On CSP and the Algebraic Theory of Effects
aa r X i v : . [ c s . L O ] J u l On CSP and the Algebraic Theory of Effects
Rob van Glabbeek and Gordon Plotkin ∗ Abstract
We consider CSP from the point of view of the algebraic theory of effects,which classifies operations as effect constructors and effect deconstructors ; it alsoprovides a link with functional programming, being a refinement of Moggi’s sem-inal monadic point of view. There is a natural algebraic theory of the constructorswhose free algebra functor is Moggi’s monad; we illustrate this by characterisingfree and initial algebras in terms of two versions of the stable failures model of CSP,one more general than the other. Deconstructors are dealt with as homomorphismsto (possibly non-free) algebras.One can view CSP’s action and choice operators as constructors and the rest,such as concealment and concurrency, as deconstructors. Carrying this programmeout results in taking deterministic external choice as constructor rather than gen-eral external choice. However, binary deconstructors, such as the CSP concurrencyoperator, provide unresolved difficulties. We conclude by presenting a combinationof CSP with Moggi’s computational l -calculus, in which the operators, includingconcurrency, are polymorphic. While the paper mainly concerns CSP, it ought to bepossible to carry over similar ideas to other process calculi. Rob van GlabbeekNICTA, Sydney, AustraliaUniversity of New South Wales, Sydney, AustraliaGordon PlotkinLaboratory for the Foundations of Computer Science, School of Informatics, University of Edin-burgh, UK ∗ This work was done with the support of a Royal Society-Wolfson Award. Rob van Glabbeek and Gordon Plotkin
We examine Hoare’s CSP [BHR84, Hoa85, Ros98] from the point of view of thealgebraic theory of effects [PP02, PP04, HPP06, PPr09], a refinement of Moggi’sseminal ‘monads as notions of computation’ [Mog89, Mog91, BHM02]. This is anatural exercise as the algebraic nature of both points to a possibility of commonal-ity. In the algebraic theory of effects operations do not all have the same character.Some are effect constructors : they create the effects at hand; some are effect decon-structors : they respond to effects created. For example, raising an exception createsan effect—the exception raised—whereas exception-handling responds to effects—exceptions that have been raised. It may therefore be interesting, and even useful,to classify CSP operators as constructors or deconstructors. Considering CSP andthe algebraic theory of effects together also raises the possibility of combining CSPwith functional programming in a principled way, as Moggi’s monadic approachprovides a framework for the combination of computational effects with functionalprogramming. More generally, although we mainly consider CSP, a similar exer-cise could be undertaken for other process calculi as they have a broadly similaralgebraic character.The theory of algebraic effects starts with the observation that effect constructorsgenerally satisfy natural equations, and Moggi’s monad T is precisely the free alge-bra monad for these equations (an exception is the continuations monad which is ofa different character). Effect deconstructors are treated as homomorphisms from thefree algebra to another algebra, perhaps with the same carrier as the free algebra butwith different operations. These operations can be given by combinations of effectconstructors and previously defined deconstructors. The situation is much like thatof primitive recursive definitions, although we will not present a formal definitionalscheme.We mainly consider that part of CSP containing action, internal and externalchoice, deadlock, relabelling, concealment, concurrency and interleaving, but not,for example, recursion (we do, albeit briefly, consider the extension with termi-nation and sequencing). The evident constructors are then action prefix, and thetwo kinds of choice, internal and external, the latter together with deadlock. Theevident deconstructors are relabelling, concealment, concurrency and interleaving.There is, however, a fly in the ointment, as pointed out in [PPr09]. Parallel opera-tors, such as CSP’s concurrency and interleaving, are naturally binary, and respondto effects in both arguments. However, the homomorphic approach to deconstruc-tors, as sketched above, applies only to unary deconstructors, although it is possibleto extend it to accommodate parameters and simultaneous definitions. Nonetheless,the natural definitions of concurrency and interleaving do not fall within the homo-morphic approach, even in the extended sense. This problem has nothing to do withCSP: it applies to all examples of parallelism of which we are aware.Even worse, when we try to carry out the above analysis for CSP, it seems thatthe homomorphic approach cannot handle concealment. The difficulty is caused bythe fact that concealment does not commute with external choice. Fortunately thisdifficulty can be overcome by changing the effect constructors: we remove external n CSP and the Algebraic Theory of Effects 3 choice and action prefix and replace them by the deterministic external choice oper-ator ( a → P ( a ) | . . . | a n → P ( a n )) , where the a i are all different. Binary externalchoice then becomes a deconstructor.With that we can carry out the program of analysis, finding only the expected dif-ficulty in dealing with concurrency and interleaving. However, it must be admittedthat the n -ary operators are somewhat clumsy to work with, and it is at least a prioriodd to take binary external choice as a deconstructor. On the other hand, in [Hoa85,Section 1.1.3] Hoare writes: The definition of choice can readily be extended to more than two alternatives, e.g., ( x → P | y → Q | . . . | z → R ) Note that the choice symbol | is not an operator on processes; it would be syntacticallyincorrect to write P | Q , for processes P and Q . The reason for this rule is that we want toavoid giving a meaning to ( x → P | x → Q ) which appears to offer a choice of first event, but actually fails to do so. which might be read as offering some support to a treatment which takes determin-istic external choice as a primitive (here = constructor), rather than general externalchoice. On our side, we count it as a strength of the algebraic theory of effects that itclassifies effect-specific operations and places constraints on them: that they eitherbelong to the basic theory or must be defined according to a scheme that admitsinductive proofs.Turning to the combination with functional programming, consider Moggi’scomputational l -calculus. Just as one accommodates imperative programmingwithin functional programming by treating commands as expressions of type unit ,so it is natural to treat our selection of CSP terms as expressions of type empty asthey do not terminate normally, only in deadlock. For process languages such asACP [BK85, BK86] which do have the possibility of normal termination, or CSPwith such a termination construct, one switches to regarding process terms as ex-pressions of type unit , when a sequencing operator is also available.As we have constructors for every T ( X ) , it is natural to treat them as polymorphicconstructs, rather than just as process combinators. For example, one could have abinary construction for internal choice, with typing rule: M : s N : s M ⊓ N : s It is natural to continue this theme for the deconstructors, as in: M : s M \ a : s M : s N : t M || N : s × t where the thought behind the last rule is that M and N are evaluated concurrently,terminating normally only if they both do, when the pair of results returned individ-ually by each is returned. Rob van Glabbeek and Gordon Plotkin
In the case of CSP a functional programming language CSPM incorporating CSPprocesses has been given by Scattergood [Sca]; it is used by most existing CSP toolsincluding the Failures Divergences Refinement Checker (FDR), see [Ros94]. Scat-tergood’s CPSM differs from our proposal in several respects. Most significantly,processes are not treated on a par with other expressions: in particular they cannotbe taken as arguments in functions, and CSP constructors and deconstructors areonly available for processes. It remains to be seen if such differences are of practi-cal relevance.In Section 3 we take deadlock, action, binary internal and external choice as theconstructors. We show, in Theorem 3.4, that, with the standard equational theory,the initial algebra is the ‘finitary part’ of the original Brookes-Hoare-Roscoe fail-ures model [BHR84]; which is known to be isomorphic to the finitary, divergence-and X -free part of the failures/divergences model, as well as the finitary, divergence-and X -free part of the stable failures model, both of which are described in [Ros98].In Section 4 we go on to consider effect deconstructors, arriving at the difficultywith concealment and illustrating the problems with parallel operators in the (sim-pler) context of Milner’s synchronisation trees. A reader interested in the problemof dealing with parallel operators algebraically need only read this part, togetherwith [PPr09].We then backtrack in Section 5, making a different choice of constructors, as dis-cussed above, and giving another characterisation of the finitary failures model asan initial algebra in Theorem 5.2. With that, we can carry out our programme, fail-ing only where expected: with the binary deconstructors. In Section 6 we add a zerofor the internal choice operator to our algebra; this can be interpreted as divergencein the stable failures model, and permits the introduction of a useful additional de-terministic external choice constructor. Armed with this tool, in Section 7, we lookat the combination of CSP and functional programming, following the lines hintedat above. In order to give a denotational semantics we need, in Theorem 7.4, tocharacterise the free algebras rather than just the initial one.As remarked above, termination and sequencing are accommodated within func-tional programming via the type unit ; in Section 7.1 we therefore also give a brieftreatment of our fragment of CSP extended with termination and sequencing, mod-elling it in the free algebra over the one-point set.The concluding Section 8 contains a brief discussion of the general question ofcombining process calculi, or parallelism with a global store, with functional pro-gramming. The case of CSP considered here is just one example of the many possi-ble such combinations. Throughout this paper we do not consider recursion; this en-ables us to work within the category of sets. A more complete treatment would dealwith recursion working within, say, the category of w -cpos (i.e., partial orders withlubs of increasing w -sequences) and continuous functions (i.e., monotone functionspreserving lubs of increasing w -sequences). This is discussed further in Section 8.The appendix gives a short presentation of Moggi’s computational l -calculus. n CSP and the Algebraic Theory of Effects 5 We give a brief sketch of finitary equational theories and their free algebra monads.For a fuller explanation see, e.g., [Bor94, AGM95]. Finitary equational theories Thare derived from a given set of axioms, written using a signature S consisting of aset of operation symbols op : n , together with their arities n ≥
