6.2 The Link between SimpleCircus and SimpleCSP
6.2.2 Mathematical Proofs
Here, for the proofs, the assumptions throughout are:
AC v ∃state,state0•AX BC v ∃state,state0•BX
Theorem 6.2.1
SkipC= (∃state,state0•SkipX)
Proof: Here, we adopt the strategy of reducing the left and right hand side of the equation to the same form. LHS=SkipC
Now, according to the definition of theSkipconstruct in theCSPworld, the left hand side will be equal to: =IICwaitB(true` ¬wait0∧tr0=tr)∧tr≤tr0
Now, considering the right hand side:
RHS= (∃state,state0•SkipX)
According to the definition of theSkipconstruct in theCircusworld, the equation will be: = (∃state,state0•S(true` ¬wait0∧tr0=tr∧state0=state))
Expanding the above equation by applying the definition of the healthiness conditionS, will make the above equation as:
= (∃state,state0•(∃state•IIX))CwaitB(true` ¬wait0∧tr0=tr∧state0=state)∧tr≤tr0 Distributing the quantifier∃:
= (∃state,state0•(∃state•IIX))CwaitB(true` ¬wait0∧tr0=tr∧ (∃state,state0•state0=state))∧tr≤tr0 Now, we apply the definition of Lemma B.2.2, available on page 124.
=IIXCwaitB(true` ¬wait0∧tr0=tr∧(∃state,state0•state0=state))∧tr≤tr0 Applying the one point rule will reduce the above equation to the following:
=IIXCwaitB(true` ¬wait0∧tr0=tr∧True)∧tr≤tr0 Simplifying above equation:
=IIXCwaitB(true` ¬wait0∧tr0=tr)∧tr≤tr0
50 CHAPTER 6. SEMANTICS
Theorem 6.2.2
(ACo9CBC)v(∃state,state0•AXo9XBX)
Proof: Here, we show the left hand side isrefined bythe right hand side. This theorem is unique from others. Here, the left and right hand side were originally hoped to be equivalent. Instead, the relationship betweeno
9X ando
9Cis emerged as a refinement, not an equality.
L.H.S= (ACo9CBC) According to the definition of ACand BC:
= (∃state,state0•AX)9oC(∃state,state0•BX) This prove completes by the application of theorem B.2.4, on page 125.
v ∃state,state0•AXo9XBX
Theorem 6.2.3
ACuBCv(∃state,state0•AXuBX)
Proof: Here, we adopt the strategy of reducing the left and right hand side of the equation to the same form. L.H.S=ACuBC
According to the definition of internal choice inCSPworld, we get, =AC∨BC
Expanding the definitions of ACand BC:
v(∃state,state0•AX)∨(∃state,state0•BX) The distributive property of∃simplifies the above expression to the following:
=∃state,state0•(AX∨BX)
Now, we can apply the definition of internal choice construct inCircusworld. = (∃state,state0•AXuBX)
6.2. THE LINK BETWEEN SIMPLECIRCUSAND SIMPLECSP 51
Theorem 6.2.4
AC2BCv(∃state,state0•AX2BX)
Proof: Here, we adopt the strategy of reducing the left and right hand side of the equation to the same form. We start the proof by taking the right hand side of the theorem.
R.H.S= (∃state,state0•AX2BX) According to the definition of external choice in theCircusworld, we get:
= (∃state,state0•CXS2((AX∧BX)CStopXB(AX∨BX)))
Expanding the above equation by applying the definition of the healthiness conditionCXS2, will make the above equation become:
= (∃state,state0•[((AX∧BX)CStopXB(AX∨BX))o9JX])
Distributing the predicate∃state,state0, we get:
=∃state,state0•((AX∧BX)CStopXB(AX∨BX))o9∃state,state
0•JX
Expanding the above equation by applying the definition ofJinCircusworld will make the above equation be:
=∃state,state0•((AX∧BX)CStopXB(AX∨BX))o9∃state,state
0
•(ok⇒ok0)
∧wait0=wait∧tr0=tr∧ref0=ref∧state0=state Applying the one point rule will reduce the above equation to the following:
=∃state,state0•((AX∧BX)CStopXB(AX∨BX))o9(ok⇒ok
0
)∧wait0=wait∧tr0=tr∧ref0=ref Applying the definition ofJinCSPworld will reduce the equation as follows:
=∃state,state0•((AX∧BX)CStopXB(AX∨BX))o9JC
Now, applying the definition of theCBconstruct:
=∃state,state0•(StopX∧(AX∧BX)∨ ¬StopX∧(AX∨BX))o9JC
The distributive property of∃state,state0will make the equation become:
= ((∃state,state0•StopX∧(∃state,state0•AX∧ ∃state,state0•BX))
∨(∃state,state0• ¬StopX∧(∃state,state0•AX∨ ∃state,state0•BX)))o9JC
Now we apply theorem B.2.1, on page 123.
