Observational Equivalence implies Labelled Bisimilarity

Finally, the goal of this section is to establish the lemmas needed in the outline of the argu-ment that observational equivalence implies labelled bisimilarity in Section 4.5. The section also contains a corollary, namely that observational equivalence and static equivalence co-incide on frames.

Lemma C.6 Let P be a plain process. The existence of P⁰ such that Σ ` P = P⁰ and p /∈ fn(P⁰) is preserved by structural equivalence (≡) and reduction (→^ _) of P .

Let A be a normal process. The existence of A⁰ such that Σ ` A = A⁰ and p /∈ fn(A⁰) is preserved by structural equivalence (≡) and reduction (→^◦ _◦) of A.

Proof: Property 1: Suppose that P ≡ Q, Σ ` P = P<sup> 0</sup>, and p /∈ fn(P<sup>0</sup>). We show that there exists Q<sup>0</sup> such that Σ ` Q = Q⁰ and p /∈ fn(Q⁰), by induction on the derivation of P ≡ Q. We consider as base cases the application of each rule under an evaluation context,^ in the two directions, and use induction only for transitivity.

• Case Rewrite⁰, under an evaluation context E. We have E[P1{^M/x}]≡ E[P^ 1{^N/x}], Σ ` M = N , Σ ` E[P1{^M/x}] = P⁰, and p /∈ fn(P⁰). Since Σ ` E[P1{^N/x}] = E[P1{^M/x}] = P⁰, we have the result with Q⁰= Q.

• Case Par-C⁰, under an evaluation context E. We have E[P1| Q1] ≡ E[Q^ 1 | P1], Σ ` E[P1|Q1] = P<sup>0</sup>, and p /∈ fn(P<sup>0</sup>). Since Σ ` E[P1|Q1] = P⁰, we have P⁰= E⁰[P₁⁰|Q⁰₁] with Σ ` E = E<sup>0</sup>, Σ ` P1 = P₁⁰, and Σ ` Q1 = Q<sup>0</sup><sub>1</sub>. Let Q<sup>0</sup> = E<sup>0</sup>[Q<sup>0</sup><sub>1</sub>| P<sub>1</sub><sup>0</sup>]. We have Σ ` E[Q1| P1] = Q⁰ and p /∈ fn(Q⁰) = fn(P⁰).

• All other base cases are handled similarly to case Par-C⁰.

• The case of transitivity follows by applying the induction hypothesis twice.

Property 2: Suppose that P →_Q, Σ ` P = P<sup>0</sup>, and p /∈ fn(P<sup>0</sup>). We show that there exists Q<sup>0</sup>such that Σ ` Q = Q⁰and p /∈ fn(Q⁰), by induction on the derivation of P →Q. Again, we consider as base cases the application of each rule under an evaluation context, and use induction only for the application of≡.^

• Case Comm⁰, under an evaluation context E. We have E[N hM i.P₁| N (x).Q₁] →_ E[P1 | Q1{^M/x}], Σ ` E[N hM i.P1| N (x).Q1] = P<sup>0</sup>, and p /∈ fn(P<sup>0</sup>). Since Σ ` E[N hM i.P1|N (x).Q1] = P⁰, we have P⁰= E⁰[N⁰hM⁰i.P₁⁰|N⁰⁰(x).Q⁰₁] with Σ ` E = E<sup>0</sup>, Σ ` M = M⁰, Σ ` P1= P<sub>1</sub><sup>0</sup>, and Σ ` Q1= Q⁰₁. Let Q⁰ = E⁰[P₁⁰| Q⁰₁{^M0/x}]. We have Σ ` E[P1| Q1{^M/x}] = Q⁰ and p /∈ fn(Q⁰) since fn(Q⁰) ⊆ fn(P⁰).

• Case Then⁰, under an evaluation context E. We have E[if M = M then P1 else Q1] → E[P1], Σ ` E[if M = M then P1 else Q1] = P<sup>0</sup>, and p /∈ fn(P<sup>0</sup>). Since Σ ` E[if M = M then P1 else Q1] = P⁰, we have P⁰ = E⁰[if M⁰ = M⁰⁰ then P₁⁰ else Q⁰₁] with Σ ` E = E<sup>0</sup> and Σ ` P₁ = P₁⁰. Let Q⁰ = E⁰[P₁⁰]. We have Σ ` E[P₁] = Q⁰ and p /∈ fn(Q⁰) since fn(Q⁰) ⊆ fn(P⁰).

• Case Else⁰ is handled similarly to case Then⁰.

