergence requirement. Stability refers to the absence of a -transition and divergence to the presence of an infinite sequence of -transitions.
In general a behavioural equivalence induced by a TSS is not guaranteed to be a congruence, i.e. the equivalence class of a term need not be determined by and the equivalence classes of its arguments . Being a congruence is an important property, for instance in order to fit the equivalence into an axiomatic framework. Respecting stability or preserving divergence sometimes needs to be imposed in order to obtain a congruence relation, for example in case of the priority operator [1].
Behavioural equivalences can be characterised in terms of the observations that an experimenter could make during a session with a process. Modal logic captures such observations. A modal characterisation of an equivalence on processes consists of a class of modal formulas such that two processes are equivalent if and only if they satisfy the same formulas in . For instance, Hennessy-Milner logic [23] constitutes a modal characterisation of (strong) bisimilarity. A cornerstone for the current paper is the work in [6] to decompose formulas from Hennessy-Milner logic with respect to a structural operational semantics in the ntyft format [21] without lookahead. Here the decomposition of a modal formula w.r.t. a term is a selection of -tuples of modal formulas, one of which needs to be satisfied by the processes in order for to satisfy . Based on this method, congruence formats can be generated for process semantics from their modal characterisation, to ensure that the equivalence is a congruence. Such formats help to avoid repetitive congruence proofs and obtain insight into the congruence property. Key idea is that congruence is ensured if formulas from the modal characterisation of a semantics under consideration are always decomposed into formulas that are again in this modal characterisation. This approach was extended to weak semantics in [15, 12]. It crosses the borders between process algebra, structural operational semantics, process semantics, and modal logic.
Here we expand the latter work to weak semantics that respect stability or preserve divergence. We focus on branching bisimilarity and rooted branching bisimilarity [20] and consider for each a stability-respecting and two divergence-preserving variants. Divergence-preserving branching bisimilarity [20] is the coarsest congruence relation for the parallel composition operator that only equates processes satisfying the same formulas from the well-known temporal logic CTL∗ minus the next-time operator [19]. With regard to stability the expansion is relatively straightforward: we extend the modal characterisation of the semantics with one clause to capture that a semantics is stability-respecting, and study the decomposition of this additional clause. Next we show how the congruence formats for branching bisimilarity and rooted branching bisimilarity from [15] can be relaxed, owing to the extended modal characterisation for stability-respecting branching bisimilarity. Notably, the transition rules for the priority operator are within the more relaxed formats.
The divergence preservation property escapes the inductive decomposition method, as it concerns an infinite sequence of -transitions. We overcome this problem by presenting a general framework for lifting congruence formats from some weak semantics to a finer weak semantics , with the aim to turn congruence formats for stability-respecting weak semantics into congruence formats for their divergence-preserving counterparts. (For the curious reader, it roughly works as follows. Consider a TSS in a congruence format for , and for example a unary function symbol . A new TSS is created out of , in which many occurrences of in transition rules are suppressed by renaming them into some fresh action name. Furthermore, processes are provided with what we call an oracle transition that reveals some pertinent information on the behaviour of the process, such as whether it can diverge. In this way we ensure that and coincide on the transformed TSS. For each closed term of we moreover introduce a constant in the transformed TSS such that implies , and so . We take care that this entire transformation preserves the congruence format for . So implies , and hence, since and coincide on the transformed TSS, . Finally we cast and back to processes strongly bisimilar to and in the original TSS , taking care that is preserved. Thus we have gone full circle: implies . This implies that the congruence format for is also a congruence format for .) We show four instances where this method can be applied. In two cases is stability-respecting branching bisimilarity and in two cases rooted stability-respecting branching bisimilarity, while the definition of is obtained from by replacing respect for stability by preservation of one of the two aforementioned forms of divergence. Thus it can be concluded that the congruence format for stability-respecting branching bisimilarity is also applicable to divergence-preserving as well as weakly divergence-preserving branching bisimilarity; and likewise for the rooted counterparts of these semantics.
In [2], it was argued that an adaptation of the classical operational semantics of sequential composition in a process theory with the empty process leads to a smoother integration of classical automata theory. A detailed proof is given that rooted divergence-preserving branching bisimilarity is a congruence for the resulting operator—here called sequencing—, but also it is observed that this property can be inferred from our congruence format.
An extended abstract of the present paper appeared as [13]. This version includes elaborate proofs of the results, provides additional explanations, and discusses sequencing as an extra example application.
2 Preliminaries
This section recalls the basic notions of labelled transition systems and weak semantics and defines stability-respecting and divergence-preserving branching bisimilarity (Sect. 2.1) as well as a modal characterisation of stability-respecting branching bisimilarity (Sect. 2.2). It also presents a brief introduction to structural operational semantics (Sect. 2.3) and recalls some syntactic restrictions on transition rules (Sect. 2.4).
2.1 Stability-respecting and divergence-preserving branching
bisimilarity
A labelled transition system (LTS) is a triple , with a set of processes, a set of actions, and . We normally let where is an internal action and some set of external or observable actions not containing . We write for . We use to denote processes, for elements of , and for elements of . We write for , for , and for . Furthermore, denotes the transitive-reflexive closure of . If , then we say that is stable.
Definition 2.1**.**
Let be a symmetric relation.
- •
* is a branching bisimulation if and implies that either and , or*
* for some and with and .*
- •
* is stability-respecting if and implies that for some with .*
- •
* is divergence-preserving if it satisfies the following condition:*
- (D)
if and there is an infinite sequence of processes such that , and for all , then there exists an infinite sequence of processes such that , for all , and for all .
The definition of a weakly divergence-preserving relation is obtained by omitting the condition “and for all ”. (The condition “and for all ” is then redundant.)
Processes are branching bisimilar, denoted p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}q, if there exists a branching bisimulation with . They are stability-respecting, divergence-preserving or weakly divergence-preserving branching bisimilar, denoted p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q or p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q, if moreover is stability-respecting, divergence-preserving or weakly divergence-preserving, respectively.
We have {\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}}\supset{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}}\supset{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}}\supset{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}}.
The relations \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}} are equivalences [3, 16, 18]. However, they are not congruences with respect to most process algebras from the literature, meaning that the equivalence class of a process , with an -ary function symbol, is not always determined by the equivalence classes of its arguments, i.e. the processes . Therefore an additional rootedness condition is imposed.
Definition 2.2**.**
Rooted* branching bisimilarity, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}}, is the largest symmetric relation on such that p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}}q and implies that for some with p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}q^{\prime}. Likewise, rooted stability-respecting, divergence-preserving or weakly divergence-preserving branching bisimilarity, denoted by p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q,p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}}q or p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top\!}}q, is the largest symmetric relation on such that and implies that for some with p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}, p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q^{\prime} or p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q^{\prime}, respectively.*
Our main aim is to develop congruence formats for stability-respecting and divergence-preserving semantics. These congruence formats will impose syntactic restrictions on the transition rules that are used to generate the underlying LTS. The congruence formats will be determined using the characterising modal logics for the semantics.
We will sometimes refer to strong bisimulation semantics, which ignores the special status of the .
Definition 2.3**.**
A symmetric relation is a strong bisimulation if and implies that for some with . Processes are strongly bisimilar, denoted p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}q, if there exists a strong bisimulation with .
The various notions of bisimilarity defined above are examples of so-called behavioural equivalences. For a general formulation of the results in Sect. 5, it is convenient to formally define a notion of behavioural equivalence that includes at least the examples above. Note that a common feature of their definitions is that they associate with every LTS a binary relation . (For instance, in the case of strong bisimilarity, the relation associated with is defined as the binary relation {\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}}\subseteq\mathbb{P}_{\rm G}\times\mathbb{P}_{G} such that p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}q if (and only if) there exists a strong bisimulation such that .) One may, thus, think of a behavioural equivalence as a family of binary relations indexed by LTSs. It turns out that we need to impose just one extra condition on such families to arrive at a suitable formalisation of the notion of behavioural equivalence. The condition states that the relation associated with the disjoint union of two LTSs restricted to one of the components coincides with the relation associated with that component.
Definition 2.4**.**
Two LTSs and are called disjoint if . In that case denotes their union .
A behavioural equivalence on LTSs is a family of equivalence relations , one for every LTS , such that for each pair of disjoint LTSs and we have for any .
The notions of bisimilarity defined above clearly qualify as behavioural equivalences. Given two behavioural equivalences and , we write iff for each LTS .
2.2 Modal characterisation
Modal logic formulas express properties on the behaviour of processes in an LTS. Following [16], we extend Hennessy-Milner logic [23] with the modal connectives and , expressing that a process can perform zero or more, respectively zero or one, -transitions to a process where holds.
Definition 2.5**.**
The class of modal formulas is defined as follows, where ranges over all index sets and over :
[TABLE]
We use abbreviations for the empty conjunction, for , for , and for .
denotes that process satisfies formula . The first two operators represent the standard Boolean operators conjunction and negation. We define that if for some with , if for some with , and if either or for some with .
For each , we write if and satisfy the same formulas in . We say that is a modal characterisation of some behavioural equivalence if coincides with . We write if for all processes . The class denotes the closure of under . Trivially, .
Definition 2.6**.**
[16]** The subclasses and of are defined as follows, where ranges over and over :
[TABLE]
and are modal characterisations of \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}}, respectively (see [15]).
The idea behind stability is: (I) if p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q and with p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}p^{\prime}, then with q\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. In the definition of \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} this was formulated more weakly: (II) if p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q and , then with q\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. To argue that formulations (I) and (II) are equivalent, suppose p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q and with p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}p^{\prime}. Clearly with p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime\prime}. Now the weaker property (II) yields with q^{\prime\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. So with q\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. That formulations (I) and (II) coincide is important to grasp the following modal characterisation of stability-respecting branching bisimilarity, because the additional clause at the end of the definition of is based on formulation (I).
Definition 2.7**.**
[16]** The subclasses and of are defined as follows:
[TABLE]
The additional clause in the definition of expresses stability. The first part captures , while the second part captures the stability-respecting branching bisimulation class of . Note that since is stable and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} coincide on stable processes, we can take the second part from . The proof of the following theorem is presented in the appendix.
Theorem 2.8**.**
p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q\Leftrightarrow p\sim_{\mathbb{O}_{b}^{s}}q* and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q\Leftrightarrow p\sim_{\mathbb{O}_{rb}^{s}}q, for all .*
2.3 Structural operational semantics
A signature is a set of function symbols with arity . A function symbol of arity 0 is called a constant. Let be an infinite set of variables, with typical elements ; we assume . A syntactic object is closed if it does not contain any variables. The sets and of terms over and and closed terms over , respectively, are defined as usual; denote terms, denote closed terms, and is the set of variables that occur in term . A substitution is a partial function from to . The result of applying a substitution to a term is the term obtained by replacing in all occurrences of variables in the domain of by . A closed substitution is a substitution that is defined on all variables in and maps every variable to a closed term.
Structural operational semantics [28] generates an LTS in which the processes are the closed terms. The labelled transitions between processes are obtained from a transition system specification, which consists of a set of proof rules called transition rules.
Definition 2.9**.**
A (positive or negative) literal is an expression or . A (transition) rule is of the form with a set of literals called the premises, and a literal called the conclusion; the terms at the left- and right-hand side of are called the source and target of the rule, respectively. A rule is also written . A rule is standard if it has a positive conclusion. A transition system specification (TSS), written , consists of a signature , a set of actions , and a collection of transition rules over . A TSS is standard if all its rules are.
