Graphical representation of covariant-contravariant modal formulae
Luca Aceto, Ignacio Fábregas, David de Frutos-Escrig, Anna Ingólfsdóttir, Miguel Palomino
BB. Luttik and F. D. Valencia (Eds.): 18th International Workshop onExpressiveness in Concurrency (EXPRESS 2011)EPTCS 64, 2011, pp. 1–15, doi:10.4204/EPTCS.64.1 c (cid:13)
L. Aceto, I. Fábregas, D. de Frutos,A. Ingólfsdóttir & M. PalominoThis work is licensed under theCreative Commons Attribution License.
Graphical representation of covariant-contravariant modalformulae
Luca Aceto Anna Ingólfsdóttir
ICE-TCS, School of Computer ScienceReykjavik University ∗ Iceland
Ignacio Fábregas David de Frutos Escrig Miguel Palomino
Departamento de Sistemas Informáticos y ComputaciónUniversidad Complutense de Madrid † Spain
Covariant-contravariant simulation is a combination of standard (covariant) simulation, its contravari-ant counterpart and bisimulation. We have previously studied its logical characterization by means ofthe covariant-contravariant modal logic. Moreover, we have investigated the relationships betweenthis model and that of modal transition systems, where two kinds of transitions (the so-called mayand must transitions) were combined in order to obtain a simple framework to express a notion ofrefinement over state-transition models. In a classic paper, Boudol and Larsen established a preciseconnection between the graphical approach, by means of modal transition systems, and the logical approach, based on Hennessy-Milner logic without negation, to system specification. They obtaineda (graphical) representation theorem proving that a formula can be represented by a term if, andonly if, it is consistent and prime. We show in this paper that the formulae from the covariant-contravariant modal logic that admit a “graphical” representation by means of processes, modulothe covariant-contravariant simulation preorder, are also the consistent and prime ones. In order toobtain the desired graphical representation result, we first restrict ourselves to the case of covariant-contravariant systems without bivariant actions. Bivariant actions can be incorporated later by meansof an encoding that splits each bivariant action into its covariant and its contravariant parts.
Modal transition systems (MTSs) were introduced in [9, 10] as a model of reactive computation basedon states and transitions that naturally supports a notion of refinement . This is connected with the useof Hennessy-Milner Logic without negation as a specification language: a specification describes thecollection of (good) properties that any implementation has to fulfil. More generally, a process p isconsidered to be better than q if the set of formulae satisfied by q is included in the set of formulaesatisfied by p . The tight connections between these two ways of expressing the notions of specificationand refinement were studied in [4]. There the authors talked about “graphical” representation (by meansof one or several MTSs) of logical specifications, and completely characterized the collection of logicalspecification that can be “graphically represented”. These are the so-called prime, consistent formulae.There are two types of modal operators in Hennessy-Milner Logic: h a i and [ a ] , for each action a .Intuitively, a formula h a i j indicates that it must be possible to execute a and reach a state that satisfies ∗ Research supported by the project ‘Processes and Modal Logics’ (project nr. 100048021) of the Icelandic Research Fund,and the Abel Extraordinary Chair programme within the NILS Mobility Project. † Research supported by Spanish projects DESAFIOS10 TIN2009-14599-C03-01, TESIS TIN2009-14321-C02-01 andPROMETIDOS S2009/TIC-1465
Graphical representation of cc-modal formulae j , while [ a ] j imposes that this will happen after any execution of a from the current state. It is wellknown that these two operators reflect the duality ∃ - ∀ , so that any process satisfying a h a i j formula must include some a -labelled transition reaching a state satisfying j , whereas the constraint expressed by a [ a ] j formula is better understood in a negative way: a process satisfying it may not contain an a -labelledtransition reaching a state that does not satisfy j . In particular, the formula [ a ] ⊥ indicates that a processcannot execute a in its initial state, and therefore, using these formulae, we can limit the set of actionsoffered at any state.In order to reflect these two kinds of constraints at the “operational” level, MTSs contain two kindsof transitions: the may transitions and the must transitions. Then we can use MTSs both as specificationsor as implementations, and the notion of refinement imposes that, in order to implement correctly aspecification, an implementation should exhibit all the must transitions in the MTS that describes thespecification and may not include any transition that is not allowed by the specification: we cannot addany new may transition, although those in the specification could either disappear, be preserved or turnedinto must transitions. The relation between may and must is reflected in the formal definition of MTSsby requiring that each must transition is also a may transition.The conditions defining the notion of refinement between MTSs obviously resemble those definingsimulation and bisimulation. For may transitions we have a contravariant simulation condition, express-ing the fact that no new (non-allowed) may transition can appear when refining a specification. Sincewe impose that must transitions induce the corresponding may transitions, we could think that they arerelated in a “bisimulation-like” style. However, this is not the case since the contravariant simulationcondition imposed on the may part can be covered by a may transition without must counterpart. In fact,this is crucial in order to capture the principle that a may transition can be refined by a must transition.Some of the authors of this paper thought that a more direct combination of simulation and bisim-ulation conditions could capture in a more flexible way all the ideas on which the specification of sys-tems by means of modal systems and modal logics is based, and we looked for the clearest and mostgeneral framework to express those modal constraints. We found that covariant-contravariant systems(sometimes abbreviated to cc-systems) are a possible answer to this quest, combining pure (covariant)simulation, its contravariant counterpart and bisimulation.We started the study of covariant-contravariant simulation in [5], and the modal logic characterizingit was presented in [7]. (In what follows, we refer to this logic as cc-modal logic.) In the most generalcase, we consider a partition of the set of actions into three sets: the collection of covariant actions, that ofcontravariant actions, and the set of bivariant actions. Intuitively, one may think of the covariant actionsas being under the control of the specification LTS, and transitions with such actions as their label shouldbe simulated by any correct implementation of the specification. On the other hand, the contravariantactions may be considered as being under the control of the implementation (or of the environment) andtransitions with such actions as their label should be simulated by the specification. The bivariant actionsare treated as in the classic notion of bisimulation.We will see in this paper that, as in the MTS setting, the consistent and prime formulae from thecc-modal logic are exactly those that admit a “graphical” representation by means of processes modulothe covariant-contravariant simulation preorder. Moreover, each formula in the cc-modal logic can berepresented “graphically” by a (possibly empty) finite set of processes.The proofs of these representation results are inspired by the developments in [4]. There are, how-ever, subtle differences because, in covariant-contravariant systems, each action has a single modality(covariant, contravariant, bivariant), while in MTSs we can combine both may and must transitions.In fact, in order to obtain the desired graphical representation, for technical reasons we first restrictourselves to the case of covariant-contravariant systems without bivariant actions. The reason that justi-.Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 3fies this constraint is that bivariant actions cannot be approximated in a non-trivial way (either we haveone of them as itself, or we do not have it at all). Instead, covariant and contravariant actions behave in amore flexible way and we can obtain the desired characterization result by following the lead of the workdone for MTSs.Then we observe that bivariant actions can be seen as the combination of a covariant and a contravari-ant action. In fact, this also corresponds with the idea used in [1] when relating MTSs and cc-systems.Indeed, the constraint imposed on must transitions in MTSs, where they should always be accompaniedby their may counterparts, tells us somehow that they have a “nearly” bivariant behaviour. (To be moreprecise, they are first covariant, but they are also “semi”-contravariant because when comparing two pro-cesses p and q , any must transition in q should fit with either a corresponding must transition in p , or atleast with a may transition there.)We could say that the very recent development of the notion of partial bisimulation in the settingof labelled transition systems (LTSs) presented in [3] has completed the spectrum of modal simulations.Partial bisimulation combines plain bisimulation [14, 15] and simulation, also by means of a partition ofthe set of actions. For the actions in the distinguished set B we have bisimulation-like conditions, whilefor the others we only impose simulation. Note that, instead, may transitions in MTSs corresponded tocontravariant simulation conditions, and therefore, partial bisimulation can be seen as a dual of MTSs,and covariant-contravariant systems (cc-systems) as a unifying framework where we can combine therefinement ideas in the theory of MTSs with the explicit consideration of the constraints imposed by theenvironment, which is possible when partial bisimulation is used. Once we know that the formulae fromthe modal logic for cc-systems also afford a graphical representation, we will be able to integrate thelogical formulae into the development of systems using any of the models discussed above.The remainder of the paper is organized as follows. Section 2 is devoted to the necessary backgroundon covariant-contravariant simulations, whereas in Section 3 we summarize the results on covariant-contravariant modal formulae. In Section 4 we develop the study of the graphical representation ofcc-modal formulae for processes without bivariant actions. Afterwards, in Section 5, we show how wecan work with cc-systems with bivariant actions. Finally, Section 6 concludes the paper and describessome future research that we plan to pursue. We start the technical part of the paper by defining the covariant-contravariant simulation semantics forprocesses. Our semantics is defined over Labelled Transition Systems (LTS) S = ( P , A , −→ ) , where P is a set of process states, A is a set of actions and −→⊆ P × A × P is a transition relation on processes.We follow the standard practice and write p a −→ q instead of ( p , a , q ) ∈−→ . Because of the covariant-contravariant view, we assume that A is partitioned into A l and A r , expressed as A = A l ⊎ A r . As we havealready mentioned in the introduction, we will delay the consideration of the general case where we havealso bivariant actions in a third class A bi until Section 5.Covariant-contravariant simulation can now be defined as follows: Definition 1
Let S = ( P , A l ⊎ A r , −→ ) be an LTS. A covariant-contravariant simulation over S is a relationR ⊆ P × P such that, whenever p , q ∈ P and p R q, we have: • For all a ∈ A r and all p a −→ p ′ , there exists some q a −→ q ′ with p ′ R q ′ . • For all a ∈ A l and all q a −→ q ′ , there exists some p a −→ p ′ with p ′ R q ′ .We will write p . cc q if there exists a covariant-contravariant simulation R such that p R q. Graphical representation of cc-modal formulae
Remark 1
Note that we call the actions in A r like that, because for those there is a “plain simulation”from left to right; whereas for the actions in A l there is an “anti-simulation” from right to left.It is well known that the relation . cc is a preorder.In this study we will be mainly concerned with “finite” properties of systems, which will be eithercaptured by (finite) logic formulae, or by finite processes that can be described by means of processterms. Definition 2
Assume that A = A l ⊎ A r . Then the collection of process terms , ranged over by p , q etc. isgiven by the following syntax: p :: = | w | a . p | p + p , where a ∈ A. We denote the set of process terms by P .The size of a process term is its length in symbols. We note that our set P of process terms is basically the set of BCCSP terms introduced in [8]. Theonly addition to the signature of BCCSP is the constant w , which will be used to denote the least LTSmodulo . cc . However, we assume a classification of the actions in two (disjoint) sets, although this isnot reflected in the syntactic structure of the terms. Even if P only contains finite terms, by means of w we will obtain the full contravariant process which can execute any action at any time.In [5, 6, 7] we used a more general definition for covariant-contravariant simulations which includesalso bivariant actions, but since in the presence of these bivariant actions some technical problems appear(in particular the process w will not be the least process with respect to the covariant-contravariantsimulation preorder), we have preferred to first develop all the results without bivariant actions and, inSection 5, we will describe how they can be extended to a setting with bivariant actions. Definition 3
The operational semantics of P is defined by the following rules: • w b −→ w for all b ∈ A l , • a . p a −→ p for all a ∈ A, • p a −→ p ′ implies p + q a −→ p ′ , • q a −→ q ′ implies p + q a −→ q ′ . Observe that if p = w and p a −→ p ′ , then the size of p ′ is smaller than the size of p .It is clear that w is the least possible element with respect to the cc-simulation preorder. That is, wehave w . cc p for any p .In what follows we assume that A is finite. Covariant-contravariant modal logic has been introduced and studied in [7].