0. One forms terms t from the signature and variables and the axioms then consist of equations t = u between the terms; there is a natural equational logic for deducing consequences ofthe axioms; and the theory consists of all the equations derivable from the axioms.A ground equation is one where both terms are closed , meaning that they containno variables.For example, we might consider the fragment of CSP with signature (cid:31) :2, Stop :0and the following axioms for a semilattice (the first three axioms) with a zero (thelast): Associativity ( x (cid:31) y ) (cid:31) z = x (cid:31) ( y (cid:31) z ) Commutativity x (cid:31) y = y (cid:31) x Idempotence x (cid:31) x = x Zero x (cid:31) Stop = x A S -algebra is a structure A = ( X , ( op A : X n → X ) op: n ∈ S ) ; we say that X is the car-rier of A and the op A are its operations . We may omit the subscript on operationswhen the algebra is understood. When we are thinking of an algebra as an algebraof processes, we may say ‘operator’ rather than ‘operation.’ A homomorphism be-tween two algebras is a map between their carriers respecting their operations; wetherefore have a category of S -algebras.Given such a S -algebra, every term t has a denotation [[ t ]]( r ) , an element ofthe carrier, given an assignment r of elements of the carrier to every variable; weoften confuse terms with their denotation. The algebra satisfies an equation t = u if t and u have the same denotation for every such assignment. If A satisfies all theaxioms of a theory Th, it is called a Th-algebra; the Th-algebras form a subcategoryof the category of S -algebras. Any equation provable from the axioms of a theoryTh is satisfied by any Th-algebra. We say that a theory Th is (ground) equationallycomplete with respect to a Th-algebra if a (ground) equation is provable from Th if,and only if, it is satisfied by the Th-algebra.Any finitary equational theory Th determines a free algebra monad T Th on thecategory of sets, as well as operationsop X : T Th ( X ) n → T Th ( X ) for any set X and op : n ∈ S , such that ( T Th ( X ) , ( op X : X n → X ) op: n ∈ S ) is the free Th-algebra over X . Although T Th ( X ) is officially just a set, the carrier of the free algebra,we may also use T Th ( X ) to denote the free algebra itself. In the above example themonad is the finite powerset monad: F ( X ) = { u ⊆ X | u is finite } Rob van Glabbeek and Gordon Plotkin with (cid:31) X and Stop X being union and the empty set, respectively. We consider the fragment of CSP with deadlock, action prefix, internal and externalchoice, relabelling and concealment, and concurrency and interleaving. Workingover a fixed alphabet A of actions , we consider the following operation symbols: Deadlock
Stop : 0
Action a → − : 1 ( a ∈ A ) Internal and External Choice ⊓ , (cid:31) : 2 Relabelling and Concealment f ( − ) , −\ a : 1for any relabelling function f : A → A and action a . If A is infinite, this makes thesyntax infinitary; as that causes us no problems, we do not avoid it. Concurrency and Interleaving || , ||| : 2The signature of our (first) equational theory CSP ( (cid:31) ) for CSP only has operationsymbols for the subset of these operators which are naturally thought of as construc-tors, namely deadlock, action and internal and external choice. Its axioms are thosegiven by de Nicola in [DeN85]. They are largely very natural and modular, and areas follows: • (cid:31) , Stop is a semilattice with a zero (i.e., the above axioms for a semilattice witha zero). • ⊓ is a semilattice (i.e., the axioms stating the associativity, commutativity andidempotence of ⊓ ). • (cid:31) and ⊓ distribute over each other: x (cid:31) ( y ⊓ z ) = ( x (cid:31) y ) ⊓ ( x (cid:31) z ) x ⊓ ( y (cid:31) z ) = ( x ⊓ y ) (cid:31) ( x ⊓ z ) • Actions distribute over ⊓ : a → ( x ⊓ y ) = a → x ⊓ a → y n CSP and the Algebraic Theory of Effects 7 and: a → x (cid:31) a → y = a → x ⊓ a → y All these axioms are mathematically natural except the last which involves a rela-tionship between three different operators.We adopt some useful standard notational abbreviations. For n ≥ d ni = t i to abbreviate t ⊓ . . . ⊓ t n , intending t when n =
1. We assume that paren-theses associate to the left; however as ⊓ is associative, the choice does not matter.As ⊓ is a semilattice, we can even index over nonempty finite sets, as in d i ∈ I t i ,assuming some standard ordering of the t i without repetitions. As (cid:31) is a semilat-tice with a zero, we can adopt analogous notations e ni = t i and e i ∈ I t i but now alsoallowing n to be 0 and I to be /0.As ⊓ is a semilattice we can define a partial order for which it is the greatest lowerbound by writing t ⊑ u as an abbreviation for t ⊓ u = t ; then, as (cid:31) distributes over ⊓ ,it is monotone with respect to ⊑ : that is, if x ⊑ x ′ and y ⊑ y ′ then x (cid:31) y ⊑ x ′ (cid:31) y ′ . (Wemean all this in a formal sense, for example, that if t ⊑ u and u ⊑ v are provable,so is t ⊑ v , etc.) We note the following, which is equivalent to the distributivity of ⊓ over (cid:31) , given that ⊓ and (cid:31) are semilattices, and the other distributivity, that (cid:31) distributes over ⊓ : x ⊓ ( y (cid:31) z ) = x ⊓ ( y (cid:31) z ) ⊓ ( x (cid:31) y ) (1)The equation can also be written as x ⊓ ( y (cid:31) z ) ⊑ ( x (cid:31) y ) . Using this one can deriveanother helpful equation: ( x (cid:31) a → z ) ⊓ ( y (cid:31) a → w ) = ( x (cid:31) a → ( z ⊓ w )) ⊓ ( y (cid:31) a → ( z ⊓ w )) (2)We next rehearse the original refusal sets model of CSP, restricted to finite pro-cesses without divergence; this provides a convenient context for identifying theinitial model of CSP ( (cid:31) ) in terms of failures.A failure (pair) is a pair ( w , W ) with w ∈ A ∗ and W ⊆ fin A . For every set F offailure pairs, we define its set of traces to betr F = { w | ( w , /0 ) ∈ F } and for every w ∈ tr F we define its set of futures to be:fut F ( w ) = { a | wa ∈ tr F } With that a refusal set F (aka a failure set ) is a set of failure pairs, satisfying thefollowing conditions:1. e ∈ tr F wa ∈ tr F ⇒ w ∈ tr F ( w , W ) ∈ F ∧ V ⊆ W ⇒ ( w , V ) ∈ F ( w , W ) ∈ F ∧ a / ∈ fut F ⇒ ( w , W ∪ { a } ) ∈ F A refusal set is finitary if its set of traces is finite.
Rob van Glabbeek and Gordon Plotkin
The collection of finitary refusal sets can be turned into a CSP ( (cid:31) ) -algebra R f bythe following standard definitions of the operators: Stop R f = { ( e , W ) | W ⊆ fin A } a → R f F = { ( e , W ) | a / ∈ W } ∪ { ( aw , W ) | ( w , W ) ∈ F } F ⊓ R f G = F ∪ GF (cid:31) R f G = { ( e , W ) | ( e , W ) ∈ F ∩ G } ∪ { ( w , W ) | w = e , ( w , W ) ∈ F ∪ G } The other CSP operation symbols also have standard interpretations over the collec-tion of finitary refusal sets: f ( F ) = { ( f ( w ) , W ) | ( w , f − ( W ) ∩ fut F ( w )) ∈ F } F \ a = { ( w \ a , W ) | ( w , W ∪ { a } ) ∈ F } F || G = { ( w , W ∪ V ) | ( w , W ) ∈ F , ( w , V ) ∈ G } F ||| G = { ( w , W ) | ( u , W ) ∈ F , ( v , W ) ∈ G , w ∈ u | v } with the evident action of f on sequences and sets of actions, and where w \ a isobtained from w by removing all occurrences of a , and where u | v is the set ofinterleavings of u and v . Lemma 3.1.
Let F be a finitary refusal set. Then for every w ∈ tr F there areV , . . . , V n ⊆ fut F ( w ) , including fut F ( w ) , such that ( w , W ) ∈ F iff W ∩ V i = /0 forsome i ∈ { , . . . , n } .Proof. The closure conditions imply that ( w , W ) is in F iff ( w , W ∩ fut F ( w )) is. Thuswe only need to be concerned about pairs ( w , W ) with W ⊆ fut F ( w ) . Now, as fut F ( w ) is finite, for any relevant ( w , W ) ∈ F , of which there are finitely many, we can take V to be fut F ( w ) \ W , and we obtain finitely many such sets. As ( w , /0 ) ∈ F , these includefut F ( w ) . ⊓⊔ Lemma 3.2.
All finitary refusal sets are definable by closed
CSP ( (cid:31) ) terms.Proof. Let F be a finitary refusal set. We proceed by induction on the length ofthe longest trace in F . By the previous lemma there are sets V , . . . , V n , includingfut F ( e ) , such that ( e , W ) ∈ F iff W ∩ V i = /0 for some i ∈ { , . . . , n } . Define F a , for a ∈ fut F ( e ) , by: F a = { ( w , W ) | ( aw , W ) ∈ F } Then it is not hard to see that each F a is a finitary refusal set, and that F = l i m a ∈ V i a → F a As the longest trace in F a is strictly shorter than the longest one in F , the proofconcludes, employing the induction hypothesis. ⊓⊔ We next recall some material from de Nicola [DeN85]. Let L be a collection ofsets; we say it is saturated if whenever L ⊆ L ′ ⊆ S L , for L ∈ L then L ′ ∈ L . Then n CSP and the Algebraic Theory of Effects 9 a closed CSP ( (cid:31) ) -term t is in normal form if it is of the form: l L ∈ L m a ∈ L a → t a where L is a finite non-empty saturated collection of finite sets of actions and eachterm t a is in normal form. Note that the concept of normal form is defined recur-sively. Proposition 3.3.
CSP ( (cid:31) ) is ground equationally complete with respect to R f .Proof. Every term is provably equal in CSP ( (cid:31) ) to a term in normal form. For theproof, follow that of Proposition A6 in [DeN85]; alternatively, it is a straightforwardinduction in which equations (1) and (2) are helpful. Further, it is an immediateconsequence of Lemma 4.8 in [DeN85] that if two normal forms have the samedenotation in R f then they are identical (and Lemma 7.2 below establishes a moregeneral result). The result then follows. ⊓⊔ Theorem 3.4.
