(CTTS Compositionality) Let CTTS 1 and CTTS 2 be two CTTS,

we have : [[CTTS1k S CTTS2]] ' [[CTTS1]]k S [[CTTS2]] (Compositional CTTS)

The proof of this theorem consists in showing that each transition of the[[CTTS1 k

S

CTTS2]]can be found in[[CTTS1]]k S

[[CTTS2]]and vice versa.

Based on the TTS composition (Section : 3.2.1) and the CTTS composition (Section : 3.2.5), there exists three types of transitions on the resulting system. These are a transition built by the SYNCHRONOUS rule or a

transition built by either one of the symmetrical INTERLEAVING rules. In the following we consider these three cases. For presentation purposes, in each of the three cases we tackle the proof from left to right and then from right to left in the equivalence(Compositional CTTS). This proof structure can be adopted here since left to right and right to left proof trees mirror each other.

Synchronous Case

Lemma 3.2 The transition ((q1, v1),(q2, v2)) →l TTS ((q01, v01),(q02, v02))

exists on[[CTTS1]]k S

[[CTTS2]] iff the transition((q1, q2), v)→l TTS ((q10, q02), v0)

exists on[[CTTS1k S

CTTS2]], with v and v’ defined as:

∀t, v(t) =    0 i f t =t1t2 v1(t1) i f t =t1↑1 v2(t2) i f t =t2↑2 and ∀t0, v0(t0) =  0 if((q1, q2),(q0₁, q02)) ,→t0∨t1t2.t0 v(t0) else Proof. ti: qi l →_CTTSq0_{i ,} ∀t0, qi∈dom(ρ(t0)) ⇒vi(t0) ∈ι(t0) ∀t0, v0_i(t0) =  0 if(qi, qi0) ,→t 0_∨t i.t0 vi(t0) else , (i=1,2) (q1, v1)→l TTS(q01, v01) , (q2, v2)→l TTS(q20, v02) , l∈S∪∆ DIS ((q1, v1),(q2, v2))→l TTS((q01, v 0 1),(q 0 2, v02)) SYN

Figure 3.8 – Building/Destructing the TTS Synchronous Product Transition

ti: qi→lCTTSq0i l∈S (q1,q2)→lCTTS(q10,q02) SYN, ∀t1, t2,(q1, q2) ∈ dom(ρ(t1t2)) ⇒v(t1t2) ∈ ι(t1t2) ∀ti, qi∈dom(ρ(ti)) ⇒vi(ti) ∈ι(ti) ∀ti,(q1, q2) ∈ dom(ρ(ti↑i)) ⇒v(ti↑i) ∈ ι(ti) TL,TR ∀t,(q1, q2) ∈dom(ρ(t)) ⇒v(t) ∈ι(t) , ∀t0, v0(t0) =0 if ((q1, q2),(q01, q02)) ,→t0 ∨t1t2.t0 v(t0)else (2),(4) ((q1, q2), v)→l TTS((q01, q02), v0) DIS

Figure 3.9 – Building/Destructing the TTS Semantics of a Synchronous Product Tran- sition

first implication Let ((q1, v1),(q2, v2))→l TTS ((q10, v01),(q02, v02))be a tran-

sition of [[CTTS1]]k S

[[CTTS2]].

In Fig 3.8 the rules are read from bottom to top :

• By the SYNCHRONOUS rule of the composition of TTS (Fig 3.5), we know that the transition ((q1, v1),(q2, v2)) →l TTS ((q01, v01),(q20, v20))

may not exist unless (q1, v1) l

→_TTS (q0₁, v0₁) of [[CTTS1]] and (q2, v2)→l TTS (q02, v02)of[[CTTS2]] both exist and that the labels may

be synchronized.

• Since the transitions exist on the two TTS, then by our DIS rule (Fig 3.3) we know that these two transitions also exist on the cor- responding CTTS. By applying twice (one for each transition) the DIS rule (Fig 3.3) we reach the transitions s1

l

→_CTTS q0₁ of TI1 and

q2 →l CTTS q02 of TI2. Additionally, we reach the specification of

the vi and v0i clocks which are defined respectively as ∀t0, v0i(t0) =



0 if(qi, q0i) ,→t0∨ti.t0

vi(t0) else

Now in Fig 3.9, the rules are read from top to bottom :

• The composition of q1 →l CTTS q10 and q2 →l CTTS q20 at the CTTS level

is also based on the SYNCHRONOUS rule (Fig 3.5) of the CTTS composition. This leads to the transition(q1, q2)→l CTTS(q0₁, q02).