Definition 4
Covariant-contravariant modal logic L has the following syntax: j :: = ⊥ | ⊤ | j ∧ j | j ∨ j | [ b ] j | h a i j ( a ∈ A r , b ∈ A l ) . The operators ⊥ , ⊤ , ∧ and ∨ have the standard meaning whereas the semantics for the modal operatorsis defined as follows: .Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 5 p | = [ b ] j if p ′ | = j for all p b −→ p ′ ,p | = h a i j if p ′ | = j for some p a −→ p ′ .We say that a formula j is consistent if there is some p such that p | = j .The modal depth of a formula is the maximum nesting of modal operators in it. The covariant-contravariant logic characterizes the covariant-contravariant simulation semantics overimage-finite processes. Before we state this result formally we introduce some notation. We define theset of formulae that a process p satisfies by L ( p ) = { f | p | = f } and the logical preorder ⊑ L as follows: p ⊑ L q iff L ( p ) ⊆ L ( q ) . Recall that an LTS is image finite iff the set { p ′ | p a −→ p ′ } is finite for eachprocess p and action a .Now we have the following theorem: Theorem 1 ([7])
If the LTS S is image finite then . cc = ⊑ L over S. Clearly the processes in P are image finite. Whenever we have a (modal) logic characterizing some semantics for processes, we could look for asingle formula that characterizes completely the behaviour of a process logically; this is a so-calledcharacteristic formula. This subject has been studied by many authors in the literature, but we will justrefer here to the book [2] for more details and further references to the original literature.It is clear that, since we only allow for finite formulae without any fixed-point operator, we canonly treat “finite” processes, such as those definable by our simple process algebra P . However, therecursive definition of the characteristic formulae in what follows gives us immediately the frameworkfor extending our results to finite-state processes following standard lines. Definition 5
A formula f ∈ L is a characteristic formula for a process p iff p | = f and ∀ q . ( q | = f ⇒ p . cc q ) . In what follows, we write f ≤ y if { p ∈ P | p | = f } ⊆ { p ∈ P | p | = y } . We say that f and y arelogically equivalent, written f ≡ y , iff f ≤ y and y ≤ f . Lemma 1
The following statements hold.1. A formula f ∈ L is a characteristic formula for a process p iff ∀ q . ( q | = f ⇔ p . cc q ) .2. Assume that c ( p ) and c ( q ) are characteristic formulae for processes p and q, respectively. Then,we have that p . cc q iff c ( q ) ≤ c ( p ) .
3. A characteristic formula for a process p is unique up to logical equivalence.
Proof.
1. First assume that f is a characteristic formula for a process p . By definition ∀ q . ( q | = f ⇒ p . cc q ) holds. We have to prove that ∀ q . ( p . cc q ⇒ q | = f ) . To this end, assume that p . cc q . As p | = f ,by Theorem 1 we have that q | = f and we are done.For the converse, as p . cc p we have that p | = f and the result follows. Graphical representation of cc-modal formulae2. Assume that c ( p ) and c ( q ) are characteristic formulae for processes p and q , respectively. Firstassume that p . cc q and that r | = c ( q ) . By Definition 5, q . cc r and thus p . cc r . By the previousclause of the Lemma, also r | = c ( p ) . As r was arbitrary, this shows that c ( q ) ≤ c ( p ) . Next,assume that c ( q ) ≤ c ( p ) . As q | = c ( q ) then q | = c ( p ) , and by definition of the characteristicformula, p . cc q .3. This claim follows directly from statement 2 above. As a characteristic formula for a process p is unique up to logical equivalence, we can denote it by c ( p ) unambiguously. The next lemma tells us that c ( p ) exists for each process p ∈ P . Lemma 2
The characteristic formula for a process p ∈ P can be obtained recursively as c ( p ) = ^ p a −→ p ′ , a ∈ A r h a i c ( p ′ ) ∧ ^ b ∈ A l [ b ]( _ p b −→ p ′ c ( p ′ )) , if p = w . c ( w ) = ⊤ . Proof.
First we prove that p | = c ( p ) , for each p . This follows by a simple induction on the size of p .Next we prove that, for any q , q | = c ( p ) implies p . cc q by induction on the size of q .First we note that if p = w then c ( w ) = ⊤ and w . cc q ; hence we obtain the result. Also, for thecase p =
0, we have that c ( ) is equivalent to V b ∈ A l [ b ] ⊥ . Thus if q | = c ( ) , then the process q cannotperform any b ∈ A l . This yields that 0 . cc q .Now, let p be a process different from 0 and w , and assume that q | = c ( p ) . First suppose that p a −→ p ′ for some p ′ and some a ∈ A r . As q | = V p a −→ p ′ , a ∈ A r h a i c ( p ′ ) , this implies that there is some q a −→ q ′ with q ′ | = c ( p ′ ) . Then, by induction, p ′ . cc q ′ .Next, assume that q b −→ q ′ , for some q ′ and b ∈ A l . As q | = V b ∈ A l [ b ]( W p b −→ p ′ c ( p ′ )) , we can concludethat q ′ | = c ( p ′ ) , for some p ′ with p b −→ p ′ . Again, by induction, we conclude p ′ . cc q ′ . Next we consider the converse problem, we want to represent a formula by a process, or at least by afinite set of processes.