The finitary refusal sets algebra R f is the initial CSP ( (cid:31) ) algebra.Proof. Let the initial such algebra be I. There is a unique homomorphism h :I → R f .By Lemma 3.2, h is a surjection. By the previous proposition, R f is complete forequations between closed terms, and so h is an injection. So h is an isomorphism,completing the proof. ⊓⊔ In the algebraic theory of effects, the semantics of effect deconstructors , such asexception handlers, is given using homomorphisms from free algebras. In this casewe are interested in T CSP ( (cid:31) ) ( /0 ) . This is the initial CSP ( (cid:31) ) algebra, R f , so given aCSP ( (cid:31) ) algebra: A = ( T CSP ( (cid:31) ) ( /0 ) , ⊓ A , Stop A , ( a → A ) , (cid:31) A ) there is a unique homomorphism: h : R f → A Relabelling
We now seek to define f ( − ) : T CSP ( (cid:31) ) ( /0 ) → T CSP ( (cid:31) ) ( /0 ) homomorphi-cally. Define an algebra Rl on T CSP ( (cid:31) ) ( /0 ) by putting, for refusal sets F , G : Stop Rl = Stop R f ( a → Rl F ) = ( f ( a ) → R f F ) F ⊓ Rl G = F ⊓ R f G F (cid:31) Rl G = F (cid:31) R f G One has to verify this gives a CSP ( (cid:31) ) -algebra, which amounts to verifying that thetwo action equations hold, for example that, for all F , G : a → Rl ( F ⊓ Rl G ) = ( a → Rl F ) ⊓ Rl ( a → Rl G ) which is equivalent to: f ( a ) → R f ( F ⊓ R f G ) = ( f ( a ) → R f F ) ⊓ R f ( f ( a ) → R f G ) We therefore have a unique homomorphism R f h Rl −→ Rl and so the following equations hold over the algebra R f : h Rl ( Stop ) =
Stop h Rl ( a → F ) = f ( a ) → h Rl ( F ) h Rl ( F ⊓ G ) = h Rl ( F ) ⊓ h Rl ( G ) h Rl ( F (cid:31) G ) = h Rl ( F ) (cid:31) h Rl ( G ) Informally one can use these equations to define h Rl by a ‘ principle of equationalrecursion ,’ but one must remember to verify that the implicit algebra obeys the re-quired equations.We use h Rl to interpret relabelling. We then immediately recover the familiarCSP laws: f ( Stop ) =
Stop f ( a → x ) = f ( a ) → f ( x ) f ( x ⊓ y ) = f ( x ) ⊓ f ( y ) f ( x (cid:31) y ) = f ( x ) (cid:31) f ( y ) which we now see to be restatements of the homomorphism of relabelling. Concealment
There is a difficulty here. We do not have that ( F (cid:31) G ) \ a = F \ a (cid:31) G \ a but rather have the following two equations (taken from [DeN85]): (( a → F ) (cid:31) G ) \ a = F \ a ⊓ (( F (cid:31) G ) \ a ) (3) ( n m i = a i F i ) \ a = n m i = a i ( F i \ a ) (4)where no a i is a . Furthermore, there is no direct definition of concealment via anequational recursion, i.e., there is no suitable choice of algebra, (cid:31) A etc. For, ifthere were, we would have: n CSP and the Algebraic Theory of Effects 11 ( F (cid:31) G ) \ a = F \ a (cid:31) A G \ a (5)So if a does not occur in any trace of F ′ or G ′ we would have: F ′ (cid:31) A G ′ = F ′ \ a (cid:31) A G ′ \ a = ( F ′ (cid:31) G ′ ) \ a = F ′ (cid:31) G ′ but, returning to equation (5), a certainly does not occur in any trace of F \ a or G \ a and so we would have: ( F (cid:31) G ) \ a = F \ a (cid:31) A G \ a = F \ a (cid:31) R f G \ a which is false. It is conceivable that although there is no direct homomorphic defi-nition of concealment, there may be an indirect one where other functions (possiblywith parameters—see below) are defined homomorphically and concealment is de-finable as a combination of those. Before trying to recover from the difficulty with concealment, we look at a furtherdifficulty, that of accommodating binary deconstructors, particularly parallel oper-ators. We begin with a simple example in a strong bisimulation context, but ratherthan a concurrency operator in the style of CCS we consider one analogous to CSP’s || . We take as signature a unary action prefix, a . − , for a ∈ A , a nullary NIL anda binary sum + . The axioms are that + is a semilattice with zero NIL ; the initialalgebra is then that of finite synchronisation trees ST . Every synchronisation tree t has a finite depth and can be written as n (cid:229) i = a i . t i for some n ≥
0, where the t i are also synchronisation trees (of strictly smaller depth),and where no pair ( a i , t i ) occurs twice. The order of writing the summands makesno difference to the tree denoted.One can define a binary synchronisation operator || on synchronisation trees t = (cid:229) i a i . t i and t ′ = (cid:229) j b j . t j by induction on the depth of t (or t ′ ): t || t ′ = (cid:229) a i = b j a i . ( t i || t ′ j ) Looking for an equational recursive definition of || , one may try a ‘mutual (paramet-ric) equational recursive definition’ of || and a certain family || a with x , y , z varying over ST : NIL || z = NIL ( x + y ) || z = ( x || z ) + ( y || z ) a . x || z = x || a z and z || a NIL = NIL z || a ( x + y ) = ( z || a x ) + ( z || a y ) z || a b . x = (cid:26) a . ( z || x ) ( if b = a ) NIL ( if b = a ) Unfortunately, this definition attempt is not an equational recursion. Mutual (para-metric) equational recursions are single ones to an algebra on a product. Here wewish a map: ST → ST × ST . Informally we would write such clauses as: h ( x + y ) || z , z || a ( x + y ) i = h ( x || z ) + ( y || z ) , ( z || a x ) + ( z || a y ) i with the recursion variables, here x , y , on the left for || and on the right for || a .However: h a . x || z , z || a b . x i = (cid:26) h x || a z , a . ( z || x ) i ( if b = a ) h x || a z , NIL i ( if b = a ) does not respect this discipline: the recursion variable, here x , (twice) switchesplaces with the parameter z .We are therefore caught in a dilemma. One can show, by induction on the depthof synchronisation trees, that the above definitions, viewed as equations for || and || a have a unique solution: the expected synchronisation operator || , and the functions || a defined on synchronisation trees t and t ′ = (cid:229) j b j . t j by: t || a t ′ = (cid:229) b j = a a . ( t || t j ) So we have a correct definition not in equational recursion format. So we must either • find a different correct definition in the equational recursion formator else • find another algebraic format into which the correct definition fits.When we come to the CSP parallel operator we do not even get as far as we didwith synchronisation trees. The problem is like that with concealment: the distribu-tive equation: ( F (cid:31) F ′ ) || G = ( F || G ) (cid:31) ( F ′ || G ) does not hold. One can show that there is no definition of || analogous to the aboveone for synchronisation trees, i.e., there is no suitable choice of algebra, (cid:31) A etc, andfunctions || a . The reason is that there is no binary operator (cid:31) ′ on (finitary) failuresets such that, for all F , G , H we have: n CSP and the Algebraic Theory of Effects 13 ( F (cid:31) F ′ ) || G = ( F || G ) (cid:31) ′ ( F ′ || G ) For suppose, for the sake of contradiction, that there is such an operator. Then, fixing F and F ′ , choose G such that F || G = F , F ′ || G = F ′ and ( F (cid:31) F ′ ) || G = ( F (cid:31) F ′ ) .Then, substituting into the above equation, we obtain that F (cid:31) F ′ = F (cid:31) ′ F ′ and sothe above equation yields distributivity, which, in fact, does not hold. As in the caseof concealment, there may nonetheless be an indirect definition of || .A similar difficulty obtains for the CSP interleaving operator. It too does notcommute with (cid:31) , and it too does not have any direct definition (the argument is likethat for the concurrency operator but a little simpler, taking G = Stop ). As in thecase of the concurrency operator, there may be an indirect definition.
Equations (3) and (4) do not immediately suggest a recursive definition of conceal-ment. However, one can show that, for distinct actions a i ( i = , n ), the followingequation holds between refusal sets: ( n m i = a i → F i ) \ a j = ( F j \ a j ) ⊓ (( F j \ a j ) (cid:31) m i = j a i → ( F i \ a j )) where 1 ≤ j ≤ n . Taken together with equation (4), this suggests a recursive defini-tion in terms of deterministic external choice. We therefore now change our choiceof constructors, replacing binary external choice, action prefix and deadlock by de-terministic external choice.So as our second signature for CSP we take a binary operation symbol ⊓ ofinternal choice and, for any deterministic action sequence ~ a (i.e., any sequence ofactions a i ( i = , n ), with the a i all different and n ≥ n -ary operation symbol e ~ a of deterministic external choice. We write e ~ a ( t , . . . , t n ) as e ni = a i t i although itis more usual to use Hoare’s notation ( a → t | · · · | a n → t n ) ; we also use Stop toabbreviate e ~ a () .We have the usual semilattice axioms for ⊓ . Deterministic external choice iscommutative, in the sense that: m i a i x i = m i a p ( i ) x p ( i ) for any permutation p of { , . . . , n } . Given this, we are justified in writing determin-istic external choices over finite, possibly empty, sets of actions, e a ∈ I at a , assumingsome standard ordering of pairs ( a , t a ) without repetitions.For the next axiom it is convenient to write ( a → t ) (cid:31) e ni = a i t i for e ni = a i t i (for n ≥ ( a → ( x ⊓ x ′ )) (cid:31) n m i = a i x i = ( a → x ) (cid:31) n m i = a i x i ! ⊓ ( a → x ′ ) (cid:31) n m i = a i x i ! This implies that deterministic external choice is monotone with respect to ⊑ .We can regard a, possibly nondeterministic, external choice, in which the a i neednot be all different, as an abbreviation for a deterministic one, via: m i a i t i = m b ∈{ a ,..., a n } b l a i = b t i (6)With that convention we may also write a → t (cid:31) e ni = a i t i even when a is some a i , for i >
1. We can now write our final axiom: m i a i x i ! ⊓ ( b → y ) (cid:31) n m j = b j y j ⊑ ( b → y ) (cid:31) m i a i x i (7)Restricting the external choice ( b → y ) (cid:31) e j b j y j to be deterministic gives anequivalent axiom, as does restricting e i a i x i (in the presence of the others).Let us call this equational theory CSP ( | ) . The finitary refusal sets form a CSP ( | ) -algebra R df with the evident definitions: F ⊓ R df G = F ∪ G ( e ~ a ) R df ( F , . . . , F n ) = { ( e , W ) | W ∩ { a , . . . , a n } = /0 } ∪ { ( a i w , W ) | ( w , W ) ∈ F i } Theorem 5.1.
The finitary refusal sets algebra R df is complete for equations be-tween closed CSP ( | ) terms.Proof. De Nicola’s normal form can be regarded as written in the signature ofCSP ( | ) , and a straightforward induction proves that every CSP ( | ) term can be re-duced to such a normal form using the above axioms. But two such normal formshave the same denotation whether they are regarded as CSP ( (cid:31) ) or as CSP ( | ) terms,and in the former case, by Lemma 4.8 of [DeN85], they are identical. ⊓⊔ Theorem 5.2.
The finitary refusal sets algebra R df is the initial CSP ( | ) algebra.Proof. Following the proof of Lemma 3.2 we see that every finitary refusal set isdefinable by a closed CSP ( | ) term. With that, initiality follows from the above com-pleteness theorem, as in the proof of Theorem 3.4. ⊓⊔ Turning to the deconstructors, relabelling again has a straightforward homomor-phic definition: given a relabelling function f : A → A , h Rl : T CSP ( | ) ( /0 ) → T CSP ( | ) ( /0 ) is defined homomorphically by: h Rl ( F ⊓ G ) = h Rl ( F ) ⊓ h Rl ( G ) n CSP and the Algebraic Theory of Effects 15 h Rl ( m i a i F i ) = m i f ( a i ) h Rl ( F i ) As always one has to check that the implied algebra satisfies the equations, herethose of CSP ( | ) .There is also now a natural homomorphic definition of concealment, −\ a , but,surprisingly perhaps, one needs to assume that (cid:31) is available. For every a ∈ A onedefines h a : T CSP ( | ) ( /0 ) → T CSP ( | ) ( /0 ) homomorphically by: h a ( F ⊓ G ) = h a ( F ) ⊓ h a ( G ) h a n m i = a i F i ! = (cid:26) h a ( F j ) ⊓ ( h a ( F j ) (cid:31) e i = j a i h a ( F i )) ( if a = a j , where1 ≤ j ≤ n ) e ni = a i h a ( F i ) ( if a = any a i ) Verifying that the implicit algebra obeys satisfies the required equations is quite abit of work. We record the result, but omit the calculations:
Proposition 5.3.
