16. Main Results: EPP Theorem and its Consequences
16.6. Proof of Theorem 7: (3) Completeness Completeness is by induction on the derivation of reduction in the global calculus As before, we consider adapted reduction rules which are taken
modulo structural equality and reduction contexts, which are equivalent to the reduction rules in Fig- ure 18 (page 39). We list these adapted rules in the following, using the same names as the original rules in Figure 18. As before, we assume all variables are distinct, including across participants, so that we can write e.g.σ`e⇓Vinstead ofσ`e@A⇓V. We again writeCr[ ]for a reduction context
in the grammar of interactions.
(INIT)I≡Cr[A→B:b(νννs)˜ .I0] I 0≡C r[(νννs)˜ I0] (σ,I) → (σ,I0) (COMM) I≡Cr[A→B:shop,e,xi.I0] I 0≡C r[I0] σ`e⇓V (σ,I) → (σ[x@B7→v],I0) (ASSIGN)I≡Cr[x@A:=e.I0] I 0≡C r[I0] σ`e⇓V (σ,I) → (σ[x@B7→v],I0) (IFTRUE)I≡Cr[ifethenI0telseI0f] I
0≡C r[I0t] σ`e⇓tt (σ,I) → (σ,I0) (SUM)I≡Cr[ifethenI0lelseI0r] I 0≡C r[I0l] (σ,I) → (σ,I0)
(REC)I≡Cr[recX.I0] (σ, Cr[I[(recX.I0)/X]]) → (σ 0, I0) (σ,I) → (σ0,I0)
We omit(IFFALSE)and the symmetric case. Note the rules(PAR)and(RES)are no longer necessary since they are absorbed in the above rules. Up to the application of the rules of≡, all rules above except(REC)are the base cases. In the following reasoning, we use the obvious annotated version of these rules (which preserve thread labels across reduction, except when a new top-level parallel composition arises as a result of reduction, we take off its label).
In the following, by induction on the height of derivations, we show if
(σ,A)→(σ0,A0)
then
EPP(I, σ)→(P0,σ0)
where
(128) EPP(
A
0, σ0) = (P00,σ0)such thatP0l ≡recP00.Above, as in the proof of soundness, we neglect participants information in the endpoint processes, and aggregate the local states intoσ, assuming all local variables are distinct. For simplicity we also abbreviate (128) to:
(129) (P,σ0) l ≡rec EPP(
A
0, σ0)We set
A
≡ (νννt)˜Π0≤i≤nA
iwhere each
A
iis a prime interaction (i.e. an interaction which does not contain a non-trivial top-levelparallel composition). Henceforth we safely neglect(νννt)˜. As before, we let
T
to be the set of threads andΨto be the partition of the family of thread projections w.r.t these threads. We writeS,S0, . . .for the elements ofΨ.For(INIT), we can set:
A0
def= A→:τ0Bτ1ch(νννs)˜ .A
00 and consider the reduction:
(130) (
A
,σ) → ((νννs)˜A
00|Π1≤i≤n
A
i,σ)The endpoint projection of(
A
, σ)contains a pair of an input and an output corresponding to the redex of this reduction:!ch(s)˜.Q def= t0≤i≤n!ch(s)˜.Qi ≡!ch(s)˜.t0≤i≤nQi ({!ch(s)˜.Qi}0≤i≤n∈Ψ)
and an output:
Then we can write down
A
as !ch(s˜.Q|ch(νννs)˜.R|S. Thus we have a reduction: (131) (!ch(s)˜.Q|ch(νννs)R˜ |S,σ) → (!ch(s)˜.Q|(νννs)(Q˜ |R)|S,σ)By the exactly identical reasoning as in the corresponding case in the proof of soundness, the residual in (130) and that in e (131) are related in the way:
EPP((νννs)˜
A
00|Π1≤i≤n
A
i, σ) l (!ch(s)˜.Q|(νννs)(Q˜ |R)|S,σ)hence as required.
For(COMM), assume without loss of generality we have
A
0 def= Aτ0→Bτ1:shop,e,xi.A00 and consider the reduction:(σ,
A
) → (σ0,A
00|Π1≤i≤nA
i)whereσ0=σ[x@A7→V]with:
σ@A`e⇓V.
The thread projection of
A0
toτ0has the formsopj(e).R(when the branching is a singleton we omit the symbolΣ, similarly henceforth) such that{sopj(e).R} ∈Ψ, while the one ontoτ1has the formsop(y).Q. Without loss of generality (cf. Proposition 11) we regardτ0,1is used only in
A0
. Thus we can set:EPP(
A,
σ) ≡ (sop(y).Q|sopj(e).R|S,σ)hence we have:
(132) EPP(
A
, σ) → (Q|R|S,σ0)(in (132), the update of the store is safely done due to our stipulation that all local variables are distinct.) By the same reasoning as in the corresponding case in the proof of soundness, we know
EPP(
A
00|Π1≤i≤nA
i, sigma0) l (Q|R|S,σ0) as required.For(ASSIGN), we can set
A
0 def= xτ@A:=e.A00. We consider the reduction:(133) (σ,
A
) → (σ0,A
00|Π1≤i≤nA
i)σ0with appropriateσ0. The thread projection ontoτhas the shapex:=e.TP(
A
00, τ), hence we have the reduction:
(134) (x@A:=e.TP(
A
00, τ)|R,σ) → (TP(A
00, τ)|R,σ0)As in the corresponding case in the proof of soundness, (134) shows that all thread projections of
A
0except atτremain invariant from that of
A, whose aggregate is
R; and the projection ontoτprecisely matches that of the residual of (133), hence as required.For(IFTRUE), we can set
A0
def= ifeτ@AthenA
00telse
A
00fwith which we have the reduction:
(135) (
A,
σ) → (A
00t|Π1≤i≤nA
i,σ)Observing
TP(
A
0, τ) def= ifethenTP(A
00t, τ)elseTP(A
00f, τ)we have the reduction for the endpoint projection: (136) (i f thenelseeTP(
A
00t, τ)TP(
A
00f, τ)|R,σ) → (TP(A
00t, τ)|R,σ)whereeevaluates to true inσ. By the reasoning for the corresponding case in the soundness proof,
Rin (136) may contain replicated inputs which are the result of merging complete threads from
A
00f.
Thus we obtain:
EPP(
A
00t|Π1≤i≤nA
i, σ) l (TP(A
00t, τ)|R,σ)as required.
(IFFALSE)and(SUM)are similarly reasoned. For(REC), let:
A
0 def= recX.A00. Further assume we have:(137) (
A
,σ) → (A
000|Π1≤i≤nA
i,σ0)The reduction (137) comes from, by the recursion rule above: (138) (
A
00[(recX.A
00)/X],σ) → (A
000,σ0)Now the endpoint projections of
A0
has the form:(139) EPP(
A0
, σ) def= ((ΠPi0)|R,σ)whereRis a collection of replicated processes and eachP0
iis not replicated and has the shape:
P0
i def= recX.Pi.
We then consider the endpoint projection of the unfolding of
A0
:(140) EPP(
A
00[(recX.A00)/X], σ) def= ((ΠPi[Pi0/X])|R,σ)Note the right-hand side of (140) is then-times unfoldings of (139). Thus by induction hypothesis and applying the recursion rule in the endpoint processesn-times we obtain:
(141) EPP(
A,
σ) → EPP(A
000|Π1≤i≤nA
i, σ0)as required. This exhausts all cases, establishing completeness. This concludes the proof of Theorem 7.
16.7. An Example of Endpoint Projection. In the following we present an example of the