= ((StopC∧(∃state,state0•AX∧ ∃state,state0•BX))∨(¬StopC∧(∃state,state0•AX∨ ∃state,state0•BX)))o 9JC
Reducing above equation by using definitions ofCB, ACand BC:
52 CHAPTER 6. SEMANTICS Using the definition of healthiness conditionCSP2, we get:
=CSP2((AC∧BC)CStopCB(AC∨BC)) Now, we can apply the definition of external choice construct inCSPworld.
=AC2BC
This completes our proof as we have matched the expression of the left hand side of the theorem.
Theorem 6.2.5
ACkSBCv(∃state,state0•AX[U|S|V]BX)
Proof: Here, we adopt the strategy of reducing the left and right hand side of the equation to the same form. We start the proof by taking the left hand side of the theorem.
L.H.S=ACkSBC
Applying the definition of parallel construct in theCSPworld, we get the following expression.
= ∃ObsCA,ObsCB•
AC[ObsCA/Obs0]∧BC[ObsCB/Obs0]
∧ok0=okCA∧okCB
∧wait0=waitCA∨waitCB
∧ref0⊆(refC
A ∪refBC)∩S∪(refAC∩refBC)\S
∧tr0−tr∈(trCA−tr)kS(trCB−tr) o 9CSkipC
Now, taking right hand side of the theorem and solving it to get the expanded form of left hand side. R.H.S= (∃state,state0•AX[U|S|V]BX)
According to the definition of parallel construct inCircusworld, we get:
=∃state,state0• ∃ObsXA,ObsXB• AX[ObsXA/Obs 0]∧B X[ObsXB/Obs 0] ∧ok0=okXA∧okXB
∧wait0=waitXA∨waitXB
∧tr0−tr∈(trXA−tr)kS(trBX−tr) ∧ ref0⊆(refX
A∪refBX)∩S∪(refAX∩refBX)\S
Cwait0B
state0=state\(U∪V)⊕stateXAU⊕stateXBV
In the SimpleCircusmodel of parallelism, both sides run on their own copy of the initial state, and the two final states are merged at the end. A requirement is that the set of variables written by each side are disjoint from each other. Furthermore, the changes to variables done by one side are not visible to the other side. Therefore, we can partially apply the one-point rule, as there are no free occurrences of state’, which means the statement state0=. . . reduces to true, but we keep the now-vacuous quantification of state’ because it makes later steps
6.2. THE LINK BETWEEN SIMPLECIRCUSAND SIMPLECSP 53 simpler. =∃state,state0• ∃ObsXA,ObsXB• AX[ObsX
A/Obs0]∧BX[ObsXB/Obs0]
∧ok0=okXA∧okXB ∧wait0=waitX A∨waitXB ∧tr0−tr∈(trX A−tr)kS(trBX−tr) ∧
ref0⊆(refAX∪refBX)∩S∪(refAX∩refBX)\S
Cwait0B true
Making use of theorem B.3.2, on page 130, we get:
=∃state,state0• ∃ObsXA,ObsXB• AX[ObsX A/Obs 0]∧BX[ObsX B/Obs0] ∧ok0=okXA∧okXB ∧wait0=waitX A∨waitXB ∧tr0−tr∈(trX A−tr)kS(trXB−tr) o 9XSkipX
Now, using theorem 6.2.2, on page 50, the following equation is acquired.
v ∃ObsCA,ObsCB•
AC[ObsCA/Obs0]∧BC[ObsCB/Obs0]
∧ok0=okAC∧okCB
∧wait0=waitCA∨waitCB
∧ref0⊆(refC
A ∪refBC)∩S∪(refAC∩refBC)\S
∧tr0−tr∈(trAC−tr)kS(trBC−tr) o 9CSkipC
This form of the equation makes the proof complete, as the left hand side also has the same form.
Theorem 6.2.6
a→ACv(∃state,state0•a→AX)
Now, we provide the proof for prefixing action.
Proof: Here, we adopt the strategy of reducing the left and right hand side of the equation to the same form. We start the proof by taking the left hand side of the theorem.
L.H.S=a→CAC
According to the definition of prefixing action in theCSPworld, we get: =a→CSkipCo9CAC
Now, taking the right hand side of the theorem and solving it to get the expanded form of left hand side. R.H.S= (∃state,state0•a→XAX)
According to the definition of prefixing action in theCSPworld, we get: = (∃state,state0•a→XSkipXo9XAX)
54 CHAPTER 6. SEMANTICS Distributing the existensial quantifier∃, the above equation will get the following form:
= (∃state,state0•a→XSkipX)o9X(∃state,state0•AX) Using the theorem B.1.1, on page 119, will reduce the equation to the following form:
= (a→CSkipC)o9C(∃state,state0•AX)
Using theorem 6.2.2, on page 50, makes the proof complete, as the left hand side has also expanded to the same form
va→CSkipCo9CAC
Theorem 6.2.7
AC\CHv(∃state,state0•AX\XH)
Now, we provide the proof for the hiding construct.