Definition 6
A formula f is represented by a (single) process p if ∀ q ∈ P . [ q | = f iff p . cc q ] . A formula f is represented by a finite set M ⊆ P of processes if ∀ q ∈ P . [ q | = f iff ∃ p ∈ M . p . cc q ] . It is clear that p represents f iff { p } represents f . Moreover, the empty set of processes representsthe formula ⊥ .The following lemma connects the notion of “graphical representation” of formulae with that ofcharacteristic formula for processes. Lemma 3
We have the following properties:1. p represents f iff f ≡ c ( p ) .2. If M ⊆ P is finite and f is a formula thenM represents f iff f ≡ _ p ∈ M c ( p ) . .Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 7 Proof.
1. It follows directly from the definitions of these two concepts and Lemma 1.2. For any q ∈ P we proceed as follows: ∃ p ∈ M . p . cc q ⇔ ∃ p ∈ M . q | = c ( p ) ⇔ q | = _ p ∈ M c ( p ) . Now the statement of the lemma follows easily from this fact and Definition 6. We want to characterize the set of formulae that can be represented by a finite set of processes, andin particular by a single process. For this purpose we introduce some notions of normal form for logicalformulae.
Definition 7
1. A formula f is in normal form if it has the form f = _ i ∈ I ( ^ j ∈ J i h a ij i f ij ∧ ^ k ∈ K i [ b ik ] y ik ) . where all f ij and y ik are also in normal form. In particular, ⊥ is obtained when I = /0 and ⊤ whenI = { } and J = K = /0 .2. A formula y is in strong normal form if it has the form y = _ i ∈ I f i , where each f i is in unary strong normal form. A formula f is in unary strong normal form if it is ⊤ or it has the form f = ^ j ∈ J h a j i f j ∧ ^ b ∈ A l [ b ] y b , where every f j is in unary strong normal form and every y b is in strong normal form. We note that any unary strong normal form different from ⊤ can equivalently be written as f = ^ j ∈ J h a j i f j ∧ ^ b ∈ A l [ b ] _ k ∈ K b y kb , where every f j and every y kb are in unary strong normal form, thus avoiding the introduction of strongnormal forms. Remark 2
It is not hard to see that each unary strong normal form is consistent. See also Theorem 2 tofollow.Clearly the characteristic formulae of processes are in unary strong normal form. Therefore, byLemma 3, it is a necessary condition for a formula to be representable by a single process that it has anequivalent unary strong normal form. We will show that this is also a sufficient condition for this to holdfor any consistent formula. Graphical representation of cc-modal formulae
Theorem 2
A unary strong normal form f = ^ j ∈ J h a j i f j ∧ ^ b ∈ A l [ b ] _ k ∈ K b y kb is represented by the process defined recursively by q ( f ) = (cid:229) j ∈ J a j . q ( f j ) + (cid:229) b ∈ A l (cid:229) k ∈ K b b . q ( y kb ) , if f = ⊤ q ( ⊤ ) = w . In particular f is the characteristic formula for q ( f ) (up to logical equivalence). Note that even ifin the formal expression above there is a summand for each b ∈ A l , only those b’s such that K b = /0 willfinally appear as summands of q ( f ) . Proof.
First we prove that q ( f ) | = f by induction on the modal depth of f . If f = ⊤ we have thatobviously q ( f ) = w | = f = ⊤ . For the inductive step first we note that q ( f ) a j −→ q ( f j ) for all j ∈ J .By induction, q ( f i ) | = f i . Next assume that q ( f ) b −→ p for some b ∈ A l and some p . We have that p = q ( y kb ) for some k ∈ K b . By induction q ( y kb ) | = y kb and therefore q ( y kb ) | = W k ∈ K b y kb .Next we prove that if q | = f then q ( f ) . cc q . Towards proving this claim, assume that q | = f . Againwe proceed by induction on the modal depth of f .First assume that q ( f ) a −→ p ′ for some a ∈ A r and process term p ′ . Then a = a j for some j ∈ J and p ′ = q ( f j ) . As q | = f , we have that q a j −→ q ′ for some q ′ with q ′ | = f j . By induction, q ( f j ) . cc q ′ , asrequired.Now assume that q b −→ q ′ for some b ∈ A l . As q | = f we have that q ′ | = y kb for some k ∈ K . Now q ( f ) b −→ q ( y kb ) and, by the induction hypothesis, we have q ( y kb ) . cc q ′ , as required.This proves that f is the characteristic formula for q ( f ) and therefore, by Lemma 3, that q ( f ) represents f . Next, we will show that any formula has an equivalent strong normal form and therefore can alwaysbe represented by a (possibly empty) finite set of processes. To derive this result we will use severalstandard equivalences between formulae.
Lemma 4
The following statements hold.1. ∧ and ∨ are associative, commutative and idempotent.2. ∧ distributes over ∨ , and ∨ distributes over ∧ .3. f ∨ ⊤ ≡ ⊤ , f ∨ ⊥ ≡ f , f ∧ ⊤ ≡ f , and f ∧ ⊥ ≡ ⊥ .4. [ b ] ⊤ ≡ ⊤ .5. [ b ] f ∧ [ b ] y ≡ [ b ]( f ∧ y ) for b ∈ A l .6. h a i f ∨ h a i y ≡ h a i ( f ∨ y ) for a ∈ A r . Proof.