• In case we additionally apply ≡, we conclude using Property 1 and the induction^ hypothesis.

Property 3: Suppose that A≡ B, Σ ` A = A<sup>◦ 0</sup>, and p /∈ fn(A<sup>0</sup>). We show that there exists B<sup>0</sup> such that Σ ` B = B⁰ and p /∈ fn(B⁰), by induction on the derivation of A≡ B.^◦

• Case Plain⁰⁰follows from Property 1.

• Case New-Par⁰⁰. We have νn.(σ | νne ⁰.P ) ≡ ν^◦ n, ne ⁰.(σ | P ) with n⁰ ∈ fn(σ), Σ `/ νen.(σ | νn<sup>0</sup>.P ) = A<sup>0</sup>, and p /∈ fn(A<sup>0</sup>). If p ∈ {en, n<sup>0</sup>}, then we have the result with B<sup>0</sup> = νn, ne <sup>0</sup>.(σ | P ). Otherwise, since Σ ` νen.(σ | νn⁰.P ) = A⁰, we have A⁰ = νen.(σ⁰| νn⁰.P⁰) with Σ ` σ = σ<sup>0</sup> and Σ ` P = P⁰. Let B⁰ = νn, ne ⁰.(σ⁰ | P⁰). We have Σ ` νen, n⁰.(σ | P ) = B⁰ and p /∈ fn(B⁰) since fn(B⁰) ⊆ fn(A⁰).

• Case New-Par⁰⁰ reversed. We have νen, n⁰.(σ | P )≡ ν^◦ en.(σ | νn⁰.P ) with n⁰ ∈ fn(σ),/ Σ ` νen, n<sup>0</sup>.(σ | P ) = A<sup>0</sup>, and p /∈ fn(A<sup>0</sup>). If p ∈ {en}, then we have the result with B<sup>0</sup>= νen.(σ | νn<sup>0</sup>.P ). If p = n<sup>0</sup>, then we also have the result with B<sup>0</sup>= νn.(σ | νne <sup>0</sup>.P ) because n<sup>0</sup> ∈ fn(σ). Otherwise, since Σ ` ν/ n, ne ⁰.(σ | P ) = A⁰, we have A⁰= νn, ne ⁰.(σ⁰| P⁰) with Σ ` σ = σ<sup>0</sup>and Σ ` P = P⁰. Let B⁰= νn.(σe ⁰|νn⁰.P⁰). We have Σ ` νn.(σ|νne ⁰.P ) = B⁰ and p /∈ fn(B⁰).

• Case New-C⁰⁰is handled similarly to case New-Par⁰⁰.

• Case Rewrite⁰⁰. We have νen.(σ|P )≡ ν^◦ en.(σ⁰|P ) with Σ ` σ = σ<sup>0</sup>, Σ ` νen.(σ|P ) = A⁰, and p /∈ fn(A⁰). Since Σ ` νen.(σ⁰| P ) = νn.(σ | P ) = Ae ⁰, we have the result with B⁰ = A⁰.

• The case of transitivity follows by applying the induction hypothesis twice.

Property 4: Suppose that A →_◦ B, Σ ` A = A<sup>0</sup>, and p /∈ fn(A<sup>0</sup>). We show that there exists B<sup>0</sup> such that Σ ` B = B⁰ and p /∈ fn(B⁰). Suppose νen.(σ | P ) →_◦ νn.(σ | Q) withe P →_ Q, Σ ` νen.(σ | P ) = A<sup>0</sup>, and p /∈ fn(A<sup>0</sup>). If p ∈ {n}, then we have the result withe B<sup>0</sup> = νen.(σ | Q). Otherwise, since Σ ` νen.(σ | P ) = A⁰, we have A⁰ = νn.(σe ⁰ | P⁰) with Σ ` σ = σ<sup>0</sup> and Σ ` P = P⁰. Since p /∈ fn(A⁰) and p /∈ {en}, p /∈ fn(σ⁰) ∪ fn(P⁰). By Property 2, there exists Q⁰ such that Σ ` Q = Q⁰ and p /∈ fn(Q⁰). Let B⁰ = νen.(σ⁰| Q⁰).

We have Σ ` νn.(σ | Q) = Be ⁰ and p /∈ fn(B⁰). In case we additionally apply≡, we conclude^◦ using Property 3 and the induction hypothesis.

Lemma C.7 If p /∈ fn(A), then A 6⇓ p.

