Comparing cospan-spans and tiles via a Hoare-style process calculus1 1Research partly supported by the Italian MIUR Project Teoria della Concorrenza, Linguaggi di Ordine Superiore e Strutture di Tipi (TOSCA). Academic research paper on "Computer and information sciences"

URL: http://www.elsevier.nl/locate/entcs/volume62.html 20 pages

Comparing cospan-spans and tiles via a Hoare-style process calculus *

Fabio Gadduccia, Piergiulio Katisb, Ugo Montanaria, Nicoletta Sabadinib, Robert F.C. Waltersb

a Dipartimento di Informática, Universita di Pisa Corso Italia 40, 56125 Pisa, Italy. gadducci,ugo@di.unipi.it

b Facolta di Science MM. FF. NN., Universita dell'Insubria via Valleggio 11, I-22100 Como, Italy. Piergiulio.Katis,Nicoletta.Sabadini,Robert.Walters@uninsubria.it

Abstract

The large diffusion of concurrent and distributed systems has spawned in recent years a variety of new formalisms, equipped with features for supporting an easy specification of such systems. The aim of our note is to compare two recent formalisms for the design of concurrent and distributed systems, namely the tile logic and the cospan-span model. We first present a simple, yet rather expressive Hoare-style process algebra; then, after presenting the basics of both approaches, we compare them via their modeling of the calculus.

Key words: cospan-span approach; tile logic; process algebras;

concurrent, distributed and interactive systems.

1 Introduction

The advances in the growing field of languages for the specification of concurrent and distributed systems, and the difficulties in relating different calculi and special-purpose formalisms, clearly ask for the development of metaframeworks, where common aspects between different approaches can be factored out and exploited. But even at this level the task of reducing the complexity of these approaches into a unique meta-model is daunting, so that we should aim at providing suitable comparison results between meta-frameworks.

* Research partly supported by the Italian MIUR Project Teoria della Concorrenza, Lin-guaggi di Ordine Superiore e Strutture di Tipi (TOSCA).

©2002 Published by Elsevier Science B. V.

The cospan-span model of distributed systems was introduced in [14] (under the name of CP automata) as an algebra of transition systems/labelled graphs. The choice of operations was influenced by category theory, and the model is closely related to the automata of Arnold and Nivat [1]. The basic idea of the model is to represent a system by a graph of states and transitions, with extra structure required for capturing two fundamental operations on systems: parallel composition with communication requires interfaces, and sequential composition requires conditions.

The full expressiveness of the cospan-span model has yet to be understood. However the model includes the span model described in [13] which concerns finite automata constructed compositionally with communication-parallel operations. It also includes the circuit and sequential algorithm models of [12], which incorporate data types, and are Turing complete. The ability to express systems with changing geometry, and hence mobility, was described in [14]. Recursive equations in cospan-span were discussed in [15], together with further examples of mobility.

Tile logic [10] is a framework for the specification of rule-based systems, whose behaviour relies on the notions of synchronization and side-effects. The key idea is to enrich rewrite rules with an observation, carrying information on the possible behaviour of its arguments, that is, imposing a behavioural constraint to the terms to which it can be applied. The resulting formalism extends similar approaches such as rewriting logic [16], allowing for representing generic open configurations of interactive systems vnth coordination.

Space limitations prevent us to discuss the range of applications of the framework, so that we may just cite a few references. The characterisation of tile logic as an extension of the classical sos specification methodology for process algebras was already exploited in the original paper [10], while its application to calculi with name mobility and localities appears in [9]. An overview of its use with formalisms for concurrency, as well as a comparison with other rule-based frameworks (much in the spirit of the present article) can be found in [11]. The application to logic programming is reported in [7]. As for the properties of tile logic as a meta-framework, investigations have been carried out on ensuring that modularity properties are preserved by the specifications (i.e., that suitable behavioural equivalences are congruences if certain requirements on the format of the rules [3,8] are satisfied). The executability of tile specifications is guaranteed by their embedding into rewriting logic [5]. Finally, an higher-order extension of the framework has been proposed in [6].

A direct mapping between the cospan-span model and the tile logic would be rather cumbersome, since, on the one hand, the former focuses on the algebraic structure over states, with a denotational semantics flavour; whilst, on the other hand, the latter is a rule-based formalism focusing on a powerful inference mechanism for defining rewrites, hence transitions, with an operational semantics flavour.

We compare instead the two approaches by analysing their respective encodings of a Hoare-style process algebra, the spa (for span process algebra) calculus, that we are going to introduce. In spa, each process has a fixed set of channels; actions are allowed to occur simultaneously on all the channels of a process; asynchrony is modeled by the use of silent actions; communication is anonymous: the communication between two processes P and Q is described by operations which connect some of the ports of P to some of the ports of Q, possibly hiding them, and a process can only communicate with other processes via its channels; broadcasting, or synchronization of many processes, is presented as a derived operation, using special "diagonal" components.