One can define a
CSP ( | ) -algebra Con on T CSP ( | ) ( /0 ) by:F ⊓ Con G = F ⊓ G ( e ~ a ) Con ( F , . . . , F n ) = (cid:26) F j ⊓ ( F j (cid:31) e i = j a i F i ) ( if a = a j ) e i a i F i ( if a = any a i ) The operator (cid:31) is, of course, no longer available as a constructor. However, it canalternatively be treated as a binary deconstructor. While its treatment as such is nomore successful than our treatment of parallel operators, it is also no less success-ful. We define it simultaneously with ( n + ) -ary functions (cid:31) a ... a n on T CSP ( | ) ( /0 ) , for n ≥
0, where the a i are all distinct. That we are defining infinitely many functionssimultaneously arises from dealing with the infinitely many deterministic choiceoperators (there would be be infinitely many even if we considered them as param-eterised on the a ’s). However, we anticipate that this will cause no real difficulty,given that we have overcome the difficulty of dealing with binary deconstructors.Here are the required definitions: ( F ⊓ F ′ ) (cid:31) G = ( F (cid:31) G ) ⊓ ( F ′ (cid:31) G )( m i a i F i ) (cid:31) G = ( F , . . . , F n ) (cid:31) a ... a n G ( F , . . . , F n ) (cid:31) a ... a n ( G ⊓ G ′ ) = (( F , . . . , F n ) (cid:31) a ... a n G ) ⊓ (( F , . . . , F n ) (cid:31) a ... a n G ′ )( F , . . . , F n ) (cid:31) a ... a n ( m j b j G j ) = ( a → F ) (cid:31) ( . . . (( a n → F n ) (cid:31) m j b j G j ) . . . ) (8)where, in the last equation, the notational convention ( a → t ) (cid:31) e ni = a i t i is used n times. It is clear that (cid:31) together with the functions (cid:31) a ... a n : T CSP ( | ) ( /0 ) n + → T CSP ( | ) ( /0 ) defined by: (cid:31) a ... a n ( F , . . . , F n , G ) = ( m i a i F i ) (cid:31) G (9)satisfy the equations, and, using the fact that all finitary refusal sets are definable bynormal forms, one sees that they are the unique such functions.We can treat the CSP parallel operator || in a similar vein following the patterngiven above for parallel merge operators in the case of synchronisation trees. Wedefine it simultaneously with ( n + ) -ary functions || a ... a n on T CSP ( | ) ( /0 ) , for n ≥ a i are all distinct: ( F ⊓ F ′ ) || G = ( F || G ) ⊓ ( F ′ || G )( m i a i F i ) || G = ( F , . . . , F n ) || a ... a n G ( F , . . . , F n ) || a ... a n ( G ⊓ G ′ ) = (( F , . . . , F n ) || a ... a n G ) ⊓ (( F , . . . , F n ) (cid:31) a ... a n G ′ )( F , . . . , F n ) || a ... a n ( m j b j G j ) = m a i = b j a i ( F i || G j ) (10)Much as before, || together with the functions || a ... a n : T CSP ( | ) ( /0 ) n + → T CSP ( | ) ( /0 ) defined by: || a ... a n ( F , . . . , F n , G ) = ( m i a i F i ) || G are the unique functions satisfying the equations.Finally we consider the CSP interleaving operator ||| . We define this by followingan idea, exemplified in the ACP literature [BK85, BK86], of splitting an associativeoperation into several parts. Here we split ||| into a left interleaving operator ||| l anda right interleaving operator ||| r so that: F ||| G = ( F ||| l G ) (cid:31) ( F ||| r G ) In ACP the parallel operator is split into three parts: a left merge, a right merge(defined in terms of the left merge), and a communication merge; in a subtheory,PA, there is no communication, and the parallel operator, now an interleaving one,is split into left and right parts [BK86]. The idea of splitting an associative operationinto several operations can be found in a much wider context [EFG08] where thesplit into two or three parts is axiomatised by the respective notions of dendriformdialgebra and trialgebra.Our left and right interleaving are defined by the following ‘binary deconstructor’equations: n CSP and the Algebraic Theory of Effects 17 ( F ⊓ F ′ ) ||| l G = ( F ||| l G ) ⊓ ( F ′ ||| l G )( n m i = a i F i ) ||| l G = m i a i (( F i ||| l G ) (cid:31) ( F i ||| r G )) G ||| r ( F ⊓ F ′ ) = ( G ||| r F ) ⊓ ( G ||| r F ′ ) G ||| r ( n m i = a i F i ) = m i a i (( G ||| l F i ) (cid:31) ( G ||| r F i )) (11)As may be expected, these equations also have unique solutions, now given by: F ||| l G = { ( e , W ) | ( e , W ) ∈ F } ∪ { ( w , W ) | ( u , W ) ∈ F , ( v , W ) ∈ G , w ∈ u | l v } F ||| r G = { ( e , W ) | ( e , W ) ∈ G } ∪ { ( w , W ) | ( u , W ) ∈ F , ( v , W ) ∈ G , w ∈ u | r v } where u | l v is the set of interleavings of u and v which begin with a letter of u , and u | r v is defined analogously. It is interesting to note that: F ||| l ( G ⊓ G ′ ) = ( F ||| l G ) ⊓ ( F ||| l G ′ ) and similarly for ||| r . The treatment of CSP presented thus far dealt with finite divergence-free processesonly. There are several ways to extend the refusal sets model of Section 3 to infiniteprocesses with divergence. The most well-known model is the failures/divergences model of [Hoa85], further elaborated in [Ros98]. A characteristic property of thismodel is that divergence, i.e., an infinite sequence of internal actions, is modelled as
Chaos , a process that satisfies the equation:
Chaos (cid:31) x = Chaos ⊓ x = Chaos (12)So after
Chaos no further process activity is discernible.An alternative extension is the stable failures model proposed in [BKO87], andalso elaborated in [Ros98]. This model equates processes that allow the same ob-servations , where actions and deadlock are considered observable, but divergencedoes not give rise to any observations. A failure pair ( w , W ) —now allowing W tobe infinite—records an observation in which w represents a sequence of actions be-ing observed, and W represents the observation of deadlock under the assumptionthat the environment in which the observed process is running allows only the (in-ter)actions in the set W . Such an observation can be made if after engaging in thesequence of visible actions w , the observed process reaches a state in which no fur-ther internal actions are possible, nor any actions from the set W . Besides failurepairs, also traces are observable, and thus the observable behaviour of a process is given by a pair ( T , F ) where T is a set of traces and F is a set of failure pairs. Unlikethe model R f of Section 3, the traces are not determined by the failure pairs. In fact,in a process that can diverge in every state, the set of failure pairs is empty, yet theset of traces conveys important information.In the remainder of this paper we add a constant W to the signature of CSP that isa zero for the semilattice generated by ⊓ . This will greatly facilitate the forthcomingdevelopment. Intuitively, one may think of W as divergence in the stable failuresmodel.W.r.t. the equational theory CSP ( (cid:31) ) of Section 3 we thus add the constant W andthe single axiom: x ⊓ W = x (13)thereby obtaining the theory CSP ( (cid:31) , W ) . We note two useful derived equations: x ⊓ ( W (cid:31) y ) = x ⊓ ( x (cid:31) y )( W (cid:31) x ) ⊓ ( W (cid:31) y ) = ( W (cid:31) x ) (cid:31) ( W (cid:31) y ) (14)Semantically, a process is now given by a pair ( T , F ) , where T is a set of tracesand F is a set of failure pairs that satisfy the following conditions:1. e ∈ T wa ∈ T ⇒ w ∈ T ( w , W ) ∈ F ⇒ w ∈ T ( w , W ) ∈ F ∧ V ⊆ W ⇒ ( w , V ) ∈ F ( w , W ) ∈ F ∧ ∀ a ∈ V . wa / ∈ T ⇒ ( w , W ∪ V ) ∈ F ( where V ⊆ A ) The two components of such a pair P are denoted T P and F P , respectively, and for w ∈ T P we define fut P ( w ) : = { a ∈ A | wa ∈ T P } . We can define the CSP operatorson processes by setting P op Q = ( P op T Q , P op R Q ) where op T is given by: Stop T = { e } a → T P = { e } ∪ { aw | w ∈ T P } P ⊓ T Q = T P ∪ T Q P (cid:31) T Q = T P ∪ T Q f T ( P ) = { f ( w ) | w ∈ T P } P \ T a = { w \ a | w ∈ T P } P || T Q = { w | w ∈ T P , w ∈ T Q } P ||| T Q = { w | u ∈ T P , v ∈ T Q , w ∈ u | v } and op R is given as op R f was in Section 3, but without the restriction to finite sets W in defining Stop R . For the new process W we set W T = { e } and W R = /0 n CSP and the Algebraic Theory of Effects 19 This also makes the collection of processes into a CSP ( (cid:31) , W ) -algebra, F .A process P is called finitary if T P is finite. The finitary processes evidently forma subalgebra of F ; we call it F f . Lemma 6.1.
Let P be a finitary process. Then, for every w ∈ T P there is an n ≥ and V , . . . , V n ⊆ fut F ( w ) such that ( w , W ) ∈ F P iff W ∩ V i = /0 for some i ∈ { , . . . , n } .Proof. Closure conditions 4 and 5 above imply that ( w , W ) ∈ F P if, and only if, ( w , W ∩ fut P ( w )) ∈ F P . Thus we only need to be concerned about pairs ( w , W ) with W ⊆ fut P ( w ) . Now, as fut P ( w ) is finite, for any relevant ( w , W ) ∈ F , of which thereare finitely many, we can take V to be fut P ( w ) \ W , and we obtain finitely many suchsets. ⊓⊔ Note that it may happen that n =
0, in contrast with the case of Lemma 3.1.
Lemma 6.2.
All finitary processes are definable by closed
CSP ( (cid:31) , W ) terms.Proof. Let P be a finitary process. We proceed by induction on the length of thelongest trace in T P . By the previous lemma there are sets V , . . . , V n , for some n ≥ ( e , W ) ∈ F iff W ∩ V i = /0 for some i ∈ { , . . . , n } . Define T a and F a , for a ∈ T P , by: T a = { w | aw ∈ T P } F a = { ( w , W ) | ( aw , W ) ∈ F P } Then it is not hard to see that each P a : = ( T a , F a ) is a finitary process, and that P = l i m a ∈ V i a → P a ⊓ W (cid:31) m a ∈ T P a → P a As the longest trace in T a is strictly shorter than the longest one in T P , the proofconcludes, employing the induction hypothesis. ⊓⊔ Proposition 6.3.