Proof: In order to obtain a contradiction, suppose that A ⇓ p, that is, that A →^∗≡ E[phM i.P ] for some M , P , and evaluation context E[ ] that does not bind p. Hence, pnf(A) →_◦^{∗ ◦}≡ E[phM i.P ] for some M , P , and evaluation context E[ ] that does not bind p. Let A₁ = pnf(A). We have p /∈ fn(A₁). By Lemma C.6, the existence of A⁰ such that Σ ` A<sub>1</sub>= A<sup>0</sup> and p /∈ fn(A<sup>0</sup>) is preserved by structural equivalence and reduction of A<sub>1</sub>, so there exists A<sup>0</sup> such that Σ ` E[phM i.P ] = A⁰ and p /∈ fn(A⁰). Hence, there exists N such that Σ ` p = N and p /∈ fn(N ). Since the equational theory is preserved by substitution of terms for names, for all N<sup>0</sup>, Σ ` p{^N0/p} = N {^N0/p}, that is Σ ` N⁰ = N , which contradicts the assumption that the equational theory is non-trivial.

Lemma C.8 If p /∈ fn(P ) and P →∗ νx.N hxi−−−−−→A or P →∗ N (M )−−−−→A, then Σ ` N 6= p.

Proof: The proof uses ideas similar to the proof of Lemma C.7. By Lemma B.10, P →_^{∗ }≡ νn.(N hM i.Pe 1|P2) for somen, M , Pe 1, P2with {n}∩fn(N ) = ∅, or P →e _^{∗ }≡ νen.(N (x).P1|P2) for some for someen, x, P1, P2 with {en} ∩ fn(N ) = ∅. By Lemma C.6, the existence of P⁰ such that Σ ` P = P<sup>0</sup> and p /∈ fn(P<sup>0</sup>) is preserved by structural equivalence and reduction of P , so there exists N<sup>0</sup> such that Σ ` N = N⁰ and p /∈ fn(N⁰). If we had Σ ` N = p, then we would have Σ ` p = N⁰ and p /∈ fn(N⁰), which yields a contradiction as in the proof of Lemma C.7. So Σ ` N 6= p.

Lemma C.9 ≈ ⊆ ≈s.

Proof: If A and B are observationally equivalent, then A | C and B | C have the same barbs for every C with fv (C) ⊆ dom(A). In particular, A | C and B | C have the same barb ⇓ a for every C of the special form if M = N then ahsi, where a does not occur in A or B and fv (C) ⊆ dom(A), that is, fv (M ) ∪ fv (N ) ⊆ dom(A). We obtain that A and B are statically equivalent, using the following property: assuming that A is closed, fv (M ) ∪ fv (N ) ⊆ dom(A), and a does not occur in A, we have (M = N )ϕ(A) if and only if A | if M = N then ahsi ⇓ a. We show this property below.

Let pnf(A) = νen.(σ | P ). We renameen so that {en} ∩ (fn(M ) ∪ fn(N ) ∪ {a}) = ∅. If (M = N )ϕ(A), then M σ = N σ, so A | if M = N then ahsi ≡ νn.(σ | P | if M σ = N σ then ahsi) →e νn.(σ|P |ahsi), so we conclude that A|if M = N then ahsi ⇓ a. Conversely, in order to obtaine a contradiction, suppose that (M 6= N )ϕ(A) and A | if M = N then ahsi ⇓ a. Lemma 4.11 implies that A | if M = N then ahsi →^{∗ νx.ahxi}−−−−−→ A⁰ for some fresh variable x and some A⁰. So pnf(A | if M = N then ahsi) = νen.(σ | P | if M σ = N σ then ahsi) →_◦^{∗ νx.ahxi}−−−−−→_◦A⁰ by Lemmas B.8 and B.12. Then P | if M σ = N σ then ahsi →_^{∗ νx.ahxi}−−−−−→A⁰⁰, A⁰≡ νen.(σ | A⁰⁰), and x /∈ dom(σ) for some A⁰⁰ by Lemmas B.23 and B.19. We have a /∈ fn(pnf(A)), so

a /∈ fn(P ). We show by induction on the length of the trace, that it is impossible to have P | if M σ = N σ then ahsi →_^{∗ νx.ahxi}−−−−−→_A⁰⁰.

• If this trace contains a single step, then P | if M σ = N σ then ahsi−−−−−→^νx.ahxi _A⁰⁰, so by Lemma B.18, P −−−−−→^νx.ahxi , which yields a contradiction by Lemma C.8.