A TSS is meant to specify an LTS in which the transitions are the closed positive literals that can be proved using the rules of the TSS. It is straightforward to associate an appropriate notion of provability in the special case of standard TSSs with only positive premises. In the general case, in which the rules of the TSS may have negative premises, consistency is a concern. Literals and are said to deny each other; a notion of provability associated with TSSs is consistent if it is not possible to prove two literals that deny each other. To arrive at a consistent notion of provability in the general case, we proceed in two steps: first we define the notion of irredundant proof, which on a standard TSS does not allow the derivation of negative literals at all, and then arrive at a notion of well-supported proof that allows the derivation of negative literals whose denials are manifestly underivable by irredundant proofs. In [17] it was shown that the notion of well-supported provability is consistent.
Definition 2.10**.**
[6]** Let be a TSS. An irredundant proof from of a rule is a well-founded tree with the nodes labelled by literals and some of the leaves marked “hypothesis”. The root of this tree has label and is the set of labels of the hypotheses. Moreover, the tree must satisfy the property that if is the label of a node that is not a hypothesis and is the set of labels of the children of this node, then is a substitution instance of a rule in . If there exists such a tree for the rule , then we say that it is irredundantly provable from (notation: ).
We note that if a leaf in a proof from is not marked as hypothesis, then it is a substitution instance of a rule without premises in .
Definition 2.11**.**
[17]** Let be a standard TSS. A well-supported proof from of a closed literal is a well-founded tree with the nodes labelled by closed literals, such that the root is labelled by , and if is the label of a node and is the set of labels of the children of this node, then:
either is positive and is a closed substitution instance of a rule in ; 2. 2.
or is negative and for each set of closed negative literals with irredundantly provable from and a closed positive literal denying , a literal in denies one in .
* denotes that a well-supported proof from of exists. A standard TSS is complete if for each and , either or there exists a closed term such that .*
If is a complete TSS, then the LTS associated with is the LTS with . We do not associate an LTS with an incomplete TSS.
2.4 Congruence formats
Let be a transition system specification, and let be an equivalence relation defined on the set of closed terms . Then is a congruence for if, for each , we have that implies . Note that this is the case if for each open term and each pair of closed substitutions we have .
Recall that we have associated with every complete TSS an LTS of which the states are the closed terms of the TSS, and that a behavioural equivalence associates with every such transition system an equivalence on its set of states. Thus, associates with every TSS an equivalence on its set of closed terms. By a congruence format for a behavioural equivalence we mean a class of TSSs such that for every TSS in the class the equivalence is a congruence. Usually, a congruence format is defined by means of a list of syntactic restrictions on the rules of TSSs. We proceed to recap some terminology for syntactic restrictions on rules [6, 21, 22].
Definition 2.12**.**
An ntytt rule is a rule in which the right-hand sides of positive premises are variables that are all distinct, and that do not occur in the source. An ntytt rule is an ntyxt rule if its source is a variable, an ntyft rule if its source contains exactly one function symbol and no multiple occurrences of variables, and an nxytt rule if the left-hand sides of its premises are variables.
A well-known congruence format for strong bisimulation semantics is the class of TSSs that consists of ntyft and ntyxt rules only [21, 22]. Congruence formats for other semantics are generally obtained by imposing additional restrictions on this ntyft/ntyxt format.
Definition 2.13**.**
A variable in a rule is free if it occurs neither in the source nor in right-hand sides of premises. A rule has lookahead if some variable occurs in the right-hand side of a premise and in the left-hand side of a premise. A rule is decent if it has no lookahead and does not contain free variables.
Each combination of syntactic restrictions on rules induces a corresponding syntactic format for TSSs of the same name. For instance, a TSS is in decent ntyft format if it contains decent ntyft rules only.
Definition 2.14**.**
A TSS is in ready simulation format if it consists of ntyft and ntyxt rules that have no lookahead.
In congruence formats for weak semantics, lookahead of two consecutive actions from must be forbidden. To see this, consider the extension of CCS [25] with a unary operator defined by the rule
[TABLE]
Then ab{\bf 0}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}}a\tau b{\bf 0}, whereas f(ab{\bf 0})\not\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}}f(a\tau b{\bf 0}). Therefore congruence formats for weak semantics are generally obtained by imposing additional restrictions on the ready simulation format.
3 Modal decomposition
Our goal in this paper is to present and discuss congruence formats for (rooted) stability-respecting and divergence-preserving branching bisimilarity. To derive these congruence formats and prove their correctness, we shall use the modal decomposition approach first proposed in [6], which conveniently employs a modal characterisation of the behavioural equivalence and a modal decomposition result. In this section, we shall explain the main ideas underlying the approach.
Let be the behavioural equivalence under consideration. To prove that some class of TSSs is a congruence format for , we should establish that is a congruence for every TSS in the class under consideration. That is, we should establish that for every and for every pair of closed substitutions such that for all we have that . Now, if is a modal characterisation of , then our proof obligation can be reformulated as: for every and for every pair of closed substitutions , if, for all , and satisfy the same formulas in , then and satisfy the same formulas in . Clearly, by symmetry and using standard logical reasoning, it suffices to assume that and satisfy the same formulas in for all , consider an arbitrary formula such that , and prove that .
Figure 1 schematically illustrates how a modal decomposition result can support the correctness argument. To effectively use the assumption that and satisfy the same formulas in , it is convenient to express a general correspondence between the satisfaction of formulas in by and the satisfaction of formulas in by for all . With every and every formula we wish to associate an assignment of formulas to the variables occurring in such that, for all closed substitutions , we have that
[TABLE]
There does not, in general, exist an assignment that satisfies (1) for all substitutions . We shall see, however, that we can associate with every and a set of assignments satisfying the implication from right to left for all substitutions ; we call such assignments decomposition mappings for and . Moreover, we shall see that for every substitution there exists a decomposition mapping that also satisfies the implication from left to right.
The approach described above is applied in [15] to derive congruence formats for (rooted) branching bisimilarity and (rooted) -bisimilarity, and establish their correctness. Here we do the same for (rooted) stability-respecting branching bisimilarity. To this end, we have to show that if the TSS is in the congruence format for (rooted) stability-respecting branching bisimilarity, to be presented in Sect. 4, then the decomposition mappings associated with formulas in the modal characterisation for (rooted) stability-respecting branching bisimilarity yield again formulas in the modal characterisation for (rooted) stability-respecting branching bisimilarity. Since the modal characterisation of (rooted) stability-respecting branching bisimilarity is a small extension of the modal characterisation of (rooted) branching bisimilarity, we can build upon the preservation result for the latter semantics.
In the remainder of this section, we shall further explain and provide some intuitions for the technical ingredients of the modal decomposition approach, referring to the result from [15]. First, we shall introduce in Sect. 3.1 the auxiliary notion of ruloid associated with a TSS, which allows us, for every term and every closed substitution , to characterise the derivability of a transition from in terms of the (non-)derivability of transitions from (with ranging over ). Then we associate, in Sect. 3.2, with every term a set of decomposition mappings. In Sect. 3.3 we present and briefly discuss the congruence format for (rooted) branching bisimilarity that was proposed in [15].
3.1 Ruloids
Our modal decomposition result should establish a correspondence between the satisfaction of formulas in by and the satisfaction of formulas in by for all . Since the satisfaction of formulas of the shape refers to the transition relation, it is convenient to characterise the provability in a presupposed TSS of a transition from in terms of the provability or refutability in of transitions from the . The characterisation is provided by the notion of -ruloid. A -ruloid is a decent nxytt rule that is irredundantly provable in a TSS that is the result of a transformation of . In [6], the transformation is presented at length and proved correct. Here we shall explain it superficially, providing just enough detail to be able to convincingly argue later that our congruence formats are preserved under his transformation.
First is converted to a standard TSS in decent ntyft format. In this conversion from [22], free variables in a rule are replaced by arbitrary closed terms, and if the source is of the form , then this variable is replaced by a term for each -ary function symbol in the signature of , where the variables are fresh. Next, using a construction from [10], left-hand sides of positive premises in rules of are reduced to variables. In the final transformation step, non-standard rules with a negative conclusion are introduced. The motivation is that instead of the notion of well-founded provability of Def. 2.11, we want a more constructive notion like Def. 2.10, by making it possible that a negative premise is matched with a negative conclusion. A non-standard rule is obtained by picking one premise from each standard rule with a conclusion of the form , and including the denial of each of the selected premises as a premise in .
The resulting TSS, which is in decent ntyft format, is denoted by . In [6] it was established, for all closed literals , that if and only if is irredundantly provable from . The -ruloids are those decent nxytt rules that are irredundantly provable from . In [6, Lem. 13—aliased 8.2] it was established that , with a closed substitution, if and only if there is a ruloid and a closed substitution that agrees with on such that and .
3.2 Decomposition of modal formulas
The decomposition method proposed in [15] gives a special treatment to arguments of function symbols that are deemed patient; a predicate marks the arguments that get this special treatment.
Definition 3.1**.**
[5, 9]** Let be a predicate on arguments of function symbols. A standard ntyft rule is a -patience rule if it is of the form
[TABLE]
with . A TSS is -patient if it contains all -patience rules. A standard ntytt rule is -patient if it is irredundantly provable from the -patience rules; else it is called -impatient.
A patience rule for an argument of a function symbol expresses that terms can mimic the -transitions of argument (cf. [5, 9]). Typically, in process algebra, there are patience rules for the arguments of parallel composition and for the first argument of sequential composition, but not for the arguments of the alternative composition or for the second argument of sequential composition.
Definition 3.2**.**
[6]** Let be a predicate on . If , then argument of is -liquid; otherwise it is -frozen. An occurrence of in is -liquid if either , or and the occurrence is -liquid in for a liquid argument of ; otherwise the occurrence is -frozen.
We now show how to decompose formulas from . To each term and formula we assign a set of decomposition mappings . Each of these mappings has the property that, for all closed substitutions , if for all . Vice versa, whenever , there is a decomposition mapping with for all .
Definition 3.3**.**
[15]** Let be a -patient standard TSS in ready simulation format. We define as the function that for each and returns the smallest set of decomposition mappings satisfying the following six conditions. Let denote a univariate term, i.e. without multiple occurrences of the same variable. (Cases 1–5 associate with every univariate term a set . Then, in Case 6, the definition is generalised to terms that are not univariate, using that every term can be obtained by applying a non-injective substitution to a univariate term.)
* iff there are for each such that*
[TABLE] 2. 2.
* iff there is a function such that*
[TABLE] 3. 3.
* iff there is a -ruloid and a such that*
[TABLE] 4. 4.
* iff one of the following holds:*
- (a)
either there is a such that
[TABLE] 2. (b)
or there is a -impatient -ruloid and a such that
[TABLE] 5. 5.
* iff one of the following holds:*
- (a)
either ; 2. (b)
or there is an that occurs -liquid in , and a such that
[TABLE] 3. (c)
or there is a -impatient -ruloid and a such that
[TABLE] 6. 6.
* for a non-injective substitution iff there is a such that*
[TABLE]
The following theorem will be the key to the forthcoming congruence results.
Theorem 3.4**.**
[15]** Let be a -patient complete standard TSS in ready simulation format. For each term , closed substitution , and :
[TABLE]
3.3 Deriving the (rooted) branching bisimulation
format
Def. 3.3 yields for every term and every formula in the modal language a set of decomposition mappings. Note that the modal language (), which characterises (rooted) branching bisimilarity, is a sublanguage of . In order to prove that (rooted) branching bisimilarity is a congruence for a TSS , in view of Thm. 3.4 it therefore suffices to provide an argument that the decomposition mappings associated with formulas in () assign formulas in () to all variables. The congruence format should facilitate this argument. By carefully studying the syntactic shapes of the formulas assigned to variables by the decomposition mappings associated with a term and a formula (), we can derive sufficient syntactic conditions on ruloids associated with , which play a role in the definition of the decomposition mappings. These syntactic conditions on the ruloids, in turn, give rise to sufficient conditions on the rules of .