CSP ( (cid:31) , W ) is ground equationally complete with respect to both F and F f .Proof. This time we recursively define a normal form as a CSP ( (cid:31) , W ) -term of theform l L ∈ L m a ∈ L a → t a or W (cid:31) m a ∈ K a → t a where L is a finite non-empty saturated collection of finite sets of actions, K is afinite set of actions, and each term t a is in normal form. Every term is provably equalin CSP ( (cid:31) , W ) to a term in normal form; the proof proceeds as for Proposition 3.3,but now also using the derived equations (14). Next, by Lemma 7.2 below, if twonormal forms have the same denotation in F then they are identical. So the resultfollows for F , and then for F f too, as all closed terms denote finitary processes. ⊓⊔ Theorem 6.4.
The algebra F f of finitary processes is the initial CSP ( (cid:31) , W ) alge-bra.Proof. Let the initial such algebra be I. There is a unique homomorphism h :I → F f .By Lemma 6.2, h is a surjection. By the previous proposition, F f is complete forequations between closed terms, and so h is an injection. Hence h is an isomorphism,completing the proof. ⊓⊔ As in Section 5, in order to deal with deconstructors, particularly hiding, we re-place external choice by deterministic external choice. The availability of W permitsuseful additional such operators. The equational theory CSP ( | , W ) has as signaturethe binary operation symbol ⊓ , and for any deterministic action sequence ~ a , the n -ary operation symbols e ~ a (as in Section 5), as well as the new n -ary operationsymbols e W ~ a , for n ≥
0, which denote a deterministic external choice with W as oneof the summands. We adopt conventions for e W ~ a analogous to those previously in-troduced for e ~ a ( t , . . . , t n ) . We write e W ~ a ( t , . . . , t n ) as W (cid:31) e ni = a i t i . We also write W (cid:31) ( c → t ) (cid:31) e nj = c j t j for W (cid:31) e nj = c j t j , so that the c j ( j = , n ) must all bedistinct.The first three groups of axioms of CSP ( | , W ) are: • ⊓ , W is a semilattice with a zero—here W is the 0-ary case of e W ~ a , • both deterministic external choice operators e ~ a and e W ~ a are commutative, asexplained in Section 5, and • both deterministic external choice operators distribute over internal choice, asexplained in Section 5,Given commutativity, we are, as before, justified in writing deterministic exter-nal choices e a ∈ I at a or W (cid:31) e a ∈ I at a , over finite, possibly empty, sets of actions I ,assuming some standard ordering of pairs ( a , t a ) without repetitions. Next, using theanalogous convention to (6) we can then also understand W (cid:31) e nj = c j t j , and so also W (cid:31) ( c → t ) (cid:31) e nj = c j t j , even when the c j are not all distinct. With these conven-tions established, we can now state the final group of axioms. These are all variantsof Axiom (7) of Section 5, allowing each of the two deterministic external choicesto have an W -summand: W (cid:31) m i a i x i ! ⊓ W (cid:31) ( b → y ) (cid:31) n m j = b j y j ⊑ W (cid:31) ( b → y ) (cid:31) m i a i x i W (cid:31) m i a i x i ! ⊓ ( b → y ) (cid:31) n m j = b j y j ⊑ W (cid:31) ( b → y ) (cid:31) m i a i x i m i a i x i ! ⊓ W (cid:31) ( b → y ) (cid:31) n m j = b j y j ⊑ ( b → y ) (cid:31) m i a i x i n CSP and the Algebraic Theory of Effects 21 m i a i x i ! ⊓ ( b → y ) (cid:31) n m j = b j y j ⊑ ( b → y ) (cid:31) m i a i x i (15)As in the case of Axiom (7), restricting any of these choices to be deterministicresults in an axiom of equivalent power. We note two useful derived equations: m i a i x i ⊓ ( W (cid:31) m j b j y j ) = m i a i x i ⊓ ( m i a i x i (cid:31) m j b j y j )( W (cid:31) m i a i x i ) ⊓ ( W (cid:31) m j b j y j ) = ( W (cid:31) m i a i x i ) (cid:31) m j b j y j (16)where two further notational conventions are employed: ( e mi = a i t i ) (cid:31) ( e nj = b j t ′ j ) stands for e m + nk = c k t ′′ k where c k = a k and t ′′ k = t k , for k = , m , and c k = b k − m , and t ′′ k = t ′ k − m , for k = m + , m + n ; and ( W (cid:31) e mi = a i t i ) (cid:31) ( e nj = b j t ′ j ) is understood anal-ogously. In fact, the first three axioms of (15) are also derivable from (16), in thepresence of the other axioms, and thus may be replaced by (16).The collection of processes is turned into a CSP ( | , W ) -algebra F d as before, writ-ing: P op F d Q = ( P op T d Q , P op R d Q ) and defining op T d and op R d in the evident way: P ⊓ T d Q = T P ∪ T Q ( e ~ a ) T d ( P , . . . , P n ) = { e } ∪ { a i w | w ∈ T P i } ( e W ~ a ) T d ( P , . . . , P n ) = { e } ∪ { a i w | w ∈ T P i } ( e W ~ a ) R d ( P , . . . , P n ) = { ( a i w , W ) | ( w , W ) ∈ F P i } with ⊓ R d and ( e ~ a ) R d given just as in Section 5. Exactly as in Section 5, but nowusing the derived equations (16), we obtain: Theorem 6.5.
The algebra F d is complete for equations between closed CSP ( | , W ) terms. Theorem 6.6.
The finitary subalgebra F df of F d is the initial CSP ( | , W ) algebra. Turning to the deconstructors, relabelling and concealment can again be treatedhomomorphically. For relabelling by f one simply adds the equation: h Rl ( W (cid:31) m i a i F i ) = W (cid:31) m i f ( a i ) h Rl ( F i ) to the treatment in Section 5, and checks that the implied algebra satisfies theequations. Pleasingly, the treatment of concealment can be simplified in such away that the deconstructor (cid:31) is no longer needed. For every a ∈ A one defines h a : T CSP ( | , W ) ( /0 ) → T CSP ( | , W ) ( /0 ) homomorphically by: h a ( P ⊓ Q ) = h a ( P ) ⊓ h a ( Q ) h a n m i = a i P i ! = (cid:26) h a ( P j ) ⊓ ( W (cid:31) e i = j a i h a ( P i )) ( if a = a j , where1 ≤ j ≤ n ) e ni = a i h a ( P i ) ( if a = any a i ) h a W (cid:31) n m i = a i P i ! = (cid:26) h a ( P j ) ⊓ ( W (cid:31) e i = j a i h a ( P i )) ( if a = a j , where1 ≤ j ≤ n ) W (cid:31) e ni = a i h a ( P i ) ( if a = any a i ) Note the use of the new form of deterministic choice here. One has again to verifythat the implicit algebra obeys satisfies the required equations. The treatment of thebinary deconstructors (cid:31) , || and ||| is also a trivial adaptation of the treatment inSection 5. For (cid:31) one adds a further auxiliary operator (cid:31) W , a ... a n and the equations: ( W (cid:31) m i a i P i ) (cid:31) Q = ( P , . . . , P n ) (cid:31) W , a ... a n Q ( P , . . . , P n ) (cid:31) W , a ... a n ( Q ⊓ Q ′ ) = (( P , . . . , P n ) (cid:31) W , a ... a n Q ) ⊓ (( P , . . . , P n ) (cid:31) W , a ... a n Q ′ )( P , . . . , P n ) (cid:31) W , a ... a n ( m j b j Q j ) = ( W (cid:31) m i a i P i ) (cid:31) m j b j Q j ( P , . . . , P n ) (cid:31) W , a ... a n ( W (cid:31) m j b j Q j ) = ( W (cid:31) m i a i P i ) (cid:31) m j b j Q j ( P , . . . , P n ) (cid:31) a ... a n ( W (cid:31) m j b j Q j ) = ( W (cid:31) m i a i P i ) (cid:31) m j b j Q j For || one adds the auxiliary operator || W , a ... a n and the equations: ( W (cid:31) m i a i P i ) || Q = ( P , . . . , P n ) || W , a ... a n Q ( P , . . . , P n ) || W , a ... a n ( Q ⊓ Q ′ ) = (( P , . . . , P n ) || W , a ... a n Q ) ⊓ (( P , . . . , P n ) (cid:31) W , a ... a n Q ′ )( P , . . . , P n ) || W , a ... a n ( m j b j Q j ) = W (cid:31) m a i = b j a i ( P i || Q j )( P , . . . , P n ) || W , a ... a n ( W (cid:31) m j b j Q j ) = W (cid:31) m a i = b j a i ( P i || Q j )( P , . . . , P n ) || a ... a n ( W (cid:31) m j b j Q j ) = W (cid:31) m a i = b j a i ( P i || Q j ) Finally, for ||| one simply adds extra equations: n CSP and the Algebraic Theory of Effects 23 ( W (cid:31) n m i = a i P i ) ||| l Q = W (cid:31) m i a i (( P i ||| l Q ) (cid:31) ( P i ||| r Q )) Q ||| r ( W (cid:31) n m i = a i P i ) = W (cid:31) m i a i (( Q ||| l P i ) (cid:31) ( Q ||| r P i )) To combine CSP with functional programming, specifically the computational l -calculus, we use the monad T CSP ( | , W ) for the denotational semantics. As remarkedabove, CSP processes then become terms of type empty . However, as the construc-tors are polymorphic, it is natural to go further and look for polymorphic versionsof the deconstructors. We therefore