• If this trace contains several steps, the first step is an internal reduction, so by Lemma B.24, either P reduces, and we conclude by induction hypothesis, or if M σ = N σ then ahsi reduces to 0 and P | 0 →_^{∗ νx.ahxi}−−−−−→_A⁰⁰, which yields a contradiction by Lemma C.8.

Lemma C.10 Let en be pairwise distinct names. Letne⁰ be pairwise distinct names that do not occur in P nor in P⁰.

If P ≡ P^{ 0} and Σ ` P = P {^en0/

en}, then P {^ne0/

en}≡ P^{ 0}{^en0/

en} and Σ ` P⁰= P⁰{^en0/

en}.

If P →_P⁰ and Σ ` P = P {^en0/

en}, then P {^en0/

ne} →_P⁰{^ne0/

en} and Σ ` P⁰= P⁰{^ne0/

en}.

Proof: By induction on the derivations of P ≡ P^{ 0} and P →_P⁰, respectively.

Proof of Lemma 4.13(1) Let pnf(A) = νn.(σ | P ). We renamee en so that these names do not occur in N , M , p. By Lemma B.12, pnf(A)−−−−→^{N (M )} ◦A⁰. By Lemma B.19, P −^{N σ(M σ)}−−−−−→

A⁰⁰ and A⁰ ≡ νen.(σ | A⁰⁰) for some A⁰. By Lemma B.10, P ≡ ν^ en⁰.(N σ(x⁰).P1| P2), A⁰⁰ ≡ νne⁰.(P1{^{M σ}/x⁰} | P2), {en⁰} ∩ fn(N σ(M σ)) = ∅, for somene⁰, P1, P2, x⁰. We renamene⁰ so that p /∈ {ne⁰}. Hence, by Lemmas B.1 and B.7,

A | phpi | N hM i.p(x) ≡ pnf(A) | phpi | N hM i.p(x)

≡ νn.(σ | νe en⁰.(N σ(x⁰).P₁| P₂)) | phpi | N hM i.p(x)

≡ νn.(σ | νe en⁰.(N σ(x⁰).P1| P2| phpi | N σhM σi.p(x)))

→ νen.(σ | νen⁰.(P₁{^{M σ}/_x⁰} | P2| phpi | p(x)))

→ νen.(σ | νen⁰.(P₁{^{M σ}/_x⁰} | P₂))

≡ νn.(σ | Ae ⁰⁰)

≡ A⁰

Since p /∈ fn(A⁰), we have A⁰6⇓ p by Lemma C.7.

Proof of Lemma 4.13(2) Let pnf(A) = νen.(σ | P ). By Lemma B.2, pnf(A) is closed. We renamen so that these names do not occur in N , M , p. Then pnf(A | phpi | N hM i.p(x)) =e νn.(σ | P | phpi | N σhM σi.p(x)). By Lemma B.8, pnf(A | phpi | N hM i.p(x)) →e _◦^∗pnf(A⁰). By Lemma B.23 applied several times, P | phpi | N σhM σi.p(x) →_^∗P⁰and pnf(A⁰) ≡ νen.(σ | P⁰) for some closed process P⁰. Since A⁰ 6⇓ p, we have P⁰ 6⇓ p. (If we had P⁰ ⇓ p, we would immediately obtain A⁰⇓ p by definition of ⇓ p.)

We prove that, if P is a closed process, P | phpi | p(x) →_^∗ P⁰, P⁰ 6⇓ p, and p /∈ fn(P ), then P ≡→^ _^∗P⁰, by induction on the length of the trace. Since P | phpi | p(x) ⇓ p, the trace P | phpi | p(x) →_^∗P⁰ has at least one step: P | phpi | p(x) →_P1→_^∗P⁰. By Lemmas B.24, B.18, and C.8, the only cases that can happen in the first step are:

• P → P⁰⁰ and P⁰⁰| phpi | p(x) ≡ P1 →∗ P⁰ for some closed process P⁰⁰. As above this trace has at least one step, so P⁰⁰| phpi | p(x) →∗ P⁰. By Lemma C.10, we rename p inside P⁰⁰so that p /∈ fn(P⁰⁰), and we obtain the desired result by induction hypothesis.

• phpi−−−−−→^{νy.N hyi} _ A1 ≡ {^p/y}, p(x)−−−→^{N (y)} _ A2 ≡ 0, Σ ` N = p, P1 ≡ P | νy.(A1| A2) ≡ P | νy.({^p/y} | 0) ≡ P so P | phpi | p(x) →P ≡ P^ 1→∗P⁰, so we obtain P ≡→^ ∗P⁰ as desired.