Let us illustrate this approach by considering a -patient standard TSS in ready simulation format, a formula of the shape , with , a term , and a variable . We first determine the general shape of the formula assigned to by a decomposition mapping , and then formulate sufficient conditions on the rules of that restrict the general shape in such a way that we can be certain that .
Since , the decomposition mapping satisfies clause 4 of Def. 3.3 and hence satisfies one of its two subclauses 4a or 4b. For the purpose of the explanation of the branching bisimulation format, it is enough to consider the case that satisfies subclause 4a.
If, on the one hand, occurs -liquid in , then from clauses 1 and 3 it follows that there exist a -ruloid and decomposition mappings and such that
[TABLE]
If we assume, inductively, that and are formulas in , then if we can write the argument of in as or as . Clearly, this means that can contain at most one positive premise , with , and cannot contain a negative premise .
If, on the other hand, does not occur -liquid in , then from clauses 1 and 3 it follows that there exist a -ruloid and decomposition mappings and such that
[TABLE]
and it is clear that cannot occur at all in .
The analysis above yields a rudimentary syntactic requirement for the -ruloids : * may not contain negative premises and, for all variables , if has no -liquid occurrence in , then it does not have a -liquid occurrence in either, and if does have a -liquid occurrence in , then it can have at most one -liquid occurrence of in , which must be in a positive premise with *.
As is shown in [15], the requirement derived above can be relaxed if is defined as , where and are two auxiliary predicates. Intuitively, the predicate marks arguments that contain processes that have started executing (but may currently be unable to execute), while marks arguments that contain processes that can execute immediately. For example, in process algebra, and hold for the arguments of the parallel composition and for the first argument of sequential composition ; they can contain processes that started to execute in the past, and these processes can continue their execution immediately. In absence of the empty process, and do not hold for the second argument of sequential composition; it contains a process that did not yet start to execute, and cannot execute immediately. If immediate termination is possible, i.e., in the presence of the empty process, then this argument becomes -liquid; cf. the sequencing operator example in Sect. 4.1. does not hold and holds for the arguments of alternative composition ; they contain processes that did not yet start to execute, but that can start executing immediately.
Below, we recall the (rooted) branching bisimulation format proposed in [15]. Due to the use of the two predicates and , the syntactic restrictions are technically more complicated than sketched above. We refer the reader to [15] for further explanations and examples.
Definition 3.5**.**
Let and be predicates on . A standard ntytt rule is rooted branching bisimulation safe w.r.t. and if it satisfies the following conditions.
Right-hand sides of positive premises occur only -liquid in . 2. 2.
If occurs only -liquid in , then occurs only -liquid in . 3. 3.
If occurs only -frozen in , then occurs only -frozen in . 4. 4.
If has exactly one -liquid occurrence in and this occurrence is also -liquid, then has at most one -liquid occurrence in and this occurrence must be in a positive premise. If, moreover, this premise is labelled , then must be -patient.
A standard TSS is in rooted branching bisimulation format if it is in ready simulation format and, for some and , it is -patient and only contains rules that are rooted stability-respecting branching bisimulation safe w.r.t. and . It is in branching bisimulation format if moreover is universal, i.e., for all and .
4 Stability-respecting branching bisimilarity as a
congruence
We present, in Sect. 4.1, congruence formats for stability-respecting branching bisimilarity and rooted stability-respecting branching bisimilarity, as relaxations of the congruence formats for branching bisimilarity and rooted branching bisimilarity, respectively. We illustrate the usefulness of the formats with applications to the priority operator and an operator for sequencing. In Sect. 4.2 we prove the correctness of the formats.
4.1 The (rooted) stability-respecting branching bisimulation
format
We define when a standard ntytt rule is rooted stability-respecting branching bisimulation safe, and base the rooted stability-respecting branching bisimulation format on that notion. As with the branching bisimulation format, to define the stability-respecting branching bisimulation format we add one additional restriction to its rooted counterpart: is universal. Our aim for the rest of this section will be to prove that the (rooted) stability-respecting branching bisimulation format guarantees that (rooted) stability-respecting branching bisimilarity is a congruence.
Definition 4.1**.**
Let and be predicates on . A standard ntytt rule is rooted stability-respecting branching bisimulation safe w.r.t. and if it satisfies the following conditions.
Right-hand sides of positive premises occur only -liquid in . 2. 2.
If occurs only -liquid in , then occurs only -liquid in . 3. 3.
If occurs only -frozen in , then occurs only -frozen in . 4. 4.
Suppose that has exactly one -liquid occurrence in , and that this occurrence is also -liquid.
- (a)
If has an -liquid occurrence in a negative premise in or more than one -liquid occurrence in the positive premises in , then there is a premise in such that occurs -liquid in . 2. (b)
If there is a premise in and occurs -liquid in , then is -patient.
Conditions 1–3 have been copied from Def. 3.5, and condition 4b is part of condition 4 in that definition. Condition 4a, however, establishes a relaxation of condition 4 in the definition of rooted branching bisimulation safeness, where it was required that has at most one -liquid occurrence in , which must be in a positive premise. Here, owing to stability, we can be more tolerant, as long as can be derived. As a consequence of this relaxation we will see that the rule for the priority operator is rooted stability-respecting branching bisimulation safe, while it is not rooted branching bisimulation safe.
Definition 4.2**.**
A standard TSS is in rooted stability-respecting branching bisimulation format if it is in ready simulation format and, for some and , it is -patient and only contains rules that are rooted stability-respecting branching bisimulation safe w.r.t. and .
This TSS is in stability-respecting branching bisimulation format if moreover is universal.
Application to the priority operator
The priority operator [1] is a unary function the definition of which is based on an ordering on atomic actions. The term executes the transitions of the term , with the restriction that a transition only gives rise to a transition if there does not exist a transition with . This intuition is captured by the rule for the priority operator below.
[TABLE]
The priority operator does not preserve [rooted] branching bisimilarity (cf. [33, pp. 130–132]), as shown by the following example.
Example 4.3**.**
Consider the following two LTSs:
a$$a$$b$$a$$\tau$$q$$a$$b$$a$$\tau$$p
Clearly p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}q. Note that on the other hand p\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{s}\,}q, because is stable while cannot perform a sequence of -transitions to a stable state.
Suppose that . Let us try to extend the ordering such that \Theta(p)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}\Theta(q). Since cannot execute the trace , we must declare , to block this trace in . But then can only execute an infinite -sequence while can execute . Hence \Theta(p)\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}\,}\Theta(q) for every ordering (with ).
Moreover, if and are processes with as only transitions and , then p_{0}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}}q_{0}, but \Theta(p_{0})\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}\,}\Theta(q_{0}) for every ordering (with ).
So inevitably, as observed in [15], the rule for the priority operator is not in the rooted branching bisimulation format. Namely, the -liquid argument in the source occurs -liquid in the negative premises, which violates the more restrictive condition 4 of the rooted branching bisimulation format.
We proceed to show that the rule for the priority operator does satisfy the relaxed condition 4 of Def. 4.1. To this end, first note that in view of the target , by condition 1 of Def. 4.1, the argument of must be chosen -liquid. And in view of condition 3 of Def. 4.1, the argument of must be chosen -liquid. Then the rule above is rooted stability-respecting branching bisimulation safe, if the following condition on the ordering on atomic actions is satisfied: if there is a such that , then . Namely, this guarantees that condition 4a of Def. 4.1 is satisfied: if there is a negative premise , then there is also a negative premise . Moreover, note that then the rule for the priority operator with constitutes a patience rule because there can be no with . Furthermore, since the argument of is -liquid, this operator is within the stability-respecting branching bisimulation format. Thm. 4.15 and Thm. 4.16, which are presented at the end of Sect. 4, will therefore imply the following congruence results.
Corollary 4.4**.**
\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}* and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} are congruences for the priority operator.*
Application to sequencing
The binary sequencing operator is a variant of sequential composition that does not rely on a notion of successful termination. Intuitively, the process behaves as its left-hand side argument until that can no longer do any transitions; then it proceeds with its right-hand side argument. The rules below, which appeared e.g. in [4], formalise this behaviour:
[TABLE]
Sequencing does not preserve [rooted] branching bisimilarity, as shown by the following example.
Example 4.5**.**
Consider three processes , , and with and while cannot perform any transitions. Then p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}q, but p\mathop{;}r\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}p\not\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}r\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}q\mathop{;}r. Note that p\not\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q since is stable while cannot perform a sequence of -transitions to a stable state.
Using processes and as in Ex. 4.3 shows that also \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}} fails to be a congruence for sequencing.
We proceed to show that if both arguments of are chosen to be -liquid, and only the first argument of is chosen to be -liquid, then both rules are rooted stability-respecting branching bisimulation safe w.r.t. and (see Def. 4.1):
The right-hand side of the positive premise in the first rule occurs -liquid in . 2. 2.
In both rules, the variable has only -liquid occurrences. 3. 3.
In both rules, both variables and have -liquid occurrences in the source. 4. 4.
In both rules, only the variable has exactly one -liquid occurrence in the source that is also -liquid.
- (a)
The variable does not have more than one -liquid occurrence in the positive premises of the rules. It does have -liquid occurrences in negative premises of the second rule, but, since ranges over all actions in , there is also a premise . 2. (b)
Clearly the first rule with , which has a premise with an -liquid occurrence of , is -patient.
Thm. 4.16, which is presented at the end of Sect. 4, will therefore imply the following congruence result.
Corollary 4.6**.**
\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}* is a congruence for the sequencing operator.*
Note that we cannot take to be universal, for then by condition 4b we would need the second rule for to be -patient. Yet, as is easy to check, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} is a congruence for sequencing. This shows that our (unrooted) stability-respecting branching bisimulation format does not cover all relevant operators from the literature.
We argue that it is not straightforward to formulate a congruence format for stability-preserving branching bisimilarity that includes the rules for the sequencing operator. The second rule for the sequencing operator is not a patience rule for two reasons: it has negative premises and the target is not of the form . Putting as the target would not change the semantics in an essential way, so only the first reason is relevant. The following example shows that a mild generalisation of the notion of patience rule allowing some negative premises would not work.
Example 4.7**.**
Consider a binary function symbol defined by the following three rules:
[TABLE]
Similar to the second argument of the sequencing operator, the ‘patience rules’ for the two arguments of both carry an additional negative premise. Making both arguments - and -liquid, all requirements of the stability-respecting branching bisimulation format are met, including 4b if the first two rules are considered patience rules.
However, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} is not a congruence for . Suppose and . Then clearly p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}p^{\prime}, but f(p,q)\not\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}f(p^{\prime},q) because cannot perform any transition while can perform an -transition.
4.2 Correctness
To prove that (rooted) stability-respecting branching bisimilarity is indeed a congruence for every complete standard TSS in the (rooted) stability-respecting branching bisimulation format, we use the modal decomposition method discussed in Sect. 3. It suffices to establish that the transformation to ruloids preserves the syntactic restrictions of the format, and that the format, in turn, ensures that decomposition mappings associated with a formula in () assign to the variables again formulas in ().
Preservation of syntactic restrictions
The definition of modal decomposition is based on -ruloids. Therefore we must verify that if is in rooted stability-respecting branching bisimulation format, then the -ruloids are rooted stability-respecting branching bisimulation safe (Prop. 4.13). The key part of the proof is to show that the syntactic restriction of decent rooted stability-respecting branching bisimulation safety is preserved under irredundant provability (Lem. 4.11).
In the proof of the preservation lemma below, rules with a negative conclusion will play an important role. Therefore the notion of rooted stability-respecting branching bisimulation safety needs to be extended to non-standard rules. The following definition coincides with the definition of rooted branching bisimulation safe for non-standard rules in [15].