The first three collections of equalities are straightforward and well known, so we omit theirproofs. • [ b ] ⊤ ≡ ⊤ . We have p | = [ b ] ⊤ iff p ′ | = ⊤ for all p b −→ p ′ . Therefore, the condition is satisfiedwhenever p b −→ p ′ , and it is vacuously true when p b ..Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 9 • [ b ] f ∧ [ b ] y ≡ [ b ]( f ∧ y ) . We have p | = ([ b ] f ∧ [ b ] y ) iff p ′ | = f for all p b −→ p ′ and p ′ | = y for all p b −→ p ′ , iff p ′ | = ( f ∧ y ) for all p b −→ p ′ , iff p | = [ b ]( f ∧ y ) . • h a i f ∨ h a i y ≡ h a i ( f ∨ y ) . We have p | = h a i f ∨ h a i y iff there exists p a −→ p ′ such that p ′ | = f orthere exists p a −→ p ′′ such that p ′′ | = y , that is, iff there exists some p a −→ p ′ such that p ′ | = f or p ′ | = y . This holds iff p | = h a i ( f ∨ y ) . Lemma 5
Every formula f has an equivalent strong normal form with no larger modal depth. Proof.
First we prove by induction on the modal depth, using 1-3 of Lemma 4, that f has an equivalentnormal form with the same modal depth. To prove the main statement we can therefore assume that f isin normal form. We proceed by induction on the modal depth md ( f ) . The base case md ( f ) = f ≡ ⊥ and f ≡ ⊤ ) follows immediately.Next let us assume that f = _ i ∈ I ( ^ j ∈ J i h a ij i f ij ∧ ^ k ∈ K i [ b ik ] y ik ) . By Lemma 4, using 4 and 5 and the standard laws described in 1-3, f can be rewritten into an equivalentformula of the form f = _ i ∈ I ( ^ j ∈ J i h a ij i f ij ∧ ^ b ∈ A l [ b ] y ib ) where md ( y ib ) ≤ sup { md ( y ik ) | k ∈ K i } (we note that some of the [ b ] y ib s may have the form [ b ] ⊤ , whichis equivalent to ⊤ ). Therefore, by the induction hypothesis, we may assume that f ij and y ib are in strongnormal form. Next we use Lemma 4.6 to remove all the occurrences of ∨ that are guarded by h a i , forsome a ∈ A r in each V j ∈ J i h a ij i f ij . The result for each i is of the form V j ∈ J i ( W l ∈ L j h a ij i f l , ij ) , where each f l , ij is in a unary strong normal form. By repeated use of distributivity, the whole formula can be rewritten as f = _ r ∈ R ( ^ s ∈ S r h a rs i a rs ∧ ^ b ∈ A l [ b ] _ t ∈ T rb b rb , t ) where each a sr and b b , tr is a unary strong normal form. Finally we note that the operations describedabove do not increase the modal depth. Now we will relate our result to the one in Boudol and Larsen’s paper [4].
Definition 8
A formula f is prime if the following holds: ∀ f , f ∈ L . f ≤ f ∨ f implies f ≤ f or f ≤ f . Theorem 3
A formula f can always be represented by a finite set of processes. It can be represented bya single process if and only if it is consistent and prime. Proof.
By Lemma 5, f ≡ f ∨ . . . ∨ f n where each f i , 1 ≤ i ≤ n , is in unary strong normal form. ByTheorem 2, f i ≡ c ( p i ) for some p i for each 1 ≤ i ≤ n , and therefore f ≡ c ( p ) ∨ . . . ∨ c ( p n ) . The firststatement now follows from Lemma 3.2.Towards proving the second statement, first assume that f ≡ c ( p ) ∨ . . . ∨ c ( p n ) is prime. Thisimplies that f ≤ c ( p i ) ≤ f , for some i ∈ { , . . . , n } , which in turn implies that f ≡ c ( p i ) .Next assume that f is represented by some process p or equivalently that f ≡ c ( p ) . Now assumethat c ( p ) ≤ f ∨ f . As p | = c ( p ) , this implies that p | = f ∨ f or equivalently that either p | = f or p | = f . Without loss of generality, we can assume that p | = f . Now assume that r | = c ( p ) . Then p . cc r and by Theorem 1 this implies that r | = f . Since r was arbitrary, this proves that f ≡ c ( p ) ≤ f . Hence f is prime, which was to be shown. Originally [5, 6, 7], the theory of covariant-contravariant semantics also considered bivariant actions in A bi , so that we had a partition of A into { A r , A l , A bi } (called the signature of the LTS), and the definitionof covariant-contravariant simulations imposed the following two conditions: • For all a ∈ A r ∪ A bi and all p a −→ p ′ , there exists some q a −→ q ′ with p ′ R q ′ . • For all a ∈ A l ∪ A bi and all q a −→ q ′ , there exists some p a −→ p ′ with p ′ R q ′ .When we have in our signature bivariant actions we cannot get directly the graphical representationresults that we have presented in Section 4. This is so because bivariant actions cannot be under approx-imated, as a consequence of the well known result that bisimilarity is an equivalence relation and not aplain preorder. In order to maintain our results we mandatorily need that notion of approximation. Weobtain it by decomposing each bivariant action a into a pair of actions, one covariant, a r , and anothercontravariant, a l . Technically, we define an embedding of the set of processes over an arbitrary signature A = { A r , A l , A bi } into that corresponding to a new signature ¯ A = { ¯ A r , ¯ A l , /0 } . The latter does not includeany bivariant action, and then we can apply to it our graphical representation results, that then can betransfered to the original signature by means of the defined embedding.In [1] we presented transformations from LTSs to Modal Transition Systems (MTSs), and vice versa,named M and C , respectively. We proved that both preserve and reflect the covariant-contravariant logicand simulation preorder. Applying these two transformations in a row we did not obtain the identityfunction, but instead a transformation T = C ◦ M that transforms an LTS with bivariant actions intoanother LTS without them. Since composition preserves the good properties of C and M , T also hasthese properties.Next we give a direct definition of T . Definition 9