Next, we prove that, if P | phpi | N σhM σi.p(x) is a closed process, P | phpi | N σhM σi.p(x) →_^∗P⁰, P⁰ 6⇓ p, and p /∈ fn(P ) ∪ fn(N σ) ∪ fn(M σ), then P →_^{∗ N σ(M σ)}−−−−−−→_→_^∗ P⁰, by induction on the length of the trace. Since P | phpi | N σhM σi.p(x) ⇓ p, the trace P | phpi | N σhM σi.p(x) →∗P⁰has at least one step: P | phpi | N σhM σi.p(x) →P1→∗P⁰. By Lemmas B.24, B.18, and C.8, the only cases that can happen in the first step are:

• P → P⁰⁰ and P⁰⁰| phpi | N σhM σi.p(x) ≡ P1 →∗ P⁰ for some closed process P⁰⁰. As above this trace has at least one step, so P⁰⁰| phpi | N σhM σi.p(x) →∗ P⁰. By Lemma C.10, we rename p inside P⁰⁰ so that p /∈ fn(P⁰⁰), and we obtain the desired result by induction hypothesis.

• P ^N

0(y)

−−−−→B, N σhM σi.p(x) ^νy.N

0hyi

−−−−−−→B⁰, and P1≡ νy.(B |phpi|B⁰). By Lemma B.10, P ≡ ν^ ne⁰.(N⁰(z).P2 | P3), B ≡ νne⁰.(P2{^y/z} | P3), and {ne⁰} ∩ fn(N⁰) = ∅ for some ne⁰, z, P₂, and P₃. By Lemma B.18, Σ ` N σ = N⁰, y /∈ fv (N σhM σi.p(x)), and B⁰ ≡ p(x) | {^{M σ}/_y}. We rename en⁰ so that these names do not appear in M σ and are distinct from p. By Lemma C.10, we rename p inside νne⁰.(N⁰(z).P₂| P3) so that p /∈ fn(νne⁰.(N⁰(z).P₂| P₃)), so p /∈ fn(P₂) ∪ fn(P₃). Hence P₁≡ νy.(νne⁰.(P₂{^y/_z} | P₃) | phpi | {^{M σ}/_y} | p(x)) ≡ νne⁰.(P₂{^{M σ}/_z} | P₃) | phpi | p(x). We have P ≡ ν^ en⁰.(N⁰(z).P₂| P3) −^{N σ(M σ)}−−−−−→_ νne⁰.(P2{^{M σ}/z} | P3). Let P4 = νen⁰.(P2{^{M σ}/z} | P3). We have then P −^{N σ(M σ)}−−−−−→P₄ and P₄| phpi | p(x) ≡ P1 →∗ P⁰. By Lemma B.16(3), we transform P₄into a closed process that satisfies the same properties. Since P⁰6⇓ p, this trace has at least one step, so P₄| phpi | p(x) →_^∗P⁰. Since p /∈ fn(P₄), by the property shown above, P4

≡→ ∗P⁰, so P −^{N σ(M σ)}−−−−−→→∗P⁰.

To sum up, we have A ≡ pnf(A) = νn.(σ | P ), P →e _^∗ P5

N σ(M σ)

−−−−−−→_ P6 →_^∗ P⁰, and A⁰ ≡ pnf(A⁰) ≡ νen.(σ | P⁰). So νen.(σ | P ) →_◦^∗νen.(σ | P₅)−−−−→^{N (M )} ◦νen.(σ | P₆) →_◦^∗νen.(σ | P⁰).

Hence by Lemmas B.9 and B.13, A →^{∗ N (M )}−−−−→→^∗A⁰.

Proof of Lemma 4.14(1) Let pnf(A) = νen.(σ | P ). By Lemma B.2, pnf(A) is closed. We renameen so that these names do not occur in N , p, and q. By Lemma B.12, pnf(A)−−−−−→^{νx.N hxi} _◦ A⁰. By Lemma B.19, P −−−−−−→^{νx.N σhxi} _A⁰⁰, A⁰ ≡ νen.(σ | A⁰⁰), and x /∈ dom(σ) for some A⁰⁰. By Lemma B.10, P ≡ ν^ en⁰.(N σhM i.P1| P2), A⁰⁰≡ νne⁰.(P1| {^M/x} | P2), {en⁰} ∩ fn(N σ) = ∅, and x /∈ fv (N σhM i.P1| P2)) for someen⁰, P1, P2, M . We renameen⁰ so that p, q /∈ {ne⁰} and y so that y /∈ fv (M ). Hence, by Lemmas B.1 and B.7,

