(Control Transition System) Let P be the set of control process terms and R ∗ the set of parallel rule names over rule name set R

The control transition system (CTS) is an LTS(P,R∗_{∪ {X}},−→)with

−→being the least relation satisfying the rules in Fig.4.5, where α ranges overR∗_{∪ {X}and ρ, ρ}

1, ρ2 ∈ R∗.

Now, we give an intuitive explanation for each rule in Figure4.5:

• Rule pre is the central rule for inferring the transition relation

−

→: any (potentially parallel) rule name ρ ∈ R∗ appearing as a prefix induces a transition with that very rule name as label. Those transitions serve as the basis for the semantics of further control constructs.

• Rule stop introduces the aforementioned special X-transition to denote termination, i.e., that the inactive process 0 has been reached.

• Rule struct reflects semantically the intention of structural congruence (Definition4.2): processes that are structurally con-

gruent have exactly the same transitions.

• Rule rec provides the semantics of process identifiers: if a process identifier A∈ Kappears in a term, then the behavior is provided by the transitions of the process term P by which A is defined as in A := P. Importantly, this mechanism captures recursive behavior through defining equations (an alternative would be, e.g., to use a congruence notion).

• Rule choice expresses the fact that process P+Q can proceed as P or Q by firing any of their transitions (commutativity and associativity of+is provided by struct).

• Rule par0 and par1 deal with the interleaving behavior of par- allel processes (the other behavioral aspect is synchronization, expressed by the next rule sync). In particular, in a parallel

Node behavior:

Pcr:= pCr.0 Pnode:= pCr.Pnode+ ∑

len∈{S,L}, st∈{a,i,u}

pDel(len, st).Pnode Link behavior: P_link := _∑ len∈{S,L}, st∈{a,i} pUc(len, st).Plink Topology control: PTC := pkTC.PTC+pActUS.PTC+pActUL.PTC Overall underlay behavior:

Punderlay:=Pnode||Plink||PTC

Figure 4.6: Control Process Specifications for WSN Underlay process P||Q, any side (i.e., P as well as Q) might fire one of its available transitions and thus proceed, while the other side remains in place. (Although control processes are in this case symmetric and, thus, a commutative definition would be think- able, the reason behind this specification is made clear by the notion of asynchronicity in Section5.2. In the following, we might

omit the number and refer to any or both of those rules as par if the distinction is immaterial.)

Note that these rules together with stop induce a global termina- tion, in the sense that parallel processes only have aX-transition if each of them has been terminated, as interleaving does not range overX-transitions. For instance, P||0 has aX-transition only if P≡ 0due to the structural congruence law 0||0≡0as in Definition4.2.

• Rule sync, in contrast to par, induces a synchronized transition of P and Q in a process P||Q. If P and Q have some transitions labeled, e.g., by rules ρ1 and ρ2, respectively, then P||Q has a transition labeled by the parallel rule ρ1|ρ2 composed of ρ1and

ρ2.

As a source for concrete examples on how these rules work, we re- visit the process specifications in Sect.4.1and recall them in Figure4.6

for convenience.

First of all, each specification contains prefix actions (as any mean- ingful process would): e.g., Pcr has an outgoing transition Pcr

pCr

−→ 0 according to the rule pre. Thereupon, according to rule stop, this 0 has a loop transitionX.

Our next example process, Pnode addresses choice and recursion. Regarding the rule choice, as pCr.Pnode and pDel.Pnodehave outgoing transitions labeled with pCr and pDel, respectively, the choice in the specification of P_noderesults in a behavior where P_nodehas both of those

outgoing transitions with their respective subsequent state. Here, in both cases, that subsequent state is Pnode again, resulting in a recur- sive behavior; note that in our examples, we let the sets of process names (like P_node) and process identifiers (the elements of the setK, cf. Definition 4.1) collapse for the sake of easier readability. As an

example for structural congruence and the rule struct, if we would write p_Del.P_node+pCr.Pnode, this specification would have exactly the same behavior as the original one, as commutativity of choice is part of our structural congruence.

As for parallel processes, the overall specification P_underlay has as outgoing transitions any transitions of its single processes, such as pCr, pkTCand many others, according to rules par0 and par1. Further- more, those actions might also synchronize. For example, there are transitions Punderlay pCr|pUcS −−−−→ Punderlay, Punderlay pUcL|pkTC −−−−−→Punderlay,

and so on. Moreover, as the definition of parallel rules and processes admits associativity, there are also transitions with three rules com- posed, like

Punderlay

pDel|pUcL|pActUS

−−−−−−−−→Punderlay.

n o n-applicability conditions. Many control structures used in algorithm specifications (independently of the concrete language), such as conditional branchings (often termed if-then-else structures), rely on some kind of negative conditions for capturing if the condition on which the branching depends is violated (and, thus, the else branch is followed).

In our controlled setting, as we focus on algorithm descriptions over sets of graph-rewriting rules, we aim at defining a means on the control level for capturing the non-applicability of some rules. As an illustrative example, revisit the topology control specification

PTC := pkTC.PTC+pActUS.PTC+pActUL.PTC

As already mentioned while introducing PTC, this specification is not yet satisfactory: the actual intuition is that we should first try to eliminate triangles by applying pkTC, and only if it is not applicable should we apply an appropriate activation rule. As a consequence, to achieve a more faithful representation of this intuition, we want to have some language ingredient to extend the specification with preconditions saying that pActUS and pActUL are applied only if pkTCis not applicable.

Thus, prefix actions involving non-applicability conditions (NC) be- come pairs of a (positive) rule name to be applied and, as further con- dition(s), a set of further rule names which have to be non-applicable

on the graph to be rewritten. Note, however, that on the control level which we consider in this section, this difference is only reflected in the shape of our actions and thus the definition of the action set, as pure control processes do not (yet) have a graph instance to work with.

We follow our above presentation pattern, i.e., we first provide the extended specification and then the formal definitions for introducing non-applicability conditions. The extended topology control specification PnTC is given in RePro syntax as follows (extensions in bold):

PnTC:= pkTC.PnTC+ (pActUS,{pkTC}).PnTC+ (pActUL,{pkTC}).PnTC Similarly, we might also extend the specification of Plink to Pnlinkby adding the requirement that unclassification should take place only if no kTC-inactivation action is possible:

Pnlink:= (pUcS,{pkTC}).Pnlink+ (pUcL,{pkTC}).Pnlink

The extended control transition system including non-applicability conditions, denoted nCTS, is functioning in the same way as CTS, and our definitions only require some slight adaptations. We proceed with giving those definitions, with highlighting the changes related to non-applicability conditions in bold.

An action γ= (ρ, N)in nCTS intuitively corresponds to applying a rule ρ∈ R∗ _{while checking some non-applicability conditions p∈ N.}

Formally, an action consists of a (positive) rule name (here, ρ) and a set N = {p1, . . . , pk}of (plain)5rule names, where for any pi ∈ N, pi should not be applicable in the current graph state in order to proceed. Note that while a parallel rule ρ might involve a single (plain or parallel) rule ρsmultiple times as a component, it is sufficient for N to contain each rule name only once, as, in contrast to ρ, those names in N play the role of preconditions with a semantics invariant to multiple appearance.

First, we adapt the syntax of control processes to include non- applicability conditions, where, as an abuse of notation, we retain the same sets P andK for processes and process identifiers, respectively. (For the most part of the thesis, we consider processes with non- applicability conditions.)

Definition 4.6(Control Process Term Syntax with NC). The syntax of a