Let T be an LTS with the signature A = { A r , A l , A bi } . The LTS T ( T ) with signature ˆ A = { ˆ A r , ˆ A l , /0 } , where ˆ A r = { d r | d ∈ A r ∪ A bi } and ˆ A l = { d l | d ∈ A r ∪ A l ∪ A bi } , is constructed as follows: • The set of states of T ( T ) is the same as the one of T plus a new state u. • For each transition p d −→ p ′ in T , add a transition p d l −→ p ′ in T ( T ) . • For each transition p d −→ p ′ in T with d ∈ A r ∪ A bi , add a transition p d r −→ p ′ in T ( T ) . • For each a ∈ A r and state p, add the transition p a l −→ u to T ( T ) , as well as transitions u d l −→ u,for each action d ∈ A. Note that each c ∈ A bi is “encoded” by means of a pair of new actions ( c r , c l ) . Moreover, as aconsequence of the general definition of M , for each a ∈ A r , together with a r , which is its “natural”encoding an additional a l ∈ A l , coupled with it, is introduced. Finally, the behaviour of the “extra” state u is defined by w .Based on this transformation, we have designed a direct encoding of LTSs over a signature A = { A r , A l , A bi } by means of LTSs over an adequate signature ¯ A = { ¯ A r , ¯ A l , /0 } . As above, for each c ∈ A bi inthe original signature, we introduce a pair of (new) actions, as the following definition makes precise. Definition 10
Let T be an LTS with signature A = { A r , A l , A bi } . The LTS T ( T ) , with signature ¯ A = { ¯ A r , ¯ A l , /0 } , where ¯ A r = A r ∪ { c r | c ∈ A bi } and ¯ A l = A l ∪ { c l | c ∈ A bi } , is constructed as follows: • The set of states of T ( T ) is the same as that of T . .Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 11 X Y Zac b C ◦ M X Y Zua r , a l c r , c l b l a l a l a l a l , c l , b l Figure 1: The original transformation of a LTS with bivariant actions into anotherwithout them, assuming A r = { a } , A l = { b } and A bi = { c } . • All the transitions from T with label in A r ∪ A l are in T ( T ) . • For each transition p c −→ p ′ in T with c ∈ A bi , we add p c r −→ p ′ and p c l −→ p ′ to T ( T ) . The transformation above produces an LTS without bivariant actions more closely related to theoriginal covariant-contravariant LTS than that produced by T (compare Figure 2 with Figure 1). Notethat the class of LTSs with signature ¯ A that satisfy that p c r −→ p ′ if and only if p c l −→ p ′ , for all p , p ′ ∈ P ,and all c ∈ A bi ; is exactly the class of processes that are the representation of some LTS with signature A .To translate modal formulae we have just to adopt the right modality for each action, as the followingdefinition makes precise. Definition 11
Let us extend T to translate modal formulae over the modal logic for LTS over A intomodal formulae over the modal logic for LTS over ¯ A, as follows: • T ( ⊥ ) = ⊥ . • T ( ⊤ ) = ⊤ . • T ( j ∧ y ) = T ( j ) ∧ T ( y ) . • T ( j ∨ y ) = T ( j ) ∨ T ( y ) . • T ( h a i j ) = h a i T ( j ) , if a ∈ A r . • T ( h c i j ) = h c r i T ( j ) , if c ∈ A bi . • T ([ b ] j ) = [ b ] T ( j ) , if b ∈ A l . • T ([ c ] j ) = [ c l ] T ( j ) , if c ∈ A bi .X Y Zac b T X Y Zac r , c l b Figure 2: The new transformation T ( T ) of an LTS with bivariant actions into an-other without them, assuming A r = { a } , A l = { b } and A bi = { c } .In order to show that T preserves and reflects the cc-simulation preorder, we compare T ( T ) with T ( T ) and we prove a more general result.2 Graphical representation of cc-modal formulae Definition 12
Given a signature { A r , A l , /0 } and c l ∈ A l we define the transformation T + c l as that whichgiven an LTS T with that signature adds a new state u whose behaviour is that defined by w , and a newtransition labelled by c l from each state of T to u. Proposition 1 T + c l preserves and reflects the cc-simulation preorder when applied to a system that doesnot contain any c l transition. Proof.
We will see that R is a cc-simulation in T if and only if R ∪ { ( u , u ) } is a cc-simulation in T + c l ( T ) .The result is immediate by simply observing that for a -transitions, with a = c l , the leaving of any state p with p = u are exactly the same in T and T + c l ( T ) , while for any such state we always have p c l −→ u in T + c l ( T ) . Corollary 1
Let T be an LTS with signature { A r , A l , A bi } . Then, for any two states p and q of T , wehave p . cc q in T ( T ) if and only if p . cc q in T ( T ) . Proof.
Note that T ( T ) is a { ¯ A r , ¯ A l , /0 } -LTS, while T ( T ) is an { ˆ A r , ˆ A l , /0 } -LTS, where ˆ A r = { a r | a ∈ A r ∪ A bi } and ˆ A l = ¯ A l ∪ { a l | a ∈ A r } . This means that we can also see T ( T ) as an { ˆ A r , ˆ A l , /0 } -LTS ifwe rename each a ∈ A r into the corresponding a r ∈ ˆ A r . Then, we can apply T + a l for each a ∈ A r in arow, thus getting a transformed system T + ( T ) . All along these applications we are under the hypothesisof Proposition 1. Moreover, the only differences between T + ( T ) and T ( T ) are the collection of a l -transitions paired with the a r -transitions in T , with a ∈ A r . But since for any state p of T + ( T ) we have p a l −→ u , for all a l ∈ { a l | a r ∈ A r } , we immediately conclude that the identity is a cc-simulation in bothdirections (up-to the indicating renaming) between the states of T + ( T ) and those in T ( T ) , from whichwe finally obtain that p . cc q in T ( T ) iff p . cc q in T ( T ) . Corollary 2
Our transformation T preserves and reflects the cc-simulation preorder, that is, for eachLTS T and for all states p and q in T , it holds that p . cc q in T if, and only, if p . cc q in T ( T ) . Proof.