A | phpi | N (x).p(y).qhxi ≡ pnf(A) | phpi | N (x).p(y).qhxi

≡ νen.(σ | νen⁰.(N σhM i.P₁| P₂)) | phpi | N (x).p(y).qhxi

≡ νen.(σ | νen⁰.(N σhM i.P1| P2| phpi | N (x).p(y).qhxi))

→ νen.(σ | νne⁰.(P₁| P₂| phpi | p(y).qhM i))

→ νen.(σ | νne⁰.(P1| P2| qhM i))

≡ νx.νen.(σ | νen⁰.(P₁| {^M/_x} | P₂| qhxi))

≡ νx.(νen.(σ | A⁰⁰) | qhxi)

≡ νx.(A⁰| qhxi)

Since p /∈ fn(νx.(A⁰| qhxi)), we have νx.(A⁰| qhxi) 6⇓ p by Lemma C.7.

Proof of Lemma 4.14(2) Let pnf(A) = νen.(σ | P ). By Lemma B.2, pnf(A) is closed. We renameen so that these names do not occur in N , p, q. Then pnf(A | phpi | N (x).p(y).qhxi) = νn.(σ |P |phpi|N σ(x).p(y).qhxi). By Lemma B.8, pnf(A|phpi|N (x).p(y).qhxi) →e _◦^∗pnf(A⁰⁰).

By Lemma B.23 applied several times, P | phpi | N σ(x).p(y).qhxi →_^∗ P⁰⁰ and pnf(A⁰⁰) ≡ νn.(σ | Pe ⁰⁰) for some closed process P⁰⁰. Since A⁰⁰6⇓ p, we have P⁰⁰6⇓ p.

We prove that, if P2 and M⁰ are closed, P2| qhM⁰i ≡→^ ∗ P⁰⁰, and q /∈ fn(P2), then P⁰⁰≡ P3| qhM⁰i and P2 →∗ P3 for some closed process P3, by induction on the length of the trace P₂| qhM⁰i≡→^ ∗P⁰⁰. If this trace has zero reduction steps, then the result holds obviously with P₃ = P₂. If this trace has at least one reduction step, then P₂| qhM⁰i →

P₄→_^∗P⁰⁰, so by Lemmas B.24 and C.8, the only case that can happen is that P₂→_ P₂⁰ and P₂⁰| qhM⁰i ≡ P₄ →_^∗ P⁰⁰ for some closed process P₂⁰. By Lemma C.10, we rename q inside P₂⁰ so that q /∈ fn(P₂⁰), and we obtain the desired result by induction hypothesis.

Next, we prove that, if P1and M⁰ are closed, P1| phpi | p(y).qhM⁰i →_^∗P⁰⁰, P⁰⁰6⇓ p, and p, q /∈ fn(P1), then P⁰⁰≡ P3| qhM⁰i and P1→_^∗P3for some closed process P3, by induction on the length of the trace. Since P1| phpi | p(y).qhM⁰i ⇓ p, the trace P1| phpi | p(y).qhM⁰i →_^∗ P⁰⁰ has at least one step: P1| phpi | p(y).qhM⁰i →_ P₁⁰ →_^∗ P⁰⁰. By Lemmas B.24, B.18, and C.8, the only cases that can happen in the first step are:

• P1→_P₁⁰⁰and P₁⁰⁰|phpi|p(y).qhM⁰i ≡ P₁⁰→_^∗P⁰⁰for some closed process P₁⁰⁰. As above this trace has at least one step, so P₁⁰⁰| phpi | p(y).qhM⁰i →∗P⁰⁰. By Lemma C.10, we rename p and q inside P₁⁰⁰ so that p, q /∈ fn(P₁⁰⁰), and we obtain the desired result by induction hypothesis.

• phpi −−−−−→^{νz.N hzi} _ A1 ≡ {^p/z}, p(y).qhM⁰i−−−→^{N (z)} _ A2 ≡ qhM⁰i, P₁⁰ ≡ P1| νz.(A1| A2) ≡ P1| νz.({^p/z} | qhM⁰i) ≡ P1| qhM⁰i so P1| phpi | p(y).qhM⁰i →_P1| qhM⁰i≡ P^ ₁⁰ →_^∗P⁰⁰ and q /∈ fn(P1), so by the property shown above, P⁰⁰≡ P3| qhM⁰i and P1→∗P3 for some closed process P3, as desired.