Proof: Here, we adopt the strategy of reducing the left and right hand side of the equation to the same form. We start the proof by taking the right hand side of the theorem.
R.H.S= (∃state,state0•AX\XH) According to the definition of hiding in theCircusworld, we get:
= (∃state,state0•S(∃trH•AX[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)o 9XSkipX) Now, applying the definition of healthiness conditionCXS4, we get the following equation:
= (∃state,state0•(CXS4(S(∃trH•AX[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)))) Now, taking left hand side of the theorem and solving it to get the expanded form of right hand side.
L.H.S=AC\CH Applying the definition of hiding construct ofCSP, we get:
=R(∃trH•AC[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)o9CSkipC Now, applying the definition of healthiness conditionCSP4, we get the following equation:
=CSP4(R(∃trH•AC[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)) According to the defintion of AC, we get following form:
vCSP4(R(∃trH•(∃state,state0•AX)[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)) As the predicate here does not includestate,state0, so we can pullstate,state0out.
6.3. SUMMARY 55 Using theorem B.2.6, on page 128, will give the following equation:
=CSP4(∃state,state0•S(∃state,state0• ∃trH•AX[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)) Now we use theorem B.2.7, on page 129.
=∃state,state0•CXS4(∃state,state0•
S(∃state,state0• ∃trH•AX[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)) Asstate,state0is not mentioned in the inner predicate, we can pullstate,state0out.
=∃state,state0•CXS4(S(∃trH•AX[trH,H∪ref0/tr,ref0]∧(tr0−tr) = (trH−tr)H)) This makes the proof complete, as left and right hand side of the theorem have acquired the same form.
6.3
Summary
In this chapter, we discuss the results required in the mathematical foundation of the translation strategy be- tween the target languages. First of all, the semantics ofCircusandCSPM in Unifying Theories of Program- ming (UTP) framework are specified for the selected constructs of the languages. The chosen subset of the originalCircusandCSPlanguages are named as SimpleCircusand SimpleCSP. The semantical difference between the two is captured by the need for extra observation variables i.e. state,state0, in the case of Sim- pleCircus. A formal link was proposed to connect the two theories. We propose Conjecture 6.2.1, on page 47 for the linking pairs between the two languages. IfPXis a SimpleCircusprogram andPC is a SimpleCSP program, then the transformation predicate (T) translates between the two.
For all SimpleCircusprogramsPX, we define a link to theCSPworld that hides the state. By mathematical proofs included in this chapter, it is proved that this linking predicate preserves the semantics of most of the language operators, with the notable exception of sequential composition. Here, the relationship betweeno
9X ando
9C is proved to be a refinement, not an equality. This is in fact novel work and the major contribution of the thesis. Now, in the following chapter, we describe the translation theory by giving the mathematical representation of the steps involved in the translation process.
Chapter 7
Translation Theory
This chapter describes the formalised version of the translation process. The translation process is divided into a number of steps. The action bodies of SimpleCircusprocesses are gone through these steps in order to translate to their equivalent SimpleCSPoutput.
7.1
The Template for Each Function in the Translation Process
The following is a common overlapping syntax for SimpleCircusand SimpleCSP P∈Process ::= AwhereD1;. . .;Dn
D∈ActDef ::= N=bA|N(x1, . . . ,xn)=bA
A∈Action ::= Stop|Skip|a→A|e&A|Ao
9A|A\H — sequential subset
|AuA|A2A
|AkSA —CSPonly
|x:=e|A[V|H|V]A —Circusonly
|N|N(e1, . . . ,en)
|Ci(e1, . . . ,en) — translation temporary only
|o
9i — translation temporary only
N∈Name ::= names a,b.e∈Event events
e∈Expr expressions x∈Var variables V∈VarSet variable-sets
C ∈ContName continuation names i∈Indices an index set
A similar version of this mixed syntax was introduced in figure 1.2 of Chapter 1. The difference between figure 1.2 and this syntax is the inclusion oftranslation temporary placeholders. These temporary placeholders are needed during the appliction of translation steps, discussed in the preceding section.
The formalised translation process is divided into steps. Each step is implemented as a function. Iff is a function then it is applied to each language construct. The function f takes an input of type Action, and possibly some extra parameters, and returns a result/output, also of typeAction, also possibly with some extra outcome data..
f : Action→Action f(Input) =b Output
58 CHAPTER 7. TRANSLATION THEORY For example, in our translation process, the first step is called “Normalise Sequential Composition”. This step is implemented as a function, abbreviated asNSC. The application of this function to an action will result in some output action, as shown.
NSC : Action→Action NSC(Stop) =b SomeOutputFromNSC NSC(Skip) =b SomeOutputFromNSC NSC(a→A) =b SomeOutputFromNSC
and so on.
In short, each translation step is a function fromActiontoAction, typically defined by pattern matching against the range of syntax forms.