We just need to combine Proposition 1 and Corollary 1. Proposition 2 T preserves and reflects the cc-logic, that is, for each LTS T , any state p and allcovariant-contravariant formula j in T , it holds that p | = j in T if, and only if, p | = T ( j ) in T ( T ) . Proof.
We proved in [1] the corresponding result for T and the transformation T which is defined onlogic formulae exactly as T , but renaming again each a ∈ A r into a r . From the definitions of T and T we immediately conclude that a l -transitions with a ∈ A r do not play any role in the satisfaction of anyformula T ( j ) , and then the result follows from that proved in [1]. After the representation of a bivariant action c ∈ A bi as a pair ( c r , c l ) with c r ∈ ¯ A r and c l ∈ ¯ A l , wehave that c l under-approximates c , whereas c r over-approximates c . This means in particular that wehave c l . cc c l + c r . cc c r c l p . cc c l p + c r q . cc c r q , for all processes p and q . Therefore, once we have separated the covariant and contravariant characters of bivariant actionswe achieve a greater flexibility which allows us to consider “non-balanced” processes where these twocharacters do not go always together, thus producing over and under-approximations when needed. Discussion
It is interesting to compare our new transformation T with the original transformation T from [1]. The first aims to obtain a representation over the signature { ¯ A r , ¯ A l , /0 } that is as simple as.Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 13possible, and this is why we do not introduce a l when a ∈ A r . Instead, we can see the result of thetransformation T as a process in the “uniform” signature ˜ A = { ˜ A r , ˜ A l , /0 } , with ˜ A r = { a r | a ∈ A r ∪ A l ∪ A bi } and ˜ A l = { a l | a ∈ A r ∪ A l ∪ A bi } . It is true that the actions b r with b ∈ A l do not appear in T ( T ) , buteven so we can consider any T ( T ) as a process for ˜ A . Obviously, this is also the case for T ( T ) , wherethe actions a l with a ∈ A r do not appear either. Both T ( T ) and T ( T ) were “good” representations of T , as stated above, however it is clear that we do not have T ( T ) ≡ cc T ( T ) . Instead, T ( T ) . cc T ( T ) ,and in fact T ( T ) is the least process with respect to . cc , for the uniform signature ˜ A that has the goodproperties stated in the paper. Note that, instead, b r -transitions for b ∈ A l do not need to be introduced atall, since any addition of a covariant transitions produces a . cc -greater process.Therefore, the original transformation T would be indeed the adequate one if we wanted to obtainan embedding of the class of processes for any signature into that corresponding to the uniform signature˜ A defined above, where all the actions can be interpreted as the covariant and contravariant parts of theactions in a set A .To conclude the section we explore the set of systems for any signature ¯ A = { ¯ A r , ¯ A l , /0 } . Some ofthem, but not all, are equivalent to the representation of a system for the original alphabet A . Wheneverthat is not the case we would need to remove (or add) some transitions labelled by the created actionsin { c r , c l | c ∈ A bi } in order to obtain a system that is equivalent to the representation of some process.In the following proposition we give an algorithm for obtaining a system for the original signature A towhich a given system for the signature ¯ A is equivalent, whenever such a system exists. To make possiblea proof by (structural) induction, we will only present the result for process terms in P . Proposition 3
Let A = { A r , A l , A bi } be a signature and ¯ A = { ¯ A r , ¯ A l , /0 } be the associated signature with-out bivariant actions. Let p , q ∈ P be process terms for ¯ A such that q is the representation of someprocess for the signature A. Let us assume that p ≡ cc q. Then it is possible to transform p into therepresentation p bi of some process term for A, simply by adding or removing some transitions labelledby actions in { c r , c l | c ∈ A bi } . Proof.
The proof is done by structural induction. • If p = p = w we can take p bi = p . • In the general case, we exploit the fact that whenever a ∈ ¯ A r , if q ′ . cc p ′ then ap ′ + aq ′ ≡ cc ap ′ (and dually, when b ∈ ¯ A l , bp ′ + bq ′ ≡ cc bq ′ ). This means that from any term for ¯ A we can removeall the summands aq ′′ (resp. bp ′′ ) such that ap ′′ is not a maximal a -summand of p ′ with respectto . cc (resp. bp ′′ is not a minimal a -summand), obtaining a ≡ cc -equivalent process. So, we startby removing all the non-maximal a -summands with a ∈ ¯ A r , and all the non-minimal b -summandswith b ∈ ¯ A l of any subterm of p . By abuse of notation, we will still denote the obtained process by p , and we still have p ≡ cc q .Now, for any a -summand of p with a ∈ ¯ A r , p = p ′ + ap ′′ , there is some q a −→ q ′′ with p ′′ . cc q ′′ .But also, since p ≡ cc q , starting with q a −→ q ′′ there must exist some p a −→ p ′′′ with q ′′ . cc p ′′′ , butthen p ′′ . cc p ′′′ , and since p ′′ was maximal we can assume that p ′′′ = p ′′ , and then we also have p ′′ ≡ cc q ′′ . The same is true for all the b -summands with b ∈ ¯ A l , and this means that we can applythe induction hypothesis to all the derivatives of p .Moreover, for each ap ′ summand with a = c r we can add to p the summand c l p ′ and we obtain p ≡ cc p + c l p ′ . Indeed, we have trivially p + c l p ′ . cc p , and to prove that p . cc p + c l p ′ we check q . cc p + c l p ′ . We only need to see that for any transition p + c l p ′ c l −→ p ′ there is some q c l −→ q ′ q ′ . cc p ′ . We use again the maximality of the summand c r p ′ and we obtain, as above, thatthere is some c r q ′ summand of q with q ′ . cc p ′ . But since q was the representation of some processfor A , it has also a summand c l q ′ as required above.The obtained process has already its c r and c l transitions, with c ∈ A bi , paired at its first level, andthen we simply need to apply the induction hypothesis to conclude the proof. Remark 3