Definition 4.8**.**
An ntytt rule is rooted stability-respecting branching bisimulation safe w.r.t. and if it satisfies conditions 2 and 3 of Def. 4.1.
Lemma 4.9**.**
Let be an -patient TSS in decent ntyft format. If an ntytt rule is provable from and occurs -liquid in , then contains a premise where occurs -liquid in .
Proof 4.10**.**
Recall from Sect. 3.1 that also the TSS is in decent ntyft format. Let be provable from , by means of a proof . We apply structural induction with respect to .
Induction basis*: The case where has only one node, marked “hypothesis”, is trivial, as then contains .*
Induction step*: Let be the decent ntyft rule and the substitution used at the bottom of . Let be the conclusion of . Then . Since occurs -liquid in , it occurs -liquid in where is an -liquid argument of . In view of the patience rule for this argument of and the construction of rules with a negative premise it follows that has a premise . So a rule is provable from by means of a strict subproof of , where . By induction contains a premise where occurs -liquid in .*
Lemma 4.11**.**
Let be an -patient TSS in decent ntyft format, in which each rule is rooted stability-respecting branching bisimulation safe w.r.t. and . Moreover, is either a standard TSS or a TSS of the form with an -patient standard TSS in decent ntyft format. Then each ntytt rule irredundantly provable from is rooted stability-respecting branching bisimulation safe w.r.t. and .
Proof 4.12**.**
For all conditions of Def. 4.1 and Def. 4.8 except 4a, the preservation proof coincides with the corresponding proof for rooted branching bisimulation safeness in [15, Lem. 5—aliased 4.5]. Therefore we here focus only on condition 4a. Let an ntytt rule be irredundantly provable from , by means of a proof . We prove, using structural induction with respect to , that this rule satisfies condition 4a of Def. 4.1.
Induction basis*: Suppose has only one node, marked “hypothesis”. Then equals (so is a variable). This rule trivially satisfies condition 4a of Def. 4.1.*
Induction step*: Let be the decent ntyft rule and the substitution used at the bottom of . By assumption, is decent, ntyft, and rooted stability-respecting branching bisimulation safe w.r.t. and . Let be of the form*
[TABLE]
Then and . Moreover, decent ntytt rules for each and for each are irredundantly provable from by means of strict subproofs of , where . By induction, they are rooted stability-respecting branching bisimulation safe w.r.t. and .
Suppose that has exactly one -liquid occurrence in , which is also -liquid. Then there is an with and such that has exactly one -liquid occurrence in , which is also -liquid. Furthermore, for each , or occurs only -frozen in . Since the ntyft rule is rooted stability-respecting branching bisimulation safe w.r.t. and , by condition 3 of Def. 4.1, if , then occurs only -frozen in for all , as well as in for all . We distinguish three possible cases, and argue each time that condition 4a of Def. 4.1 is satisfied.
Case 1*: has no -liquid occurrences in the premises of . Then has no -liquid occurrences in for and for . So by condition 3 of Def. 4.1 and decency of the and , has no -liquid occurrences in .*
Case 2*: has exactly one -liquid occurrence in the premises of , in for some . By condition 2 of Def. 4.1 this occurrence is also -liquid. Then has exactly one -liquid occurrence in , and this occurrence is also -liquid. So by condition 4a of Def. 4.1, if has an -liquid occurrence in a negative premise in or more than one in the positive premises in , then there is a premise in where occurs -liquid in . Furthermore, has no -liquid occurrences in for and for . So by condition 3 of Def. 4.1, has no -liquid occurrences in for and for .*
Case 3*: occurs -liquid in for some or has more than one -liquid occurrence in the for . Then, by condition 4a of Def. 4.1, occurs -liquid in for some with . By condition 2 of Def. 4.1 this occurrence is also -liquid. It follows that occurs -liquid in . In case is a standard TSS the premise occurs in , and otherwise, by Lem. 4.9, contains a premise where occurs -liquid in .*
The following proposition can now be proved in the same way as the corresponding Prop. 2—aliased 4.6 —for rooted branching bisimulation safeness in [15].
Proposition 4.13**.**
Let be an -patient TSS in ready simulation format, in which each rule is rooted stability-respecting branching bisimulation safe w.r.t. and . Then each -ruloid is rooted stability-respecting branching bisimulation safe w.r.t. and .
Preservation of modal characterisations
Given a standard TSS in rooted stability-respecting branching bisimulation format, w.r.t. some and , Def. 3.3 yields decomposition mappings , with . In this section we prove that if , then if occurs only -liquid in . (That is why in the stability-respecting branching bisimulation format, must be universal.) Furthermore, we prove that if , then for all variables . From these preservation results we will deduce the promised congruence results for unrooted and rooted stability-respecting branching bisimilarity, respectively.
In [15] the following proposition was proved in two separate steps: Prop. 3 and Prop. 4—aliased 4.7 and 4.8—in that paper. This was possible since incorporates but not vice versa. However, since there is a circular dependency between the definitions of and , here we need to prove the corresponding results for these modal characterisations simultaneously. The third part of the proposition below is merely a tool in proving the other parts.
Proposition 4.14**.**
Let be an -patient standard TSS in ready simulation format, in which each rule is rooted stability-respecting branching bisimulation safe w.r.t. and .
For each term and variable that occurs only -liquid in :
[TABLE] 2. 2.
For each term and variable :
[TABLE] 3. 3.
For each term and variable that occurs only -liquid and -frozen in :
[TABLE]
- Proof:
We apply simultaneous induction on the structure of , resp. , and the construction of . We only treat the case where is univariate. The case where is not univariate can be dealt with in the same way as in the proofs of the corresponding Prop. 3 and Prop. 4—aliased 4.7 and 4.8—in [15]. Let . If then . So suppose occurs exactly once in .
We start with the first claim of the proposition. The cases where is of the form or can be dealt with as in the proof of Prop. 3—aliased 4.7—in [15]. We therefore focus on the other cases.
- –
** with . Let the occurrence of in be -liquid. According to Def. 3.3.4 we can distinguish two cases.**
Case 1:
** is defined based on Def. 3.3.4a. Then if occurs -liquid in , or if occurs -frozen in , for some . By Def. 3.3.1, with and . By induction on formula size, . For , according to Def. 3.3.5, we can distinguish three cases. Cases 1.1 and 1.2 where is defined based on Def. 3.3.5a and Def. 3.3.5b, respectively, proceed in the same way is in the proof of [15, Prop. 3]. We focus on the third case.**
Case 1.3:
** is defined based on Def. 3.3.5c, employing an -impatient -ruloid and a . So . By Prop. 4.13, is rooted stability-respecting branching bisimulation safe. Since the occurrence of in is -liquid, by condition 2 of Def. 4.1, occurs only -liquid in . Therefore, by induction on formula size, . Case 1.3.1 where the occurrence of in is -frozen still proceeds in the same way is in the proof of [15, Prop. 3]. We focus on the other case.**
Case 1.3.2:
The occurrence of in is -liquid. If has at most one premise of the form , for which , and none of the form , then still the proof proceeds in the same way is in the proof of ****[15, Prop. 3]****. However, the more relaxed condition 4a of Def. 4.1 allows to have more than one premise of the form with , or premises . Only, then must also contain the premise . Thus \psi(x)\equiv\langle\varepsilon\rangle\big{(}\neg\langle\tau\rangle\top\land\chi_{1}(x)\land\xi(x)\land\bigwedge_{x\stackrel{{\scriptstyle b}}{{\longrightarrow}}y\in H}\langle b\rangle\xi(y)\land\bigwedge_{x\mathord{\hskip 2.79996pt\not\stackrel{{\scriptstyle c\;}}{{\longrightarrow}}}\in H}\neg\langle c\rangle\top\big{)}. By condition 1 of Def. 4.1 the right-hand sides of positive premises in occur only -liquid in , so by induction . Hence the conjuncts are in . It follows that .
Case 2:
** is defined based on Def. 3.3.4b, employing an -impatient -ruloid and a . By Prop. 4.13, is rooted stability-respecting branching bisimulation safe. Since the occurrence of in is -liquid, by condition 2 of Def. 4.1, occurs only -liquid in . Therefore, by induction on the construction of , . Case 2.1 where the occurrence of in is -frozen proceeds in the same way is in the proof of [15, Prop. 3]. We focus on the other case.**
Case 2.2:
The occurrence of in is -liquid.** Then \psi(x)=\langle\varepsilon\rangle\big{(}\chi(x)\ \land\bigwedge_{x\stackrel{{\scriptstyle\beta}}{{\longrightarrow}}y\in H}\langle\beta\rangle\chi(y)\land\bigwedge_{x\mathord{\hskip 2.79996pt\not\stackrel{{\scriptstyle\gamma\;}}{{\longrightarrow}}}\in H}\neg\langle\gamma\rangle\top\big{)}. If has at most one premise of the form , for which , and none of the form , then still the proof proceeds in the same way is in the proof of [15, Prop. 3]. However, the more relaxed condition 4a of Def. 4.1 allows to have more than one premise of the form with , or premises . Only, then must also contain the premise . Thus \psi(x)\equiv\langle\varepsilon\rangle\big{(}\neg\langle\tau\rangle\top\land\chi(x)\land\bigwedge_{x\stackrel{{\scriptstyle b}}{{\longrightarrow}}y\in H}\langle b\rangle\chi(y)\land\bigwedge_{x\mathord{\hskip 2.79996pt\not\stackrel{{\scriptstyle c\;}}{{\longrightarrow}}}\in H}\neg\langle c\rangle\top\big{)}. By condition 1 of Def. 4.1 the right-hand sides of positive premises in occur only -liquid in , so by induction . Hence the conjuncts are in . It follows that .**
The proof of the case in from ****[15, Prop. 3]**** needs to be adapted in a similar fashion as the case . We take the liberty to omit this adaptation here, and continue with the additional clause in the modal characterisation of , compared to .
- –
** with . Let the occurrence of in be -liquid. According to Def. 3.3.4 we can distinguish two cases.**
Case 1:
** is defined based on Def. 3.3.4a. Then if occurs -liquid in , or if occurs -frozen in , for some . By Def. 3.3.1, with and . By Def. 3.3.2 there is a function such that .**
Case 1.1:
** occurs -liquid in . By Def. 3.3.3, for each , is of the form for some -ruloid . Note that such formulas are in . Moreover, by induction on formula size, . Since the occurrence of in is -liquid, there is an -patient ruloid . This gives rise to a such that . Concluding, is of the form for some . So .**
Case 1.2:
** occurs -frozen in . Then by condition 3 of Def. 4.1, does not occur in . Since moreover for each , by Def. 3.3.3, for each . So either if is non-empty or if is empty. In the first case , so then we are done. In the second case, by induction on formula size, using the third claim of this proposition, .**
Case 2:
** is defined based on Def. 3.3.4b. This case proceeds in the same way as case 2 of .**
This completes the proof of the first claim of the proposition. We continue with the second claim of the proposition. The cases where is of the form or or can be dealt with as in the proof of Prop. 4 in [15]. We focus on the only other case.
- –
. The cases where is of the form or or or can be dealt with as in the proof of Prop. 4 in ****[15]****. We focus on the only new case here.
** with . If the occurrence of in is -liquid, then we already proved in the corresponding case for the first claim of the proposition that . So we can assume that this occurrence is -frozen. According to Def. 3.3.4 we can distinguish two cases.**
Case 1:
** is defined based on Def. 3.3.4a. Then, since occurs -frozen in , for some . By Def. 3.3.1, with and . By induction on formula size, and . Hence, is in .**
Case 2:
** is defined based on Def. 3.3.4b, using an -impatient -ruloid and a . As the occurrence of in is -frozen,**
. By induction on the construction of , . Moreover, by condition 1 of Def. 4.1 the occur only -liquid in , so we proved before that the are in . Hence .