• The clock vi of each of the CTTSi systems is projected on the result

of their composition. In the result of the composition of TTS there exists three kinds of transitions :

1. t

1t2: this leads directly to∀t1, t2,(q1, q2) ∈dom(ρ(t1t2)) ⇒

v(t1t2) ∈ ι(t1t2) since in the synchronizing case v(t1

t2) =0.

2. t

i ↑i for i = (1,2) : this leads to ∀ti,(q1, q2) ∈dom(ρ(t_i ↑ i)) ⇒

v(ti ↑i) ∈ ι(ti ↑i). But based on the interval composition rules

TimeLand TimeR(Fig 3.6) of CTTS ι(ti ↑i) =ι(ti).

Since the value of the clock v is known for all kinds of transitions at the result of composition of CTTS, then we can generalize this fact to every transition t as follows :∀t,(q1, q2) ∈dom(ρ(t)) ⇒v(t) ∈ι(t).

• The clock v0_iis projected into the synchronization case of the compo- sition of the CTTS.

1. Based on rules (2) and (4) of the clock reset relation (Fig 3.7) we know that the clock transitions that were reset by v1 and v2will

be reset by v’.

2. Based on the composition of the CTTS (Fig 3.5), we know that the transitions that are enabled by (qi, q0i) will be enabled by (q1, q2),(q01, q02).

This leads to∀t0, v0(t0) =



0 if ((q1, q2),(q₁0, q0₂)) ,→t0∨t1t2.t0

v(t0) else

• Since we have the transition(q1, q2)→l CTTS (q01, q02)and the values of

the clocks v and v’ then we can apply the definition of the DIS rule (Fig 3.3) which leads to the transition((q1, q2), v)→l TTS ((q10, q02), v0).

second implication Let ((q1, q2), v) →l TTS ((q01, q20), v0) be a transition of [[T I1k

S

T I2]].

In Fig 3.9, the rules are read from bottom to top :

• The application of the DIS rule (Fig 3.3) leads to(q1, q2) l

→_TTS (q0₁, q0₂)

and to the valuation of the clock v as ∀t,(q1, q2) ∈ dom(ρ(t)) ⇒

v(t) ∈ ι(t) and the clock v’ (Synchronization) as ∀t0, v0(t0) =



0 if((q1, q2),(q01, q02)) ,→t0∨t1t2.t0

v(t0) else .

• Since the transition exists on the composition result of CTTS1 and

CTTS2, then by our SYNCHRONOUS rule (Fig 3.5) of the compo-

sition of CTTS we know that q1 →l CTTS q0₁ and q2 →l CTTS q02 both

exist.

• The value of the clock v are projected to their values before the com- position :

1. ∀t

1, t2,(q1, q2) ∈dom(ρ(t₁t2)) ⇒v(t1t2) ∈ι(t₁t2): This

is the case of synchronization. In this case, ι(t1t2) is [0,∞[

and could be projected directly without any concern about the values of the clocks.

2. For i = (1,2), ∀t_i,(q₁, q₂) ∈ dom(_ρ(t_i ↑ i)) ⇒ v(t_i ↑ i) ∈ _ι(t_i ↑ i) : these are the cases of interleaving that are only possible on τ events. But since ι(ti ↑ i) is equal to ι(ti) based on the

interval composition of the CTTS (rules TimeL and TimeR of

Fig 3.6), then the values of vibefore the composition are∀ti, qi ∈

dom(ρ(t_i)) ⇒v(t_i) ∈ι(t_i).

In Fig 3.8, the rules are read from top to bottom :

• For i∈ {1, 2}, based on the composition rules (2) and (4) of the clock reset relation (Fig 3.7), the values of the clock v0 leads to the clocks vi where∀t0, v0i(t0) =



0 if (qi, q0i) ,→t0∨ti.t0

vi(t0) else

• Having the two transitions at the CTTS level along with the valua- tion of vi and v0i, the DIS rule (Fig 3.3) is applied which leads into (q1, v1)→l TTS(q01, v01)of [[T I1]]and(q2, v2)→l TTS(q20, v02)of[[T I2]].

• Now the composition of these two transitions at the TTS level is also based on the SYNCHRONOUS rule of the CTTS composi- tion (Fig 3.5). This leads into the transition ((q1, v1),(q2, v2) →l TTS ((q0₁, v0₁),(q0₂, v₂0))which happens to be our awaited conclusion.

Since the two implications hold we conclude that((q1, v1),(q2, v2)→l TTS ((q₁0, v₁0),(q0₂, v0₂)) ' ((q1, q2), v)→l TTS((q01, q02), v0).

Left Interleaving Case