add polymorphic constructs to l c as follows: Constructors M : s N : s M ⊓ N : s M : s a → M : s W : s Unary Deconstructors M : s f ( M ) : s M : s M \ a : s for any relabelling function f , and any a ∈ A . (One should really restrict the allow-able relabelling functions in order to keep the syntax finitary.) Binary Deconstructors M : s N : s M (cid:31) N : s M : s N : t M || N : s × t M : s N : t M ||| N : s × t The idea of the two parallel constructs is to evaluate the two terms in parallel andthen return the pair of the two values produced. We did not include syntax for thetwo deterministic choice constructors as they are definable from a → − and W withthe aid of the (cid:31) deconstructor.For the denotational semantics, the semantics of types is given as usual usingthe monad T CSP ( | , W ) , which we know exists by the general considerations of Sec-tion 2. These general considerations also yield a semantics for the constructors. Forexample, for every set X we have the map: ⊓ X : T CSP ( | , W ) ( X ) → T CSP ( | , W ) ( X ) which we can use for X = [[ s ]] to interpret terms M ⊓ N : s .The homomorphic point of view also leads to an interpretation of the unary de-constructors, but using free algebras rather than just the initial one. For example, for relabelling by f we need a function: h Rl : T CSP ( | , W ) ( X ) → T CSP ( | , W ) ( X ) We obtain this as the unique homomorphism extending the unit h X : X → T CSP ( | , W ) ( X ) ,equipping T CSP ( | , W ) ( X ) with the algebra structure A = ( T CSP ( | , W ) ( X ) , ⊓ A , e A , e W A ) where x ⊓ A y = x ⊓ X y for x , y ∈ T CSP ( | , W ) ( X ) , ( e ~ a ) A ( x , . . . , x n ) = ( e f ( ~ a ) ) X ( x , . . . , x n ) and ( e W ~ a ) A ( x , . . . , x n ) = ( e W f ( ~ a ) ) X ( x , . . . , x n ) Concealment −\ a can be treated analogously, but now following the treatmentin the case of F df , and defining A by: x ⊓ A y = x ⊓ X y for x , y ∈ T CSP ( | , W ) ( X ) , ( e ~ a ) A ( x , . . . , x n ) = (cid:26) x j ⊓ ( W (cid:31) e i = j a i x i ) ( if a = a j , where1 ≤ j ≤ n ) e ni = a i x i ( if a = any a i ) and ( e W ~ a ) A ( x , . . . , x n ) = (cid:26) x j ⊓ ( W (cid:31) e i = j a i x i ) ( if a = a j , where1 ≤ j ≤ n ) W (cid:31) e ni = a i x i ( if a = any a i ) We here again make use of the deterministic choice operator made available by thepresence of W .However, we cannot, of course, carry this on to binary deconstructors as we haveno general algebraic treatment of them. We proceed instead by giving a concretedefinition of them (and the other constructors and deconstructors). That is, we givean explicit description of the free CSP ( | , W ) -algebra on a set X and define our oper-ators in terms of that representation.An X-trace is a pair ( w , x ) , where w ∈ A ∗ and x ∈ X ; it is generally more sug-gestive to write ( w , x ) as wx . For any relabelling function f , we set f ( wx ) = f ( w ) x ,and, for any a ∈ A , we set wx \ a = ( w \ a ) x . An X-process is a pair ( T , F ) with T aset of traces as well as X -traces, and F a set of failure pairs, satisfying the same fiveconditions as in Section 6, together with:2 ′ wx ∈ T ⇒ w ∈ T (for x ∈ X )The CSP operators are defined on X -processes exactly as before, except that thetwo parallel operators now have more general types: || X , Y , ||| X , Y : T CSP ( | , W ) ( X ) × T CSP ( | , W ) ( Y ) → T CSP ( | , W ) ( X × Y ) n CSP and the Algebraic Theory of Effects 25 We take fut P ( w ) : = { a ∈ A | wa ∈ T P } , as before. W T ( X ) = { e } W R ( X ) = /0 Stop T ( X ) = { e } Stop R ( X ) = { ( e , W ) | W ⊆ A } a → T ( X ) P = { e } ∪ { aw | w ∈ T P } a → R ( X ) P = { ( e , W ) | a / ∈ W } ∪ { ( aw , W ) | ( w , W ) ∈ F P } P ⊓ T ( X ) Q = T P ∪ T Q P ⊓ R ( X ) Q = F P ∪ F Q P (cid:31) T ( X ) Q = T P ∪ T Q P (cid:31) R ( X ) Q = { ( e , W ) | ( e , W ) ∈ F P ∩ F Q } ∪ { ( w , W ) | w = e , ( w , W ) ∈ F P ∪ F Q } f T ( X ) ( P ) = { f ( w ) | w ∈ T P } f R ( X ) ( P ) = { ( f ( w ) , W ) | ( w , f − ( W ) ∩ fut P ( w )) ∈ F P } P \ T ( X ) a = { w \ a | w ∈ T P } P \ R ( X ) a = { ( w \ a , W ) | ( w , W ∪ { a } ) ∈ F P } P || T ( X , Y ) Q = { w | w ∈ T P ∩ T Q ∩ A ∗ } ∪ { w ( x , y ) | wx ∈ T P , wy ∈ T Q } P || R ( X , Y ) Q = { ( w , W ∪ V ) | ( w , W ) ∈ F P , ( w , V ) ∈ F Q } P ||| T ( X , Y ) Q = { w | u ∈ T P ∩ A ∗ , v ∈ T Q ∩ A ∗ , w ∈ u | v } ∪{ w ( x , y ) | ux ∈ T P , vy ∈ T Q , w ∈ u | v } P ||| R ( X , Y ) Q = { ( w , W ) | ( u , W ) ∈ F P , ( v , W ) ∈ F Q , w ∈ u | v } Here, much as before, we write P op F ( X ) Q = ( P op T ( X ) Q , P op R ( X ) Q ) when defin-ing the CSP operators on X -processes. The X -processes also form the carrier of aCSP ( | , W ) -algebra F d ( X ) , with the operators defined as follows: P ⊓ T d ( X ) Q = T P ∪ T Q P ⊓ R d ( X ) Q = F P ∪ F Q ( e W ~ a ) T d ( X ) ( P , . . . , P n ) = { e } ∪ { a i w | w ∈ T P i } ( e W ~ a ) R d ( X ) ( P , . . . , P n ) = { ( a i w , W ) | ( w , W ) ∈ F P i } ( e ~ a ) T d ( X ) ( P , . . . , P n ) = { e } ∪ { a i w | w ∈ T P i } ( e ~ a ) R d ( X ) ( P , . . . , P n ) = { ( e , W ) | W ∩ { a , . . . , a n } = /0 } ∪{ ( a i w , W ) | ( w , W ) ∈ F P i } The finitary X -processes are those with a finite set of traces and X -traces; they formthe carrier of a CSP ( | , W ) -algebra F df ( X ) .We now show that F df ( X ) is the free CSP ( | , W ) -algebra over X . As is wellknown, the free algebra of a theory Th over a set X is the same as the initial al-gebra of the theory Th + obtained by extending Th with constants x for each x ∈ X but without changing the axioms. The unit map h : X → T Th ( X ) sends x ∈ X to thedenotation of x in the initial algebra. We therefore show that F df ( X ) , extended to aCSP ( | , W ) + -algebra by taking [[ x ]] = ( { x } , /0 ) ( for x ∈ X ) is the initial CSP ( | , W ) + -algebra. We begin by looking at definability. Lemma 7.1.
The finitary X-processes are those definable by closed
CSP ( | , W ) + terms.Proof. The proof goes just as the one for Lemma 6.2, using that Lemma 6.1 appliesjust as well to finitary X -processes, but this time we have P = l i m a ∈ V i a → P a ⊓ W (cid:31) m a ∈ T P a → P a ⊓ l x ∈ T P x ⊓⊔ Next, we say that a closed CSP ( | , W ) + -term t is in normal form if it is has one ofthe following two forms: l L ∈ L m a ∈ L at a ⊓ l x ∈ J x or W (cid:31) m a ∈ K at a ! ⊓ l x ∈ J x where, as appropriate, L is a finite non-empty saturated collection of finite sets ofactions, J ⊆ fin X , K ⊆ fin A , and each term t a is in normal form. Lemma 7.2.
Two normal forms are identical if they have the same denotation in F df ( X ) .Proof. Consider two normal forms with the same denotation in F df ( X ) , say ( T , F ) .As ( e , /0 ) ∈ F iff F is the denotation of a normal form of the first form (rather thanthe second), both normal forms must be of the same form. Thus, there are two casesto consider, the first of which concerns two forms: l L ∈ L m a ∈ L at a ⊓ l x ∈ J x l L ′ ∈ L ′ m a ′ ∈ L ′ a ′ t ′ a ′ ⊓ l x ∈ J ′ x We argue by induction on the sum of the sizes of the two normal forms. We evidentlyhave that J = J ′ . Next, if a ∈ S L then a ∈ T and so a ∈ S L ′ ; we therefore havethat S L ⊆ S L ′ . Now, if L ∈ L then ( e , ( S L ′ ) \ L ) ∈ F ; so for some L ′ ∈ L we have L ′ ∩ (( S L ′ ) \ L ) = /0, and so L ′ ⊆ L . As L ′ is saturated, it follows by theprevious remark that L ∈ L ′ . So we have the inclusion L ⊆ L ′ and then, arguingsymmetrically, equality.Finally, the denotations of t a and t ′ a , for a ∈ S L = S L ′ are the same, as theyare determined by T and F , being { w | aw ∈ T } and { ( w , W ) | ( aw , W ) ∈ F } , andthe argument concludes, using the inductive hypothesis.The other case concerns normal forms: W (cid:31) m a ∈ K at a ! ⊓ l x ∈ J x W (cid:31) m a ′ ∈ K ′ a ′ t ′ a ! ⊓ l x ∈ J ′ x Much as before we find J = J ′ , K = K ′ , and t a = t a for a ∈ K . ⊓⊔ n CSP and the Algebraic Theory of Effects 27 Lemma 7.3.
CSP ( | , W ) + is ground complete with respect to F df ( X ) .Proof. As before, a straightforward induction shows that every term has a normalform, and then completeness follows by Lemma 7.2. ⊓⊔ Theorem 7.4.