This completes the proof of the second claim of the proposition. We finish with the last claim. The cases where is of the form or can be dealt with as in the proof of Prop. 3 in [15], and the case follows immediately from the first claim. We therefore focus on the remaining case: with .
** is defined based on Def. 3.3.3, for some -ruloid and . Since the occurrence of in is -frozen, by condition 3 of Def. 4.1, does not occur in . Hence, . By Prop. 4.13, is rooted stability-respecting branching bisimulation safe. Since the occurrence of in is -liquid, by condition 2 of Def. 4.1, occurs only -liquid in . Therefore, by the first claim of this proposition, . ∎**
Now the promised congruence results for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} can be proved in the same way as their counterparts for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,}} in [15].
Theorem 4.15**.**
Let be a complete standard TSS in stability-respecting branching bisimulation format. Then \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} is a congruence for .
Theorem 4.16**.**
Let be a complete standard TSS in rooted stability-respecting branching bisimulation format. Then \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} is a congruence for .
5 Divergence-preserving branching bisimilarity as a congruence
To get a modal characterisation of (weakly) divergence-preserving branching bisimilarity, a modality that captures divergence needs to be added to the modal logic. A modal characterisation of divergence-preserving branching bisimilarity would be obtained by adding a unary modality to the modal logic for branching bisimilarity, with the interpretation if there is an infinite trace such that for all .
Modal formulas to capture divergence elude the inductive decomposition method from Def. 3.3, because they ask for the existence of an infinite sequence of -transitions. The following example shows that the decomposition method does not readily extend to modalities .
Example 5.1**.**
Let and let . The interleaving parallel composition operator is usually defined by the following two rules, where ranges over :
[TABLE]
We extend the operational semantics of this operator with communication rules, for all :
[TABLE]
Consider the following two collections of processes for . We define and and and for all . We have . There is no obvious way to decompose this modal property of into modal properties of its arguments and .
Rather than modifying the decomposition method in order to derive new congruence formats for (weakly) divergence-preserving branching bisimilarity, we shall argue in this section that the stability-respecting branching bisimilarity format is also a congruence format for weakly divergence-preserving branching bisimilarity and divergence-preserving branching bisimilarity, and similarly for their rooted variants.
Suppose that is a -patient TSS (for some predicate ) on which \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} is a congruence, and suppose that we wish to show that \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} is a congruence on too. Then, using that {\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}}\subseteq{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}}, it suffices to argue that, for all and such that p_{i}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}q_{i} (), we have that f(p_{1},\dots,p_{n})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}f(q_{1},\dots,q_{n}) implies f(p_{1},\dots,p_{n})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}f(q_{1},\dots,q_{n}). The feature that distinguishes \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} from \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} is that \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} preserves divergences whereas \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} does not. Now suppose that admits a divergence. Then we can distinguish two cases:
the process directly inherits this divergence from one of its arguments through a patience rule, say, admits a divergence and the th argument of is -liquid; or 2. 2.
none of the for a -liquid argument of admits a divergence, but somehow there is an interplay between and its arguments that facilitates the divergence.
We want to argue that in both cases necessarily admits a divergence as well. In the first case, using that p_{i}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}q_{i}, also admits a divergence. So by the patience rule for the th argument of , admits a divergence. It hence suffices to reduce the second case to the first. The following example roughly illustrates how such a reduction can be achieved.
Example 5.2**.**
Let and consider the parallel composition operator of CCS for this set of actions defined by the following four rules (with ranging over ):
[TABLE]
Note that the operational semantics of includes patience rules for both arguments (specific instances of the two left-most rules), but also rules that may lead to divergences not directly inherited from arguments. For instance, if is the process with just one transition and is the process with just one transition , then admits a divergence, while and do not admit divergences.
Now also consider the parallel composition operator defined in Ex. 5.1 in combination with a unary abstraction operator defined by the following two rules, where ranges over (i.e., ):
[TABLE]
It is not hard to see that in a TSS that includes the CCS parallel composition , the parallel composition operator as defined in Ex. 5.1 and the unary abstraction operator , we have, for all processes and , that {p_{1}\mathbin{\mid}p_{2}}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}{\tau_{\iota}(p_{1}\mathbin{\|}p_{2})}. Hence, since {\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}}\subseteq{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}}, in order to show that \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} is a congruence for it suffices to establish that it is a congruence for and that it is a congruence for . Namely, then p_{1}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}\!q_{1} and p_{2}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}\!q_{2} yield p_{1}\mathbin{\mid}p_{2}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}\tau_{\iota}(p_{1}\mathbin{\|}p_{2})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}\!\tau_{\iota}(q_{1}\mathbin{\|}q_{2})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}q_{1}\mathbin{\mid}q_{2}. Moreover, it is well-known and easy to see that is compositional for a wide range of behavioural equivalences, including the ones mentioned in Sect. 2.1. Since all operational rules for with a -labelled conclusion are patience rules, only case 1 of admitting a divergence can apply.
The idea discussed in the example above can be generalised: every operator can be expressed as a combination of and an abstraction-free variant of , for which all rules with a -labelled conclusion are patience rules. The main ingredient of our proof that on every TSS in the stability-respecting branching bisimulation format both \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} are congruences, and similarly for the rooted case, is a transformation that allows us to establish compositionality of an operator by establishing the compositionality of its abstraction-free variant.
Although the idea is fairly simple, the formal technicalities are quite involved. It is therefore convenient to first formulate, in Sect. 5.1, sufficient conditions on a presupposed transformation on TSSs and associated encoding and decoding functions for them to be suitable for lifting a congruence format for some behavioural equivalence to a finer equivalence. Instead of dealing with specific equivalences \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}, we work with parametric equivalences and where is finer than ; they will later be instantiated with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}. This allows a reuse of our work with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} in the roles of and , as well as with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}} in the role of and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} in the role of . In Sect. 5.2 we introduce the machinery needed in Sect. 5.1 and show that it has the required properties, except for those that depend on the choice of and . Finally, in Sect. 5.3 we apply our framework to derive congruence formats for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}, \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}}.
5.1 A general framework for lifting congruence formats to finer equivalences
Our general proof idea is illustrated in Fig. 2. Here (on the left) is a TSS in our congruence format for . We want to show that on also is a congruence. So consider an operator , for simplicity depicted as unary. Given two processes and in (closed terms in its signature) with , we need to show that . Fig. 2 shows a roundabout trajectory from to . Imagine a similar trajectory from to —not depicted in Fig. 2, but hovering above the page.
First we apply a transformation on . The TSS will be abstraction-free in the sense that it only allows patience rules and rules without premises to carry a conclusion with the label . Moreover, the transformation needs to be such that on the behavioural equivalences and coincide, and to realise this property it will introduce oracle transitions that reveal some pertinent information on the behaviour of a process, such as whether it can diverge. We ensure that -equivalence is preserved under the addition of these oracle transitions.
The transformation will modify the rules of , but we still want to find for each closed term of a faithful representant of inside . To this end we introduce for each closed term of a constant in , in such a way that implies .111In all our applications we have iff , but our general framework does not require this. Note that by including these processes as constants, added oracle transition are decent ntyft rules without premises, which therefore do not compromise the -congruence format that needs to satisfy. Each -ary operator of remains an -ary operator of . Since we have . We argue that if is within our congruence format for , then the TSS is also within this congruence format, and conclude from that . An important result, deferred to Sect. 5.3, is that on the equivalences and coincide. Hence .
Finally, we decode the processes and , aiming to return to the LTS generated by , but actually ending up in another LTS . Our decoding function exactly undoes the effects of the encoding , which sent to , so that is strongly bisimilar with . A crucial property of the function , also deferred to Sect. 5.3, is that it is compositional for , meaning that from we may conclude . By imposing the requirement that contains strong bisimilarity, this implies that .
We now formalise this proof idea. An LTS is called disjoint from a complete TSS if it is disjoint from the LTS associated with . In that case denotes the union of and (cf. Def. 2.4).
Theorem 5.3**.**
Let and be behavioural equivalences on LTSs, with {\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}}\subseteq{\sim}\subseteq{\approx}. Let be a congruence format for , included in the decent ntyft format, and let be an operation on standard TSSs, where for each TSS the signature of contains enriched by a fresh constant for each closed term in , such that, for each complete standard TSS in decent ntyft format:
also is a complete standard TSS, 2. 2.
if is in -format then so is , 3. 3.
, 4. 4.
* and coincide, and*
there is an LTS , disjoint from , as well as a function such that:
, and 2. 6.
f(p_{1},\dots,p_{n})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{P\uplus{\rm K}}^{\,}}{\it dec}(f(\hat{p}_{1},\dots,\hat{p}_{n}))* for any -ary and .*
Then is also a congruence format for .
Proof 5.4**.**
Let be a complete standard TSS in -format. We will show that is a congruence for . So let be an -ary function symbol, and let with for . We need to show that .
By requirements 1 and 2, is a complete standard TSS in -format; hence is a congruence for . By requirement 3 for . By requirement 4 also is a congruence for . So . Hence, by requirement 5,
[TABLE]
*Therefore, by two applications of requirement 6, and the definition of a behavioural equivalence,
and consequently .*
5.2 Abstraction-freeness
In this section we introduce the machinery needed for Thm. 5.3, namely the conversion on TSSs and the function dec into the LTS . We also establish requirements 1 and 6 of Thm. 5.3, leaving 2–5 to the applications of Thm. 5.3 in Sect. 5.3 for specific instances of and . Since we are only interested in TSSs with -transitions, we here take the set of actions used in Sect. 5.1 to be .
5.2.1 The conversion
Let again denote a predicate that marks the (-liquid) arguments of function symbols. In [14] we called a standard TSS abstraction-free w.r.t. if only its -patience rules carry the label in their conclusion. Here we use a slightly more liberal definition of abstraction-freeness that also allows rules that have no premises, and a conclusion of the form for constants and .
The following conversion turns any -patient standard TSS into a -patient and abstraction-free TSS . It is parameterised by the choice of a fresh set of actions , so , and a partial function , which we call an oracle. The choice of and varies for different applications of Thm. 5.3. This choice will be made in Sect. 5.3 in such a way that requirements 3 and 4 of Thm. 5.3 are met, for specific instances of and .
Definition 5.5**.**
Given a -patient standard TSS . Let be the signature , enriched with a fresh constant and a fresh constant for each closed term . Pick a fresh action . We define the TSS as where the rules in are obtained from the rules in as follows:
* is obtained from by adding for each rule and each non-empty subset of positive -premises of , a copy of with as only difference that the labels in the premises in are replaced by ;* 2. 2.
* is obtained from by replacing, in every rule that has a conclusion with the label and is not a -patience rule, the -label in the conclusion by ;* 3. 3.
* is obtained from by adding the premise to each rule with a negative -premise ;* 4. 4.
* is obtained from by the addition of a rule for each transition ws-provable from ;* 5. 5.
* is obtained from by the addition of a rule for each with defined;* 6. 6.
* adds to a rule for each , and argument with .*
Step 2 above makes the resulting TSS abstraction-free by renaming -labels in conclusions of non-patience rules into . To ensure that still the same transitions are derived, modulo the conversion of some into -labels, step 1 above allows positive premises labelled to be used instead of in all rules, and step 3 achieves the same purpose for negative premises. These three steps result in a -patient and abstraction-free TSS that could be called \mbox{\cal A!!F}_{\Gamma}(P).
Conceptually, steps 1, 2 and 3 on the one hand and steps 4 and 5 on the other hand are independent. Listing steps 1, 2 and 3 before steps 4 and 5 makes it evident that the transformations 1–3 do not apply to the rules added by 4 and 5.