Finally, we prove that, if P and N σ are closed, P | phpi | N σ(x).p(y).qhxi →∗P⁰⁰, P⁰⁰6⇓ p, and p, q /∈ fn(P ) ∪ fn(N σ), then P →∗ νx.N σhxi−−−−−−→→^∗ B and P⁰⁰ ≡ νx.(B | qhxi) for some B, by induction on the length of the trace. Since P | phpi | N σ(x).p(y).qhxi ⇓ p, the trace P |phpi|N σ(x).p(y).qhxi →∗P⁰⁰has at least one step: P |phpi|N σ(x).p(y).qhxi →P1→∗

P⁰⁰. By Lemmas B.24, B.18, and C.8, the only cases that can happen in the first step are:

• P → P⁰ and P⁰ | phpi | N σ(x).p(y).qhxi ≡ P1 →∗ P⁰⁰ for some closed process P⁰. As above this trace has at least one step, so P⁰| phpi | N σ(x).p(y).qhxi →_^∗ P⁰⁰. By Lemma C.10, we rename p and q inside P⁰ so that p, q /∈ fn(P⁰), and we obtain the desired result by induction hypothesis.

• P −−−−−→^νz.N0hzi  B⁰, N σ(x).p(y).qhxi ^N

0(z)

−−−→ B⁰⁰, and P₁ ≡ νz.(B⁰ | phpi | B⁰⁰). By Lemma B.10, P ≡ ν^ en⁰.(N⁰hM⁰i.P2| P3), B⁰≡ νne⁰.(P₂| {^M0/_z} | P3), {en⁰} ∩ fn(N⁰) = ∅, and z /∈ fv (N⁰hM⁰i.P2| P3). By Lemma B.18, Σ ` N σ = N⁰ and B⁰⁰ ≡ p(y).qhzi.

Using Lemma B.16(1), we can guarantee that N⁰, M⁰, P₂, P₃ are closed. We re-name en⁰ so that these names are distinct from p and q. By Lemma C.10, we re-name p and q inside νen⁰.(N⁰hM⁰i.P₂| P₃) so that p, q /∈ fn(νne⁰.(N⁰hM⁰i.P₂| P₃)). So

P1≡ νz.(B⁰| phpi | B⁰⁰) ≡ νz.(νen⁰.(P2| {^M0/z} | P3) | phpi | p(y).qhzi) ≡ νen⁰.(P2| P3| phpi | p(y).qhM⁰i). Since P1 →∗ P⁰⁰ and this trace has at least one step because P1 ⇓ p and P⁰⁰ 6⇓ p, we have νen⁰.(P2| P3| phpi | p(y).qhM⁰i) →∗ P⁰⁰, so by Lemma B.21, P2| P3| phpi | p(y).qhM⁰i →∗P4and P⁰⁰≡ νen⁰.P4for some P4. Since p, q /∈ fn(P2| P3), by the previous result, P2| P3 →∗ P5 and P4 ≡ P5| qhM⁰i for some closed process P₅. Therefore, we have P⁰⁰ ≡ νen⁰.(P₅| qhM⁰i) ≡ νx.(νen⁰.(P₅| {^M0/_x}) | qhxi) and P ≡ ν^ ne⁰.(N⁰hM⁰i.P2| P3)−−−−−−→^{νx.N σhxi}  νen⁰.(P2| {^M0/x} | P3) →^∗ νne⁰.(P5| {^M0/x}). Let B ^def= νen⁰.(P5| {^M0/x}). Then we have P −−−−−−→^{νx.N σhxi} _→^∗B and P⁰⁰≡ νx.(B | qhxi).

To sum up, we have A ≡ pnf(A) = νen.(σ | P ), P →_∗ νx.N σhxi−−−−−−→_→^∗ B, and P⁰⁰ ≡ νx.(B | qhxi), so A⁰⁰≡ pnf(A⁰⁰) ≡ νen.(σ | P⁰⁰) ≡ νen.(σ | νx.(B | qhxi)) ≡ νx.(νen.(σ | B) | qhxi) since x /∈ fv (σ). Let A^{0 def}= νen.(σ |B). So pnf(A) →_◦^{∗ νx.N hxi}−−−−−→◦→^∗A⁰. Hence by Lemmas B.9 and B.13, A →^{∗ νx.N hxi}−−−−−→→^∗A⁰ and A⁰⁰≡ νx.(A⁰| qhxi).

Lemma C.11 Let A and B be two closed extended processes.

• Let σ be a bijective renaming. We have A ≈ B if and only if Aσ ≈ Bσ.