The algebra F df ( X ) is the free CSP ( | , W ) -algebra over X.Proof. It follows from Lemmas 7.1 and 7.3 that F df ( X ) + is the initial CSP ( | , W ) + -algebra. ⊓⊔ As with any finitary equational theory, CSP ( | , W ) is equationally complete withrespect to F df ( X ) when X is infinite. It is not difficult to go a little further and showthat this also holds when X is only required to be non-empty, and, even, if A isinfinite, when it is empty.Now that we have an explicit representation of the free CSP ( | , W ) -monad in termsof X -processes, we indicate how to use it to give the semantics of the computational l -calculus. First we need the structure of the monad. As we know from the above,the unit h X : X → T CSP ( | , W ) ( X ) is the map x ( { x } , /0 ) . Next, we need the homo-morphic extension g † : F df ( X ) → F df ( Y ) of a given map g : X → F df ( Y ) , i.e., theunique such homomorphism making the following diagram commute: XT CSP ( | , W ) ( X ) h X ❄ g † ✲ T CSP ( | , W ) ( Y ) g ✲ This is given by: ( g † ( P )) T = { v | v ∈ T P ∩ A ∗ } ∪ { vw | vx ∈ T P , w ∈ g ( x ) T } ( g † ( P )) R = { ( v , V ) ∈ F P } ∪ { ( vw , W ) | vx ∈ T P , ( w , W ) ∈ g ( x ) R } As regards the constructors and deconstructors, we have already given explicitrepresentations of them as functions over (finitary) X -processes. We have also al-ready given homomorphic treatments of the unary deconstructors. We finally givetreatments of the binary deconstructors as unique solutions to equations, along sim-ilar lines to their treatment in the case of F df . Observe that: ( e ~ a ) X ( P , . . . , P n ) = a P (cid:31) X a P (cid:31) X . . . (cid:31) X a n P n ( e W ~ a ) X ( P , . . . , P n ) = W (cid:31) X a P (cid:31) X a P (cid:31) X . . . (cid:31) X a n P n Using this, one finds that (cid:31) X , (cid:31) W , a ... a n X and (cid:31) a ... a n X , the latter defined as in equa-tion (9), are the unique functions which satisfy the evident analogues of equa-tions (8) together with, making another use of the form of external choice madeavailable by W : h ( x ) (cid:31) P = h ( x ) ⊓ X ( W (cid:31) P ) and ( P , . . . , P n ) (cid:31) a ... a n h ( x ) = ( e W ~ a ) X ( P , . . . , P n ) ⊓ X h ( x )( P , . . . , P n ) (cid:31) W , a ... a n h ( x ) = ( e W ~ a ) X ( P , . . . , P n ) ⊓ X h ( x ) As regards concurrency, we define || X , Y : T CSP ( | , W ) ( X ) × T CSP ( | , W ) ( Y ) → T CSP ( | , W ) ( X × Y ) together with functions || a ... a n X , Y : T CSP ( | , W ) ( X ) n × T CSP ( | , W ) ( Y ) → T CSP ( | , W ) ( X × Y ) || W , a ... a n X , Y : T CSP ( | , W ) ( X ) n × T CSP ( | , W ) ( Y ) → T CSP ( | , W ) ( X × Y ) || xX , Y : T CSP ( | , W ) ( Y ) → T CSP ( | , W ) ( X × Y ) where the a i ∈ A are all different, and x ∈ X , by the analogues of equations (10)above, together with: h ( x ) || Q = || x ( Q ) || x ( P ⊓ Q ) = || x ( P ) ⊓ || x ( Q ) || x ( e ni = a i P i ) = W || x ( W (cid:31) e ni = a i P i ) = W || x ( h ( y )) = h (( x , y ))( P , . . . , P n ) || a ... a n h ( x ) = W ( P , . . . , P n ) || W , a ... a n h ( x ) = W Much as before, the equations have a unique solution, with the || component being || X , Y .As regards interleaving, we define ||| lX , Y , ||| rX , Y : T CSP ( | , W ) ( X ) × T CSP ( | , W ) ( Y ) → T CSP ( | , W ) ( X × Y ) by: P ||| l T df ( X , Y ) Q = { e } ∪ { w | u ∈ T P ∩ A ∗ , v ∈ T Q ∩ A ∗ , w ∈ u | l v } ∪{ w ( x , y ) | ux ∈ T P , vy ∈ T Q , w ∈ u | l v ∨ ( u = v = w = e ) } P ||| l R df ( X , Y ) Q = { ( e , W ) | ( e , W ) ∈ F P } ∪{ ( w , W ) | ( u , W ) ∈ F P , ( v , W ) ∈ F Q , w ∈ u | l v } P ||| rX , Y Q = Q ||| lY , X P One has that: P ||| X , Y Q = P ||| lX , Y Q (cid:31) P ||| rX , Y Q n CSP and the Algebraic Theory of Effects 29 and that ||| lX , Y , ||| rX , Y are components of the unique solutions to the analogues ofequations (11) above, together with: h ( x ) ||| l Q = ||| l , x ( Q ) ||| l , x ( P ⊓ Q ) = ||| l , x ( P ) ⊓ ||| l , x ( Q ) ||| l , x ( e ni = a i P i ) = W ||| l , x ( W (cid:31) e ni = a i P i ) = W ||| l , x ( h ( y )) = h ( x , y ) and corresponding equations for ||| r and ||| r , y .It would be interesting to check more completely which of the usual laws, asfound in, e.g., [BHR84, Hoa85, DeN85], the CSP operators at the level of freeCSP ( | , W ) -algebras obey. Note that some adjustments need to be made due to vary-ing types. For example, || is commutative, which here means that the followingequation holds: T CSP ( | , W ) ( g X , Y )( P || X , Y Q ) = Q || Y , X P where g : X × Y → Y × X is the commutativity map ( x , y ) ( y , x ) . As remarked in the introduction, termination and sequencing are available in a stan-dard way for terms of type unit . Syntactically, we regard skip as an abbreviationfor ∗ and M ; N as one for ( l x : unit . N )( M ) where x does not occur free in N ; se-mantically, we have a corresponding element of, and binary operator over, the freeCSP ( | , W ) -algebra on the one-point set.Let us use these ideas to treat CSP extended with termination and sequencing.We work with the finitary { X } -processes representation of T CSP ( | , W ) ( { X } ) . Then,following the above prescription, termination and sequencing are given by: SKIP = { X } P ; Q = ( x ∈ { X } 7→ Q ) † ( P ) For general reasons, termination and sequencing, so-defined, form a monoid andsequencing commutes with all constructors in its first argument. For example wehave that: n m i = a i ( P i ; Q ) = ( n m i = a i P i ) ; Q Composition further commutes with ⊓ in its second argument.The deconstructors are defined as above except that in the case of the concur-rency operators one has to adjust || { X } , { X } and ||| { X } , { X } so that they remain withinthe world of the { X } -processes; this can be done by postcomposing them with theevident bijection between { X } × { X } -processes and { X } -processes, and all this restricts to the finitary processes. Alternatively one can directly consider these ad-justed operators as deconstructors over the (finitary) { X } -processes.The { X } -processes are essentially the elements of the stable failures modelof [Ros98]. More precisely, one can define a bijection from Roscoe’s model to our { X } -processes by setting q ( T , F ) = ( T , F ′ ) where F ′ = { ( w , W ) ∈ A ∗ × P ( A ) | ( w , W ∪ { X } ) ∈ F } The inverse of q sends F ′ to the set: { ( w , W ) , ( w , W ∪ { X } ) | ( w , W ) ∈ F ′ } ∪{ ( w , W ) | w X ∈ T ∧ W ⊆ A } ∪ { ( w X , W ) | w X ∈ T ∧ W ∈ A ∪ { X }} and is a homomorphism between all our operators, whether constructors, decon-structors, termination, or sequencing (suitably defined), and the corresponding onesdefined for Roscoe’s model. We have shown the possibility of a principled combination of CSP and functionalprogramming from the viewpoint of the algebraic theory of effects. The main miss-ing ingredient is an algebraic treatment of binary deconstructors, although we wereable to partially circumvent that by giving explicit definitions of them. Also missingare a logic for proving properties of these deconstructors, an operational semantics,and a treatment that includes recursion.As regards a logic, it may prove possible to adapt the logical ideas of [PPr08,PPr09] to handle binary deconstructors; the main proof principle would then be thatof computation induction , that if a proposition holds for all ‘values’ (i.e., elementsof a given set X ) and if it holds for the applications of each constructor to any given‘computations’ (i.e., elements of T ( X ) ) for which it is assumed to hold, then it holdsfor all computations. We do not anticipate any difficulty in giving an operationalsemantics for the above combination of the computational l -calculus and CSP andproving an adequacy theorem.To treat recursion algebraically, one passes from equational theories to inequa-tional theories Th (inequations have the form t ≤ u , for terms t , u in a given signature S ); inequational theories can include equations, regarding an equation as two evi-dent inequations. There is a natural inequational logic for deducing consequencesof the axioms: one simply drops symmetry from the logic for equations [Blo76].Then S -algebras and Th-algebras are taken in the category of w -cpos and continu-ous functions, a free algebra monad always exists, just as in the case of sets, and thelogic is complete for the class of such algebras. One includes a divergence constant W in the signature and the axiom W ≤ x n CSP and the Algebraic Theory of Effects 31 so that Th-algebras always have a least element. Recursive definitions are then mod-elled by least fixed-points in the usual way. See [HPP06, Plo06] for some furtherexplanations.The three classical powerdomains: convex (aka Plotkin), lower (aka Hoare) andupper (aka Smyth) provide a useful illustration of these ideas [GHK03, HPP06].One takes as signature a binary operation symbol ⊓ , to retain notational consistencywith the present paper (a more neutral symbol, such as ∪ , is normally used instead),and the constant W ; one takes the theory to be that ⊓ is a semilattice (meaning, asbefore, that associativity, commutativity and idempotence hold) and that, as givenabove, W is the least element with respect to the ordering ≤ . This gives an algebraicaccount of the convex powerdomain.If one adds that W is the zero of the semilattice (which is equivalent, in the presentcontext, to the inequation x ≤ x ⊓ y ) one obtains instead an algebraic account ofthe lower powerdomain. One then further has the notationally counterintuitive factsthat x ≤ y is equivalent to y ⊑ x , with ⊑ defined as in Section 3, and that x ⊓ y isthe supremum of x and y with respect to ≤ ; in models, ≤ typically corresponds tosubset. It would be more natural in this case to use the dual order to ⊑ and to write ⊔ instead of ⊓ , when we would be dealing with a join-semilattice with a least elementwhose order coincides with ≤ .If one adds instead that x ⊓ y ≤ x , one obtains an algebraic account of the upperpowerdomain. One now has that x ≤ y is equivalent in this context to x ⊑ y , that x ⊓ y is the greatest lower bound of x and y , and that x ⊓ W = W (but this latter fact is notequivalent in inequational logic to x ⊓ y ≤ x ); in models, ≤ typically corresponds tosuperset. The notations ⊓ and ⊑ are therefore more intuitive in the upper case, andthere one has a meet-semilattice with a least element whose order coincides with ≤ .It will be clear from these considerations that the stable failures model fits intothe pattern of the lower powerdomain and that the failures/divergences model fitsinto the pattern of the upper powerdomain. In the case of the stable failures modelit is natural, in the light of the above considerations, to take Th to be CSP ( | , W ) together with the axiom W ≤ x . The X -processes with countably many traces pre-sumably form the free algebra over X , considered as a discrete w -cpo; one shouldalso characterise more general cases than discrete w -cpos.One should also investigate whether a fragment of the failures/divergences