For convenience in proofs, and to better explain steps 4 and 5 of Def. 5.5, we consider an auxiliary LTS with and iff , and an auxiliary LTS with and defined. The LTS is simply a disjoint copy of the LTS generated by .
Lemma 5.6**.**
If for some , then .
Proof 5.7**.**
We have p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{P\uplus{\rm G}}^{\,}}\hat{p} for each , because the relation is a strong bisimulation. So \hat{p}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{P\uplus{\rm G}}^{\,}}p\sim_{P\uplus{\rm G}}q\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{P\uplus{\rm G}}^{\,}}\hat{q}, using the definition of a behavioural equivalence, and thus , using that {\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,^{\,}}}\subseteq{\sim}. Hence , again by the definition of a behavioural equivalence.
The LTS adds oracle transitions to . The idea is that is particular for the -equivalence class of , which on the one hand ensures that iff , and on the other hand enforces that and coincide on . Namely, if then the oracle action of can be matched by (and vice versa), which implies .
Example 5.8**.**
Take to be weakly divergence-preserving branching bisimilarity, and to be stability-respecting branching bisimilarity. Let us say that a process in an LTS is divergent if there exists an infinite sequence of processes such that and for all , i.e. if . Take and let iff is divergent. Thus in all divergent states of have a fresh outgoing transition labelled .
With this definition of , we have iff : any weakly divergence-preserving branching bisimulation on relates divergent states with divergent states only, and thus is also a weakly divergence-preserving branching bisimulation on (when adding ). Furthermore, as we will show in Prop. 5.33, due to the construction of , iff .
Steps 4 and 5 of Def. 5.5 incorporate the entire LTS into \mbox{\cal A!!F}_{\Gamma}(P): each state appears as a constant and each transition appears as a rule without premises. The operators from can now be applied to arguments of the form . Finally, step 6 lets any term inherit the oracle transitions from its -liquid arguments. Steps 4, 5 and 6 preserve abstraction-freeness; for step 4 this uses the relaxed definition of abstraction-freeness that allows to incorporate -transitions between constants as rules without premises.
Example 5.9**.**
Let have the rules
[TABLE]
where . Then has the rules
[TABLE]
[TABLE]
[TABLE]
By step 1, the first and third rule spawn one copy and the second rule spawns three copies in which part or all of the -labels of premises are renamed into . By step 2, in each rule that has a -label in the conclusion, except the patience rule for the first argument of , this label is renamed into . By step 3, in the third rule and its copy, a negative -premise is added. By step 6, an -rule is added for the first argument of . Since there are no closed terms in this example, steps 4 and 5 are void.
Clearly, for any -patient standard TSS , the standard TSS is -patient and abstraction-free w.r.t. . Henceforth, we drop the superscripts and , and denotes for the largest predicate for which is -patient. The signature of contains the signature of enriched by a fresh constant for each closed term in , as required in Thm. 5.3.
Lemma 5.10**.**
Let be a complete standard TSS in ntyft format. If for some , then .
Proof 5.11**.**
Since has no rules whose source is a variable, the only derivable transitions of the form with are the ones from , with of the form or . For this reason any process in is strongly bisimilar to the process in . Using this, the lemma follows just as Lem. 5.6.
As an immediate consequence of Lem. 5.6 and Lem. 5.10 we have the following corollary.
Corollary 5.12**.**
Requirement 3 of Thm. 5.3 is met if implies .∎
The inference depends on the choice of and , and is deferred to Sect. 5.3.
The oracle inheritance rules in —introduced in step 6 of Def. 5.5—ensure that a closed term has an outgoing -transition, for , iff one of its -liquid arguments has such a transition. Ultimately, all such oracle transitions stem from . Using that in any term can uniquely (up to renaming of variables) be written as with and , this observation can be phrased as follows.
Observation 1
Let and ; then iff has a -liquid occurrence of a variable with .
We proceed to compare provability in a standard TSS with provability in its abstraction-free counterpart , in order to verify requirements 1 and 6 of Thm. 5.3. The most laborious part in this comparison lays in step 4 of Def. 5.5. Therefore we deal with this step separately from the other five. Hence, we define for any standard TSS a TSS , which constitutes an intermediate between and . It is built by only applying step 4 from the construction of , with in the role of .
5.2.2 Comparison of and
We restrict our analysis to standard TSSs in decent ntyft format. For , let be obtained from by replacing every subterm in by . Likewise, for a set of closed negative literals, .
When we are merely interested in proving, from or , literals of the form or , possibly under some hypotheses, where the target of a positive literal is existentially quantified, we can equivalently use a version of resp. in which all right-hand sides of the premises and conclusions of rules have been dropped. Here we use that and are in decent ntyft format. This we do below.
Lemma 5.13**.**
Let be a standard TSS in decent ntyft format. Let and .
- •
If , with a set of closed negative literals, then for a set of closed negative literals with .
- •
If , with a set of closed negative literals, then either for a literal , or for some with .
Proof 5.14**.**
For the first statement we apply induction on the irredundant proof of from .
First assume that has the form , so that . Since has no rules whose source is a variable, the last step of must be an application of a rule , introduced in step 4 of the construction of , and . It follows that . Let be the unique set of negative literals occurring in the well-supported proof of from that have no negative literals below them. Then and each literal is ws-provable from .
Alternatively, with . Then the last step of must be an application of a decent ntyft rule in and the substitution with for . Let be the substitution with for . With every positive premise in we may associate a set of closed negative literals such that and such that is the union of all . So, by induction, for a set of closed negative literals with . Let be the union of all the . Note that Ň is the union of all the and the literals with . It follows that .
For the second statement assume and for all . Then . We show that for some with , by induction on the irredundant proof of from . First assume that has the form , so that . Then , so , meeting the requirement of the lemma.
Alternatively, with , so that . Then the last step of must be an application of a decent ntyft rule and the substitution with for . Let be the substitution with for . For each positive premise in we have for some and for all , and thus, by induction, for some with . Let be the union of all the , and the literals with . Then . It follows that .
Proposition 5.15**.**
Let be a complete standard TSS in decent ntyft format, and .
- •
.
- •
.
Proof 5.16**.**
“”: We prove both statements by simultaneous induction on the well-founded proof from or from . First consider the case .
Assume that has the form , so that . It follows immediately from step 4 of the construction of that . So take .
Alternatively, with , so that . Then the last step of must be an application of a decent ntyft rule and a substitution with for and . Let be the substitution with for . For each negative premise in we have , and thus, by induction, . Likewise, for each positive premise in , , and thus, by induction, for some with . Let be a substitution with for and for each positive premise in . Then for each premise in , and thus . Take . Then .
Next consider the case . Suppose that is irredundantly provable from . Then, by Lem. 5.13, for a set of closed negative literals with . By Def. 2.11 contains a literal such that is ws-provable from by means of a strict subproof of . By the consistency of , . Hence contains a literal with . By induction , and this literal denies a literal in . From this it follows that .
“”: We prove both statements by simultaneous induction on the well-founded proof of or from . First consider the case .
Assume that has the form , so that . Since has no rules whose source is a variable, the last step of must be an application of a rule , introduced in step 4 of the construction of . It follows that , so , and .
Alternatively, with , so that . Then the last step of must be an application of a decent ntyft rule and a substitution with for and . Let be the substitution with for each such that is defined, and undefined otherwise. For each premise in we have , by means of a subproof of , and thus, by induction, . It follows that .
Finally, consider the case . Suppose that is irredundantly provable from . Then, by Lem. 5.13, either for a literal , or for some with . In the first case, by the completeness of , for a literal denying , and we are done. So assume the second case. By Def. 2.11 contains a literal such that is ws-provable from by means of a strict subproof of . By induction , and this literal denies a literal in . From this it follows that .
Corollary 5.17**.**
Let be a complete standard TSS in decent ntyft format. Then also is complete.
Proof 5.18**.**
Let and . Since is complete, either or . Consequently, by Prop. 5.15, either or .
5.2.3 Comparison of and
and differ on the account of rules with premises and conclusions labelled and . We note that actions play no role in the next lemma and proposition.
Lemma 5.19**.**
Let be a standard TSS in ntyft format. Let range over and over .
- •
* for a set of closed negative literals iff there is a set of closed negative literals such that and .*
- •
, with or , for a set of closed negative literals , iff there is an such that and .
Proof 5.20**.**
“If”: Both statements follow by a straightforward simultaneous induction on irredundant provability from .
“Only if”: Both statements follow by a straightforward simultaneous induction on irredundant provability from .
Proposition 5.21**.**
Let be a standard TSS in ntyft format. Let range over and over .
- •
.
- •
**.
- •
.
- •
**.
Proof 5.22**.**
Using Lem. 5.19, the lemma follows by two straightforward inductions on well-supported provability, one for , covering all four claims, and one for .
Corollary 5.23**.**
Let be a standard TSS in decent ntyft format. If is complete, then so is .
Proof 5.24**.**
By Cor. 5.17, is complete. Hence, for each and , either or . So by Prop. 5.21, either or .
Each can be written as with and . Let be the largest predicate for which is -patient. Now if has a -liquid argument for which . Otherwise, .
Likewise, for any , if has a -liquid argument for which . Otherwise, .
A closed negative literal is called true if , false if , and ambiguous if neither applies. Above we proved that there are no ambiguous literals labelled or or . It remains to show that there are no ambiguous literals labelled . Towards a contradiction, assume that is ambiguous.
There must exist a closed term and set of closed negative literals such that and no literal in is false. For if there were no such and , the literal would be true by Def. 2.11. Moreover, must contain an ambiguous literal , for if all literals in would be true, then the literal would be false by Def. 2.11. By Lem. 5.19 there is a set of closed negative literals such that and . So contains both and . If then would be true by Prop. 5.21. Hence , by the completeness of . So by Prop. 5.21, or . It follows that one of the literals or must be false, contradicting the absence of false literals in .
5.2.4 Comparison of and
The LTS has as states , and the transitions are the ones generated by the following two rules:
[TABLE]
where ranges over . The operator simply sends any process to the state . Thus, dec erases all transitions with labels from and renames labels into . All other transitions are preserved.
Proposition 5.25**.**
Let be a standard TSS. Let range over and over .
- •
.
- •
\left(\begin{array}[]{@{}l@{}}\phantom{\vee~{}}\mathcal{A\!\!F\!\!O}(P)\vdash_{\it ws}p\stackrel{{\scriptstyle\tau}}{{\longrightarrow}}q\\[-1.0pt] \vee~{}\mathcal{A\!\!F\!\!O}(P)\vdash_{\it ws}p\stackrel{{\scriptstyle\iota}}{{\longrightarrow}}q)\end{array}\right).
Proof 5.26**.**
Straightforward.
5.2.5 Verifying requirements 1 and 6 of Thm. 5.3
That requirement 1 of Thm. 5.3 is met is immediate by Cor. 5.23.
We end this section by verifying requirement 6 of Thm. 5.3. Intuitively, the behaviour of a process in is the same as that of the process in , except that some -transitions of the former are turned into -transitions of the latter process, and that some oracle transitions may have been added in the latter. Since any rule in with a conclusion labelled by has positive and negative premises with labels from only, these oracle transitions have no influence on the derivation of any transitions from with labels in . The operator dec removes all oracle transitions and renames into , thereby returning the behaviour of to match that of exactly.
Proposition 5.27**.**
*Let be a complete standard TSS in decent ntyft format.
Then f(p_{1},\dots,p_{n})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{P\uplus{\rm K}}^{\,}}{\it dec}(f(\hat{p}_{1},\dots,\hat{p}_{n})) for any -ary and .*
Proof 5.28**.**
It suffices to show that the relation is a strong bisimulation.