Although the proposition above assumes that the considered process was equivalent to therepresentation of some process for A , it is easy to use it as a decision algorithm to check that property:we apply the algorithm to the given process p and check if the obtained process p ′ is ≡ cc -equivalent toit, if that is not the case then p is not equivalent to the representation of any process for the signature A . In [1] we studied the relationships between the notion of refinement over modal transition systems, andthe notions of covariant-contravariant simulation and partial bisimulation over labelled transition sys-tems. Here we have continued that work by looking for the “graphical” representation of the covariant-contravariant modal formulae by means of terms, as it was done in [3] for the case of modal transitionsystems. For technical reasons, we had first to restrict ourselves to the case in which we have no bivari-ant actions. Afterwards, we argued that the general case can, in some sense, be “reduced” to the one wedealt with in Section 4 by defining a semantic-preserving transformation between covariant-contravariantsystems with bivariant actions, and covariant-contravariant systems without them.The idea was to separate each bivariant action into its covariant and its contravariant parts. As amatter of fact, we believe that this idea might be useful not only for obtaining theoretical results, as wehave done here, but also for applications. Most of the studies on process algebras and their semanticsassume the bivariant behaviour of all the actions. It is true that in some studies (see for example [13]) wehave a classification of actions, as we have also done in [1] and in this paper. But now we are proposingto exploit the relationships between the different classes of actions.As future work, it would be interesting to obtain a direct characterization of the formulae that aregraphically representable in a setting with bivariant actions. Such a direct characterization will also pavethe way towards a more general theory of “graphical characterizations” of formulae in modal logics ofprocesses, of which the result by Boudol and Larsen and ours are special cases.Of course, one of the directions in which we plan to continue our studies is that related with thelogical characterization of the semantics, and in particular the connections between logical formulae andterms established by characteristic formulae and graphical representations. The combination of thesetwo frameworks is also an interesting challenge. In particular, we plan some extensions of the recentwork by Lüttgen and Vogler [11, 12] to the case of covariant-contravariant systems.
References [1] Luca Aceto, Ignacio Fábregas, David de Frutos Escrig, Anna Ingólfsdóttir & Miguel Palomino (2011):
Re-lating modal refinements, covariant-contravariant simulations and partial bisimulations . In FundamentalsofSoftwareEngineering,FSEN2011, LNCS, Springer.To appear.[2] Luca Aceto, Anna Ingólfsdóttir, Kim Guldstrand Larsen & Jiˆrí Srba (2007):
Reactive Systems: Modelling,Specification and Verification . Cambridge University Press. .Aceto, I.Fábregas,D.de Frutos, A.Ingólfsdóttir &M.Palomino 15 [3] J. Baeten, D. van Beek, B. Luttik, J. Markovski & J. Rooda (2010):
Partial Bisimulation .SE Report 2010-04, Department of Mechanical Engineering, Eindhoven University of Technology, http://se.wtb.tue.nl/sereports .[4] Gérard Boudol & Kim Gulstrand Larsen (1992):
Graphical versus logical specifications . TheoreticalCom-puterScience 106(1), pp. 3–20, doi:10.1016/0304-3975(92)90276-L.[5] Ignacio Fábregas, David de Frutos-Escrig & Miguel Palomino (2009):
Non-strongly Stable OrdersAlso Define Interesting Simulation Relations . In CALCO’09, LNCS 5728, Springer, pp. 221–235,doi:10.1007/978-3-642-03741-2_16.[6] Ignacio Fábregas, David de Frutos-Escrig & Miguel Palomino (2010):
Equational Characterization ofCovariant-Contravariant Simulation and Conformance Simulation Semantics . In SOS’10, EPTCS 32, pp.1–14, doi:10.4204/EPTCS.32.1.[7] Ignacio Fábregas, David de Frutos-Escrig & Miguel Palomino (2010):
Logics for Contravariant Simulations .In FORTE-FMOODS2010, LNCS 6117, Springer, pp. 224–231, doi:10.1007/978-3-642-13464-7_18.[8] R. J. van Glabbeek (2001):
The linear time-branching time spectrum I: The semantics of concrete, sequentialprocesses . In J. A. Bergstra, A. Ponse & S. A. Smolka, editors: Handbookofprocessalgebra, North-Holland,pp. 3–99.[9] Kim Guldstrand Larsen (1989):
Modal Specifications . In Automatic Verification Methods for Finite StateSystems, LNCS 407, Springer, pp. 232–246, doi:10.1007/3-540-52148-8_19.[10] Kim Guldstrand Larsen & Bent Thomsen (1988):
A Modal Process Logic . In: LICS 1988, IEEE ComputerSociety, pp. 203–210, doi:10.1109/LICS.1988.5119.[11] Gerald Lüttgen & Walter Vogler (2009):
Safe Reasoning with Logic LTS . In SOFSEM 2009, LNCS 5404,Springer, pp. 376–387, doi:10.1007/978-3-540-95891-8_35.[12] Gerald Lüttgen & Walter Vogler (2010):
Ready simulation for concurrency: It’s logical!
Inf. Comput.208(7), pp. 845–867, doi:10.1016/j.ic.2010.02.001.[13] Nancy Lynch (1988):
I/O Automata: A model for discrete event systems . In 22nd Annual Conferenc e onInformationSciencesandSystems , pp. 29–38. http://groups.csail.mit.edu/tds/papers/Lynch/MIT-LCS-TM-351.pdf [14] R. Milner (1989):
Communication and Concurrency . Prentice Hall.[15] David Park (1981):