• Let A⁰ and B⁰ be obtained from A and B, respectively, by replacing all variables (in-cluding their occurrences in domains of active substitutions) with distinct variables.

We have A ≈ B if and only if A⁰ ≈ B⁰.

Proof: To prove the first point, we define a relation R by A⁰R B⁰ if and only if A⁰ = Aσ, B⁰ = Bσ, and A ≈ B for some A and B. We show that R satisfies the three properties of Definition 4.1. Then R ⊆ ≈, so if A ≈ B, then A⁰ = Aσ ≈ B⁰= Bσ.

1. If A⁰ R B⁰ and A⁰ ⇓ a, then A⁰ →^∗≡ E[ahM i.P ] for some evaluation context E that does not bind a. Then, by Lemma C.4, A = A⁰σ⁻¹ →^∗≡ Cσ⁻¹[aσ⁻¹hM σ⁻¹i.P σ⁻¹], so A ⇓ aσ⁻¹. By definition of ≈, B ⇓ aσ⁻¹, so B⁰⇓ a as above.

2. If A⁰R B⁰, A⁰→ A⁰₁, and A⁰₁is closed, then by Lemma C.4, A = A⁰σ⁻¹ → A⁰₁σ⁻¹. We let A⁰⁰ = A⁰₁σ⁻¹, which is also closed. So by definition of ≈, B →^∗B⁰⁰and A⁰⁰≈ B⁰⁰ for some B⁰⁰. By Lemma C.4, B⁰= Bσ →^∗B⁰⁰σ. We let B₁⁰ = B⁰⁰σ. We have A⁰₁R B₁⁰ and B⁰→^∗B₁⁰. So Property 2 holds.

3. If A⁰ R B⁰, then A = A⁰σ⁻¹ ≈ B⁰σ⁻¹ = B, so E[A⁰]σ⁻¹ = Eσ⁻¹[A] ≈ Eσ⁻¹[B] = E[B⁰]σ⁻¹, hence E[A⁰] R E[B⁰].

The same argument also proves the converse, via the inverse renaming.

The proof of the second point is similar.

Lemma C.12 If M is ground, fv (P ) ⊆ {x}, and a /∈ fn(P ) ∪ fn(M ), then νa.(ahM i | a(x).P ) ≈ P {^M/_x}.

Proof: By Lemma 4.12, it is enough to prove that νa.(ahM i | a(x).P ) ≈_l P {^M/_x}. Let A₁= νa.(ahM i | a(x).P ) and B₁= P {^M/_x}. Let R = {(A, B) | A and B are closed extended processes, A ≡ A₁ and B ≡ B₁, or A ≡ B₁ and B ≡ A₁} ∪ {(A, B) | A and B are closed extended processes and A ≡ B}. We show that R is a labelled bisimulation: R is symmetric and

1. We have A₁≈sB₁ since ϕ(A₁) = 0 = ϕ(B₁). Hence, if A R B, then A ≈_sB.

2. If A1 → A⁰ and A⁰ is closed, then A⁰ ≡ B1. (This point can be proved in detail by

Proof of Lemma 4.15 We rely on the following property: if A is a closed extended pro-cess with {ex} ⊆ dom(A) and E

Let R be the relation that collects all closed extended processes A and B with a same domain that containsex, such that E

xe[A] ≈ E

ex[B], for somex and some namese enx that do not occur in A or B. We show that R is an observational bisimulation.

Assume A R B.

• We have E

ex[A] ⇓ n if and only n = nx for some x ∈x or A ⇓ n, and similarly for B,e hence E

ex[A] ⇓ n if and only if E

ex[A] ⇓ n.

• For the congruence property, we suppose that A R B, and we want to show that E[A] R E[B] for all closing evaluation contexts E. Using Lemma C.11, we show that R is invariant by renaming of free names and variables, so we can rename the free names and variables of E, so that the obtained context is simple. Then by Lemma A.1, we construct a context E⁰ of the form νeu.( | C⁰⁰) such that E ≡ E⁰. Hence, it is

Since R is an observational bisimulation, R ⊆ ≈, so E

ex[A] ≈ E

ex[B] implies A ≈ B.

Corollary C.2 Observational equivalence and static equivalence coincide on frames.

Proof: Since frames do not reduce, static equivalence and labelled bisimilarity coincide on frames. By Theorem 4.1, we can then conclude.

In document The Applied Pi Calculus: Mobile Values, New Names, and Secure Communication (Page 75-83)