So let . Suppose that , with . Then, by Prop. 5.25, there is a with and . Hence, by Prop. 5.21, . So, by Prop. 5.15, , which had to be shown.
The case that proceeds in the same way.
Now suppose that , with . Then, by Prop. 5.15, there is a with and . Hence, by Prop. 5.21, . So, by Prop. 5.25, , which had to be shown. Again the case proceeds in the same way.
5.3 Application of the general framework to divergence-preserving semantics
We now apply Thm. 5.3 to derive that the stability-respecting branching bisimulation format and its rooted variant are congruence formats for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}, and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}}, respectively.
As congruence format in Thm. 5.3 we take the (rooted) stability-respecting branching bisimulation format intersected with the decent ntyft format. If a TSS is in this format, there exist predicates and such that is -patient and only contains rules that are rooted stability-respecting branching bisimulation safe w.r.t. and . Although there may be some freedom in the choice of and , the predicate is completely determined by . Namely, each -liquid argument of an operator symbol must have a patience rule, and conversely, each argument of that has a patience rule must be -liquid, by conditions 1 and 3 of Def. 4.1. Hence there can be no ambiguity in the choice of in .
It is straightforward to check that the conversion on standard TSSs defined in Sect. 5.2 preserves the (rooted) stability-respecting branching bisimulation format, and thus satisfies requirement 2 of Thm. 5.3. Here it is important that in step 6 of Def. 5.5 a term inherits oracle transitions only from its -liquid arguments—else condition 3 of Def. 4.1 would be violated. Furthermore, condition 4a of Def. 4.1 is preserved because premises are kept in place in step 3 of Def. 5.5; and condition 4b of Def. 4.1 is preserved because the transformation in Def. 5.5 does not introduce new positive premises with the label .
5.3.1 A congruence format for weakly divergence-preserving branching bisimilarity
We first apply Thm. 5.3 with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} in the roles of and . In the construction of the LTS out of the LTS (cf. Sect. 5.2) we take and let iff is divergent. As observed in Ex. 5.8, iff . Hence, with Cor. 5.12, requirement 3 of Thm. 5.3 is satisfied. We proceed to show that also requirement 4 is satisfied.
Lemma 5.29**.**
Let and . In , is divergent iff has a -liquid occurrence of a variable such that is divergent.
Proof 5.30**.**
For “only if”, suppose is divergent, i.e., there is an infinite sequence of -transitions from . Since is abstraction-free, each of these transitions must originate from a -transition from a process , where occurs -liquid in . One of the variables that occurs -liquid in must contribute infinitely many of these transitions, so that is divergent.
“If” follows immediately from the fact that the TSS is -patient.
Lemma 5.31**.**
Let . Then iff is divergent.
Proof 5.32**.**
In any term can be written as with and .
Suppose is divergent. Then has a -liquid occurrence of a variable such that is divergent, by Lem 5.29. Hence by the construction of . Thus , by Obs. 1. The other direction proceeds likewise.
The following proposition states that requirement 4 of Thm. 5.3 is satisfied indeed.
Proposition 5.33**.**
On the equivalences \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} coincide.
Proof 5.34**.**
It suffices to show that the relation \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} on is a weakly divergence-preserving branching bisimulation. By definition it is a (stability-respecting) branching bisimulation. Hence it remains to show that it is weakly divergence-preserving. To this end, it suffices to show that if is divergent and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q then also is divergent.
Suppose is divergent. Then by Lem. 5.31 . So for some , by the definition of a branching bisimulation. So is divergent, by Lem. 5.31, and thus is divergent.
The following example shows that Prop. 5.33 would not hold if we had skipped step 6 of Def. 5.5, inheriting oracle transitions for -liquid arguments, or if we had not used the oracle transitions at all.
Example 5.35**.**
Let be deadlock (a process without outgoing transitions) and a process having only a -transition to itself, and a -transition to . Then in the LTS we have \hat{p}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}_{\,{\rm G}}\hat{q} but \hat{p}\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\Delta\top\!\!}\,}_{\!\!\!{\rm G}}\hat{q}. After translation to , the processes and are distinguished by means of oracle transitions, so that we have \hat{p}\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{s}\,}_{\,{\rm H}}\hat{q} and \hat{p}\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\Delta\top\!\!}\,}_{\!\!\!{\rm H}}\hat{q}. Now let feature a unary operator with as only rule . If oracle transitions would not be inherited in , then we would have f(\hat{p})\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}_{\mathcal{A\!\!F\!\!O}(P)}f(\hat{q}) but f(\hat{p})\,\not\mathrel{\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\Delta\top\!}\,}_{\!\!\!\!\mathcal{A\!\!F\!\!O}(P)}f(\hat{q}).
We now verify requirement 5 of Thm. 5.3.
Proposition 5.36**.**
p\mathrel{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}}_{\!\!\!\!\mathcal{A\!\!F\!\!O}(P)}q~{}~{}\Rightarrow~{}~{}{\it dec}(p)\mathrel{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}}_{\!\!\!\!{\rm K}}{\it dec}(q).
- Proof:
Define the relation on the states of by
[TABLE]
It suffices to show that is a weakly divergence-preserving branching bisimulation.
- –
Suppose p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q and . By the semantics of there are two possibilities.
Case 1:
for some with . Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q, either and p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q, or for some and with p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q^{\prime} and p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q^{\prime\prime}. So either and , or with and .
Case 2:
, and for some with . Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q, for some and with p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q^{\prime} and p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q^{\prime\prime}. So with and .
- –
Suppose p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q and there is an infinite sequence such that , and for all . Then there is an infinite sequence such that and, for all , , p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q and either or . We distinguish two cases.
Case 1:
For infinitely many of the we have . Then there is an infinite sequence such that and for all . Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}q, there must be an infinite sequence such that , and p^{\prime}_{j}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,}}q^{\prime}_{j} for all . It follows that and for all . In other words, there exists an infinite sequence such that and for all .
Case 2:
There is an such that for all . Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!}}q, there must be a finite sequence such that and, for all , either or , and p_{k+1}\mathbin{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}}q_{k+1}. Moreover, since p_{n}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}q_{n}, and p_{k}\mathbin{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}}q\mathbin{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}}p_{n}\mathbin{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top\!\!\!}}}q_{n} for each , there must be an infinite sequence such that for all . It follows that and for all .
Corollary 5.37**.**
* is a congruence format for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}.*
As indicated in Sect. 3.1, each standard TSS in ready simulation format can be converted to a TSS in decent ntyft format. In [6] it is shown that this transformation preserves the set of -provable closed literals, hence is a congruence for iff is. It is not hard to check that if is in (rooted) stability-respecting branching bisimulation format then so is . Thus we obtain the following congruence theorem.
Theorem 5.38**.**
Let be a complete standard TSS in stability-respecting branching bisimulation format. Then \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} is a congruence for .
5.3.2 A congruence format for rooted weakly divergence-preserving branching bisimilarity
We now apply Thm. 5.3 with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} in the roles of and . The choice of and in the construction of is the same as above.
Again requirement 3 of Thm. 5.3 is satisfied: since any two processes are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}-equivalent in iff they are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}}-equivalent in , it follows immediately from Def. 2.2 that any two processes are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}}-equivalent in iff they are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}}-equivalent in .
Requirement 4 of Thm. 5.3 is also satisfied: since on the equivalences \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} coincide, it follows immediately from Def. 2.2 that also \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} coincide.
To check requirement 5 of Thm. 5.3 define the relation on the states of by
[TABLE]
With Def. 2.2 it is straightforward to check that is a rooted weakly divergence-preserving branching bisimulation. Hence requirement 5 is satisfied.
Corollary 5.39**.**
Rooted is a congruence format for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}}.
Exactly as above, this yields the following congruence theorem.
Theorem 5.40**.**
Let be a complete standard TSS in rooted stability-respecting branching bisimulation format. Then \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta\top}} is a congruence for .
5.3.3 A congruence format for divergence-preserving branching bisimilarity
Next, we apply Thm. 5.3 with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} in the roles of and . In the construction of the LTS , we let contain a unique name for each \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalence class of processes in , and let be the name of the \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalence class of , for any . Thus in all states of have a fresh outgoing transition, labelled with the name of its -equivalence class in .
With this definition of , requirement 3 of Thm. 5.3 is satisfied: any divergence-preserving branching bisimulation on relates states in the same \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalence class only, and thus is also a divergence-preserving branching bisimulation on (when adding ).
We proceed to show that also requirement 4 is satisfied. A few lemmas are needed.
Lemma 5.41**.**
[18]** Condition (D) in Def. 2.1 can be replaced by the following equivalent condition:
- (D*′*)
if and there is an infinite sequence of processes such that , and for all , then there is a process such that and for some .
That is, the resulting definition also yields the relation \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}.
Furthermore, we will employ the following property of \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}.
Lemma 5.42**.**
[18]** If and p_{0}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}p_{n}, then p_{0}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}p_{i} for all .
The following proposition tells that requirement 4 of Thm. 5.3 is satisfied indeed.
Proposition 5.43**.**
On the equivalences \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} coincide.
Proof 5.44**.**
It suffices to show that the relation \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} on is a divergence-preserving branching bisimulation. By definition it is a (stability-respecting) branching bisimulation. Hence it remains to show that it is divergence-preserving. By Lem. 5.41 it suffices to show that it satisfies condition (D′). So assume that p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q and there is an infinite sequence of processes such that , and p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q for all . We need to find a process such that and p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} for some . Towards a contradiction, assume that there is no with and p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} for some .
Let and for univariate with and . Since is abstraction-free, all -transitions in the infinite sequence originate, through patience rules, from -transitions of the processes for variables occurring -liquid in . Let be the set of variables that occur -liquid in . Then for each , and for at least one —call it —this sequence is infinitely long. For each and , let keep track of how many of the -transitions in the sequence originate from . Hence where for each and for each . Since, by assumption, the sequence of -transitions originating from is infinite, for each there exists a such that .
Claim: There is a such that h_{n}^{z}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}h_{j_{z}}^{z} for all .
**Proof of claim: Suppose there is no such . Then, using Lem. 5.42, the processes for belong to infinitely many \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalence classes. So there are infinitely many actions such that . For each of those actions , for some , by Obs. 1, and hence for some with p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime\prime}, since p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q. As we have assumed that there is no with and p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} for some , we have , and thus . However, according to Obs. 1 there can only be finitely many actions with , namely one for each variable occurring -liquid in . **
Let be the name of the \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalence class of the process . Then , and consequently by Obs. 1. Since \rho_{j}(t)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, it follows that for some process with \rho_{j}(t)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime\prime}. As we assumed that there is no with and p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} for some , we have , and thus . So by Obs. 1 has a -liquid occurrence of a variable with . It follows that in we have h_{j_{z}}^{z}=\rho_{j}(z)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}\rho(y). Thus, by Lem. 5.41, there exists a with and h_{\ell}^{z}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}g for some . Since the TSS is -patient, we have for a substitution with and for all variables . As, using the claim, \rho(y)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}\rho_{j}(z)=h_{j_{z}}^{z}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}h_{\ell}^{z}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}g=\rho^{\prime}(y), and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} is a congruence on , it follows that \rho(u)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}\rho^{\prime}(u). Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q=\rho(u)\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}\rho^{\prime}(u), it suffices to take , so that and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. This contradicts our assumption that no such exists.
We now verify requirement 5 of Thm. 5.3.
Proposition 5.45**.**
p\mathrel{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}}_{\mathcal{A\!\!F\!\!O}(P)}q~{}~{}\Rightarrow~{}~{}{\it dec}(p)\mathrel{\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}}_{\rm K}{\it dec}(q).