modelforms the initial model of an appropriate theory, and look at the free models ofsuch a theory. The theory might well be found by analogy with our work on thestable failures model, substituting (12) for (13) and, perhaps, using the mixed-choiceconstructor, defined below, to overcome any difficulties with the deconstructors. Onewould expect the initial model to contain only finitely-generable processes, meaningthose which, at any trace, either branch finitely or diverge (and see the discussionin [Ros98]).Our initial division of our selection of CSP operators into constructors and de-constructors was natural, although it turned out that a somewhat different division,with ‘restricted’ constructors, resulted in what seemed to be a better analysis (wewere not able to rule out the possibility that there are alternative, indirect, defini-tions of the deconstructors with the original choice of constructors). One of these restricted constructors was a deterministic choice operator making use of the di-vergence constant W . There should surely, however, also be a development withoutdivergence that allows the interpretation of the combination of CSP and functionalprogramming.We were, however, not able to do this using CSP ( | ) : the free algebra does notseem to support a suitable definition of concealment, whether defined directly orvia a homomorphism. For example a straightforward extension of the homomorphictreatment of concealment in the case of the initial algebra (cf. Section 5) would give ( a . x (cid:31) b . Stop ) \ a = x ⊓ ( x (cid:31) b . Stop ) However, our approach requires the right-hand side to be equivalent to a term builtfrom constructors only, but no natural candidates came forward—all choices thatcame to mind lead to unwanted identifications.We conjecture that, taking instead, as constructor, a mixed-choice operator of theform: m i a i . x i where each a i is either an action or t , would lead to a satisfactory theory. This newoperator is given by the equation: m i a i . x i = l a i = t x i ⊓ m a i = t x i (cid:31) m a i = t a i . x i and there is a homomorphic relationship with concealment: ( m i a i . x i ) \ a = m i ( a i \ a ) . ( x i \ a ) (with the evident understanding of a i \ a ). Note that in the stable failures model wehave the equation: m i a i . x i = l a i = t x i ⊓ W (cid:31) m a i = t a i . x i which is presumably why the deterministic choice operator available in the presenceof W played so central a rˆole there.In a different direction, one might also ask if there is some problem if we alterna-tively take an extended set of operators as constructors. For example, why not addrelabelling with its equations to the axioms? As the axioms inductively determinerelabelling on the finitary refusal sets model, that would still be the initial algebra,and the same holds if we add any of the other operators we have taken as decon-structors. n CSP and the Algebraic Theory of Effects 33 However, the X -refusal sets would not longer be the free algebra, as there wouldbe extra elements, such as f ( x ) for x ∈ X , where f is a relabelling function. Wewould also get some undesired equations holding between terms of the computa-tional l -calculus. For any n -ary constructor op and evaluation context E [ − ] , onehas in the monadic semantics: E [ op ( M , . . . , M n )] = op ( E [ M ] , . . . , E [ M n ]) So one would have E [ f ( M )] = f ( E [ M ]) if one took relabelling as a constructor,and, as another example, one would have E [ M || N ] = E [ M ] || E [ N ] if one took theconcurrency operator as a constructor.It will be clear to the reader that, in principle, one can investigate other processcalculi and their combination with functional programming in a similar way. For ex-ample for Milner’s CCS [Mil80] one could take action prefix (with names, conamesand t ) together with NIL and the sum operator as constructors, and as axioms thatwe have a semilattice with a zero, for strong bisimulation, together with the usual t -laws, if we additionally wish to consider weak bisimulation. The deconstructorswould be renaming, hiding, and parallel, and all should have suitable polymorphicversions in the functional programming context. Other process calculi such as the p -calculus [SW03, Sta08], or even the stochastic p -calculus [Pri95, KS08], mightbe dealt with similarly. In much the same way, one could combine parallelism witha global store with functional programming, following the algebraic account of theresumptions monad [HPP06, AP09] where the constructors are the two standardones for global store [PP02], a nondeterministic choice operation, and a unary ‘sus-pension’ operation.A well-known feature of the monadic approach [HPP06] is that it is often pos-sible to combine different effects in a modular way. For example, the global side-effects monad is ( S × − ) S where S is a suitable set of states. A common combinationof it with another monad T is the monad T ( S × − ) S . So, taking T = T CSP ( | ) , for ex-ample, we get a combination of CSP with global side-effects.As another example, given a monoid M , one has the M -action monad M × − which supports a unary M -action effect constructor m . − , parameterised by elements m of the monoid. One might use this monad to model the passage of time, taking M to be, for example, the monoid of the natural numbers IN under addition. A suit-able combination of this monad with ones for CSP may yield helpful analyses oftimed CSP [RR99, OS06], with Wait n ; − given by the IN-action effect constructor.We therefore have a very rich space of possible combinations of process calculi,functional programming and other effects, and we hope that some of these proveuseful.Finally, we note that there is no general account of how the equations used inthe algebraic theory of effects arise. In such cases as global state, nondetermin-ism or probability, there are natural axioms and monads already available, and it isencouraging that the two are equivalent [PP02, HPP06]. One could investigate us-ing operational methods and behavioural equivalences to determine the equations,and it would be interesting to do so. Another approach is the use of ‘test alge- bras’ [SS06, KP09]. In the case of process calculi one naturally uses operationalmethods; however the resulting axioms may not be very modular, or very naturalmathematically, and, all in all, in this respect the situation is not satisfactory. References
AP09. M. Abadi & G. D. Plotkin, A model of cooperative threads,
Proc. POPL 2009 (eds.Z. Shao & B. C. Pierce), ACM Press, 29–40, 2009.AGM95. S. Abramsky, D. M. Gabbay & T. S. E. Maibaum (eds),
Handbook of Logic in ComputerScience (Vol. 1), Background: Mathematical Structures , Oxford University Press, 1995.BHM02. N. Benton, J. Hughes & E. Moggi, Monads and effects,
Proc. APPSEM 2000 , LNCS , 42–122, Springer, 2002.BK85. J. A. Bergstra & J. W. Klop, Algebra of communicating processes with abstraction,
Theor. Comput. Sci. , 77–121, 1985.BK86. J. A. Bergstra & J. W. Klop, Algebra of communicating processes, Proc. of the CWISymp. Math. and Comp. Sci. (eds. J. W. de Bakker, M. Hazewinkel & J. K. Lenstra),89–138, North-Holland, 1986.BKO87. J. A. Bergstra, J. W. Klop, & E.-R. Olderog, Failures without chaos: a new process se-mantics for fair abstraction.
Proc. of the th IFIP WG 2.2 working conference on FormalDescription of Programming Concepts (ed. M. Wirsing), 77–103, North-Holland, 1987.Blo76. S. L. Bloom, Varieties of ordered algebras,
J. Comput. Syst. Sci. , (2), 200–212, 1976.Bor94. F. Borceux, Handbook of Categorical Algebra 2 , Encyclopedia of Mathematics and itsApplications , Cambridge University Press, 1994.BHR84. S. D. Brookes, C. A. R. Hoare & A. W. Roscoe, A theory of communicating sequentialprocesses, J. ACM (3), 560–599, 1984.DeN85. R. De Nicola, Two complete axiom systems for a theory of communicating sequentialprocesses, Information and Control , 136–172, 1985.EFG08. K. Ebrahimi-Fard & L. Guo, Rota-Baxter algebras and dendriform algebras, Journal ofPure and Applied Algebra (2), 320–33, 2008.GHK03. G. Gierz, K. H. Hofmann, K. Keimel, J. D. Lawson, M. Mislove & D. S. Scott,
Con-tinuous Lattices and Domains , Encyclopedia of Mathematics and its Applications ,Cambridge University Press, 2003.Hoa85. C. A. R. Hoare, Communicating Sequential Processes , Prentice-Hall, 1985.HPP06. J. M. E. Hyland, G. D. Plotkin & A. J. Power, Combining effects: sum and tensor,Clifford Lectures and the Mathematical Foundations of Programming Semantics, (eds.S. Artemov and M. Mislove),
Theor. Comput. Sci. (1–3), 70–99, 2006.KP09. K. Keimel & G. D. Plotkin, Predicate transformers for extended probability and non-determinism,
Mathematical Structures in Computer Science (3), 501–539, CambridgeUniversity Press, 2009.KS08. B. Klin & V. Sassone, Structural operational semantics for stochastic process calculi, Proc. 11th. FoSSaCS (ed. R. M. Amadio), LNCS , 428–442, Springer, 2008.Mil80. A. J. R. G. Milner,
A Calculus of Communicating Systems , Springer, 1980.Mog89. E. Moggi, Computational lambda-calculus and monads,
Proc. 3rd. LICS , 14–23, IEEEPress, 1989.Mog91. E. Moggi, Notions of computation and monads,
Inf. & Comp. (1), 55–92, 1991.OS06. J. Ouaknine & S. Schneider, Timed CSP: a retrospective, Proceedings of the Workshop“Essays on Algebraic Process Calculi” (APC 25) , Electr. Notes Theor. Comput. Sci., , 273–276, 2006.Plo06. G. D. Plotkin, Some varieties of equational logic,
Essays Dedicated to Joseph A. Goguen (eds. K. Futatsugi, J.-P. Jouannaud & J. Meseguer), LNCS , 150–156, Springer,2006.n CSP and the Algebraic Theory of Effects 35PP02. G. D. Plotkin & A. J. Power, Notions of computation determine monads,
Proc. 5th.FOSSACS , LNCS , 342–356, Springer, 2002.PP04. G. D. Plotkin & A. J. Power, Computational effects and operations: an overview,
Proc.Workshop on Domains VI (eds. M. Escard´o and A. Jung),
Electr. Notes Theor. Comput.Sci. , 149–163, Elsevier, 2004.PPr08. G. D. Plotkin & M. Pretnar, A logic for algebraic effects, Proc. 23rd. LICS , 118-129,IEEE Press, 2008.PPr09. G. D. Plotkin & M. Pretnar, Handlers of algebraic effects,
Proc. 18th. ESOP , 80–94,2009.Pri95. C. Priami, Stochastic pi-calculus,
Comput. J. (7), 578–589, 1995.RR99. G. M. Reed & A. W. Roscoe, The timed failures-stability model for CSP, Theor. Comput.Sci. (1-2), 85-127, 1999.Ros94. A. W. Roscoe, Model-checking CSP,
A Classical Mind: Essays in Honour ofC. A. R. Hoare (ed. A. W. Roscoe), 353–337, Prentice-Hall, 1994.Ros98. A. W. Roscoe,
The Theory and Practice of Concurrency , Prentice Hall, 1998.SW03. D. Sangiorgi & D. Walker,
The p -Calculus: A Theory of Mobile Processes , CambridgeUniversity Press, 2003.Sca. B. Scattergood, The Semantics and Implementation of Machine-Readable CSP , D.PhilThesis, Oxford University, 1998.SS06. M. Schr¨oder & A. Simpson, Probabilistic observations and valuations (extended ab-stract),
Electr. Notes Theor. Comput. Sci. , 605–615, 2006.Sta08. I. Stark, Free-algebra models for the pi -calculus,
Theor. Comput. Sci. (2-3), 248–270, 2008.