- Proof:
Define the relation on the states of by
[TABLE]
By Lem. 5.41 it suffices to show that is a branching bisimulation satisfying condition (D*′). That it is a branching bisimulation follows exactly as in the proof of Prop. 5.36. To show that it satisfies (D′*), suppose p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q and there is an infinite sequence such that , and for all . Then there is an infinite sequence such that and, for all , , p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q and either or . We distinguish two cases.
Case 1:
There is a with —consider the first such . Then . Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q, there is a with and p_{k+1}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q^{\prime}. Hence there is a with and .
Case 2:
There is no such . Then, since \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} satisfies (D*′*), there is a such that and p_{k}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}q^{\prime} for some . It follows that there is a such that and .
Corollary 5.46**.**
* is a congruence format for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}.*
Exactly as above, this yields the following congruence theorem.
Theorem 5.47**.**
Let be a complete standard TSS in stability-respecting branching bisimulation format. Then \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} is a congruence for .
5.3.4 A congruence format for rooted divergence-preserving branching bisimilarity
We now apply Thm. 5.3 with \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} in the roles of and . The choice of and in the construction of is the same as in Sect. 5.3.3.
Again requirement 3 of Thm. 5.3 is satisfied: since any two processes are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalent in iff they are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}}-equivalent in , it follows immediately from Def. 2.2 that any two processes are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}}-equivalent in iff they are \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}}-equivalent in .
Requirement 4 of Thm. 5.3 is also satisfied: since on the equivalences \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}} coincide, it follows immediately from Def. 2.2 that also \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}} and \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}} coincide.
To check requirement 5 of Thm. 5.3 define the relation on the states of by
[TABLE]
With Def. 2.2 it is straightforward to check that is a rooted weakly divergence-preserving branching bisimulation. Hence requirement 5 is satisfied.
Corollary 5.48**.**
Rooted is a congruence format for \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}}.
Exactly as above, this yields the following congruence theorem.
Theorem 5.49**.**
Let be a complete standard TSS in rooted stability-respecting branching bisimulation format. Then \mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,\Delta}} is a congruence for .
6 Related work
Ulidowski [30, 31, 32] proposed congruence formats, inside GSOS [7], for weak semantics that take into account non-divergence, called convergence in [16]. In [30] he introduces the ISOS format, and shows that the weak convergent refusal simulation preorder is a precongruence for all TSSs in the ISOS format. The GSOS format—in our terminology the decent nxyft format—allows only decent ntyft rules with variables as the left-hand sides of premises. The ISOS format is contained in the intersection of the GSOS format and our stability-preserving branching bisimulation format. Its additional restriction is that no variable may occur multiple times as the left-hand side of a positive premise, or both as the left-hand side of a positive premise and in the conclusion of a rule.
In [31, 32] he employs Ordered SOS (OSOS) TSSs [26]. An OSOS TSS allows no negative premises, but includes priorities between rules: means that can only be applied if cannot. An OSOS specification can be seen as, or translated into, a GSOS specification with negative premises. Each rule with exactly one higher-priority rule is replaced by a number of rules, one for each (positive) premise of ; in the copy of , this premise is negated. For a rule with multiple higher-priority rules , this replacement is carried out for each such .
The ebo and bbo formats from [31] target unrooted convergent delay and branching bisimulation equivalence, respectively. The bbo format is more liberal than the ebo format, which in turn is more liberal than the ISOS format. The rebo and rbbo formats from [32] target rooted convergent delay and branching bisimulation equivalence, respectively. These rooted formats are more liberal than their unrooted counterparts, and the rbbo format is more liberal than the rebo format.
If patience rules are not allowed to have a lower priority than other rules, then the (r)bbo format, upon translation from OSOS to GSOS, can be seen as a subformat of our (rooted) stability-respecting branching bisimulation format. The basic idea is that in the rbbo format all arguments of so-called -preserving function symbols [32], which are the only ones allowed to occur in targets, are declared -liquid; in the bbo format, all arguments of function symbols are declared -liquid. Moreover, all arguments of function symbols that occur as the left-hand side of a positive premise are declared -liquid. Patience rules are in the (r)bbo format however, under strict conditions, allowed to be dominated by other rules, which in our setting gives rise to patience rules with negative premises. This is outside the realm of our rooted stability-respecting branching bisimulation format. On the other hand, the TSSs of the process algebra BPAεδτ, the binary Kleene star and deadlock testing (see [11, 12]), for which rooted convergent branching bisimulation equivalence is a congruence, are outside the rbbo format but within the rooted stability-respecting branching bisimulation format.
7 Conclusions
We showed how the method from [15] for deriving congruence formats through modal decomposition can be applied to weak semantics that are stability-respecting. We used (rooted and unrooted) stability-respecting branching bisimulation equivalence as a notable example. Moreover, we developed a general method for lifting congruence formats from a weak semantics to a finer semantics, and used it to show that congruence formats for stability-respecting branching bisimulation equivalence are also congruence formats for their divergence-preserving counterparts. This research provides a deeper insight into the link between modal logic and congruence formats, and strengthens the framework from [15] for the derivation of congruence formats for weak semantics.
Almost every weak semantics has stability-respecting and divergence-preserving variants. Such variants have been studied most widely in the literature for branching, -, delay and weak bisimulation equivalence, but they have for instance also been considered for decorated trace semantics, such as exhibited behaviour equivalence [29], the generalised failure preorder [24], refusal equivalence [27], and copy+refusal equivalence [30]. We expect that the methods developed in this paper, combined with the methods from [15, 12], can serve as a cornerstone in the generation of congruence formats for such semantics. In particular, we conjecture that this will straightforwardly yield congruence formats for stability-respecting and divergence-preserving variants of -, delay and weak bisimulation equivalence.
Admittedly, the whole story is quite technical and intricate. Partly this is because we build on a rich body of earlier work in the realm of structural operational semantics: the notions of well-supported proofs and complete TSSs from [17]; the ntyft/ntyxt format from [21, 8]; the transformation to ruloids, which for the main part goes back to [10]; and the work on modal decomposition and congruence formats from [6]. In spite of these technicalities, we have arrived at a relatively simple framework for the derivation of congruence formats for weak semantics. Namely, for this one only needs to: (1) provide a modal characterisation of the weak semantics under consideration; (2) study the class of modal formulas that result from decomposing this modal characterisation, and formulate syntactic restrictions on TSSs to bring this class of modal formulas within the original modal characterisation; and (3) check that these syntactic restrictions are preserved under the transformation to ruloids. Steps (2) and (3) are very similar in structure for different weak semantics, as exemplified by the way we obtained a congruence format for stability-respecting branching bisimulation equivalence. And the resulting congruence formats tend to be more liberal and elegant than existing congruence formats in the literature.
Our intention is to carve out congruence formats for all weak semantics in the spectrum from [16] that have reasonable congruence properties. At first we expected that the current third instalment would allow us to do so. However, it turns out that convergent weak semantics as considered in for instance [31, 32, 34] still need extra work. The modal characterisations of these semantics are three-valued [16], which requires an extension of the modal decomposition technique to a three-valued setting.
Appendix A Modal characterisations
We prove Thm. 2.8, which states that is a modal characterisation of p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, and of p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q. So we need to prove, given an LTS , that p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q\Leftrightarrow p\sim_{\mathbb{O}_{b}^{s}}q and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q\Leftrightarrow p\sim_{\mathbb{O}_{rb}^{s}}q for all .
Proof A.1**.**
() We prove by structural induction on , resp. , that p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q\wedge p\models\varphi\Rightarrow q\models\varphi for all , and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q\wedge p\models\overline{\varphi}\Rightarrow q\models\overline{\varphi} for all , The converse implications ( and ) follow by symmetry.
- •
. Then for all . By induction for all , so .
- •
. Then . By induction , so .
- •
. Then for some there are with , for , and . We apply induction on .
Then , so by induction on formula size, . Furthermore, either (1) or (2) there is a with and . In case (1), by induction on formula size, , so . In case (2), since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, by Def. 2.1 either (2.1) p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q or (2.2) with p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} and p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime\prime}. In case (2.1), by induction on formula size, . In case (2.2), by induction on formula size, and . In both cases, .
Since , and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, according to Def. 2.1 there are two possibilities.
- 1.
Either p_{1}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q. Since , by induction on , . 2. 2.
Or with p_{1}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime\prime}. Since , by induction on , . Hence .
- •
. Then for some there are with , for , and . We apply induction on .
Then , and there is a with and . Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, by Def. 2.1 with p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} and p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime\prime}. By induction on formula size, and . Hence .
This case goes exactly as the case above.
- •
* with . Then for some there are with , for , and . We apply induction on .*
Then and . Since and are related by a stability-respecting branching bisimulation, there is a with and p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. Because and are both stable, p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime} implies p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q^{\prime}. So by induction on formula size, . Hence .
This case goes exactly as the case above.
- •
. Then for all . By induction for all , so .
- •
. Then . By induction , so .
- •
* with . Then for some with . By Def. 2.2, for some with p^{\prime}\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q^{\prime}. So by induction , and hence .*
- •
. Since p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{rb}^{\,s}}q implies p\mathrel{\,\raisebox{1.29167pt}{\underline{\makebox[6.99997pt]{}}}\,_{b}^{\,s}}q, we obtain by the cases treated above.
() We first prove that is a branching bisimulation. The relation is clearly symmetric. Let . Suppose . If and , then the first condition of Def. 2.1 is fulfilled. So we can assume that either (i) or (ii) . We define two sets:
[TABLE]
For each , let be a formula in such that and . (Such a formula always exists because is closed under negation .) We define
[TABLE]
Similarly, for each , let be a formula in such that and . We define
[TABLE]
Clearly, , and . We distinguish two cases.
. Since and , also . Hence with and . By the definition of and it follows that and . 2. 2.
* and . Let such that and . Since and , also . So with . By definition of it follows that . Thus , so with . By the definition of it follows that .*
Both cases imply that the first condition of Def. 2.1 is fulfilled, i.e. that is a branching bisimulation. Next we show that is stability-respecting. Let and . Define and as above. Then , and thus also . Hence for some with . So and by the definition of it follows that , which had to be shown.
Finally we show that is a rooted stability-respecting branching bisimulation. Let and . Let . For each , let be a formula in such that and . We define . Since we have , so for some with . By the definition of it follows that , which had to be shown.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] J.C.M. Baeten, J.A. Bergstra & J.W. Klop (1986): Syntax and defining equations for an interrupt mechanism in process algebra. Fundamenta Informaticae 9(2), pp. 127–167.
- 2[2] J.C.M. Baeten, B. Luttik & F. Yang (2017): Sequential composition in the presence of intermediate termination (extended abstract). In Proc. EXPRESS/SOS’17 , EPTCS 255, pp. 1-17.
- 3[3] T. Basten (1996): Branching bisimulation is an equivalence indeed! Information Processing Letters 58(3), pp. 141–147.
- 4[4] B. Bloom (1994): When is partial trace equivalence adequate? Formal Aspects of Computing 6, pp. 317–338.
- 5[5] B. Bloom (1995): Structural operational semantics for weak bisimulations. Theoretical Computer Science 146(1/2), pp. 25–68.
- 6[6] B. Bloom, W.J. Fokkink & R.J. van Glabbeek (2004): Precongruence formats for decorated trace semantics. ACM Transactions on Computational Logic 5(1), pp. 26–78.
- 7[7] B. Bloom, S. Istrail & A.R. Meyer (1995): Bisimulation can’t be traced. Journal of the ACM 42(1), pp. 232–268.
- 8[8] R.N. Bol & J.F. Groote (1996): The meaning of negative premises in transition system specifications. Journal of the ACM 43(5), pp. 863–914.