The paper has the following structure. Section 2 introduces spa. Section 3 presents the basics of cospan-span model, and the denotational encoding of spa. Section 4 presents the basics of tile logic, and the operational encoding of spa. Finally, Section 5 compares the two approaches, illustrating a correspondence result between the respective encodings of spa.

2 A Hoare-style process calculus

We present a simple process calculus, using a Hoare-style semantics, that we denote as spa. As we will see, spa expressions will be built out of (among others) a summation operation, a non-communicating parallel operation, a (derived) family of communicating parallel operations, and recursion.

2.1 The construction of well-formed spa expressions

We will deal with vjell-formed expressions, considering also the channels occurring in a process as part of the specification.

Definition 2.1 (well-formed expressions) Given a countable set U = {A,B,...} of channels, a well-formed (process) expression is a pair P : a, for P a process (i.e, a term out of a signature, to be defined later on) and a a type, consisting of a finite set of channels (i.e., a C U).

Now we present the inference system defining the set P of well-formed, closed spa expressions. We begin by assuming the following data is given:

• for each channel A an infinite set LA of local actions which includes a specified element t, called the silent action;

• for each pair A, B of channels an isomorphism 0A,B : LA ^ LB preserving the silent action (and such that 0B,A = 0AXB and 0B,C o 0AB = 0A,C).

For each type a we denote by Acta its set of (global) actions: each action is a subset of LA containing exactly one element (called component action) for each channel A e a. The set Act of all possible actions, ranged over by ¡, is defined as ^acUActa. Now, the definition below jointly presents the set of processes P and of well-formed expressions P : a.

Definition 2.2 (well-formed expressions of spa) Let X = WaCuXa be a

set of variables. The set of processes ProcX and the set of vjell-formed spa expressions PX are jointly generated by the following set of axioms and rules

a C U x G Xa Pi : a, G Acta for i G I 0 : a x : a J2ieI Pi-Pi : a

a for $ relabeling ° ^ }

P[$] : $(aK (vA)P : a\{A}

P : a, Q : 7 , n ih

---— for a n 7 = 0

P\\Q : a U 7

P : a U{A,B} P : a, x G Xa

[B ^ A]P : (a\{B}) U {A} recx.P : a

For each type a, the set Va,X denotes those vjell-formed expressions of the

kind P : a. Then, Va and P denote the sub-sets of respectively Va,X and PX,

containing just closed expressions, i.e. those expressions P : a such that the

process P contains no free variables.

A few comments on the intended meaning of the operators are in order.

• Activity occurs simultaneously on each channel of a process: a well-formed expression P : a defines a transition system whose edges are labeled by actions p G Acta. Processes communicate via common channels.

• Asynchrony is modeled by silent actions; for instance, the expression {aA,bB,tc}-P : {A,B,C} represents a system that can perform an action {aA,bB,tc}: (the component action) a occurs on channel A, b occurs on channel B and nothing occurs on channel C.

• Given a bijection $ from U to itself, P[$] is obtained by substituting each component action aA with 0A,$(A)(aA).

• Summation will have the usual interpretation. Notice that the expression

Pi-Pi is well-formed if all the Pi's have the same type a, and all the actions pi's belong to Acta.

• We interpret hiding as masking component actions on a given channel (equivalently, as deleting that channel), but otherwise, differently from e.g. restriction operators, not preventing any transition.

• We interpret merging as requesting the fusion of one channel into another.

• The interpretation of P Q is that processes P and Q are operating in parallel and independently; in particular, they may execute actions simultaneously. They cannot synchronize, though, since we are not connecting any channel.

• Recursion is handled by an unfolding rule, replacing x in P with an instance of P itself.

2.2 Inference Rules for SPA

It is clear that for each non-deadlocked process P there is at most one-well well-formed expression P : a. Thus, we will sometimes drop the type from an expression, whenever this is not going to cause any confusion.

Definition 2.3 (operational semantics of spa) The spa transition system is the relation Tspa CPx Act x P inductively generated by the following set of axioms and inference rules

P -H Q

for $ relabeling

(Eiei li.Pi) Pi P[$] -H Q[$]

P P' T Q -H Q', R -H R'

for a e La

(vA)P -H (vA)P' (Q||R) (Q'|R')

-for b e Lb

P ^U{^B,A(b),b} P'

[B ^ A]P ^{b})-HBA{b)} [B ^ A]P' P [X / p] ^ > P'

recx' - for _[x/recx.P] capture avoiding substitution

P ^ > P'

where P -H Q means that {P, Q) e Ts

spa •

We say that a process P may execute the action ¡ and become Q if the transition {P,i,Q) e Tspa. No confusion may arise, since Tspa is obtained as the disjoint union of transition systems %'s: for each of them, the set of states is Pa, and transitions are labeled by actions ¡i e Acta.

2.3 Examples and derived operators 2.3.1 Communicating parallel

The intuitive interpretation of P * Q is that the two processes P and Q are operating in parallel, but the common channels among P and Q have been connected. That is, P can execute an action ¡i\ at the same time as Q can execute an action ¡i2 - but, for each channel A e (a f t), the component actions of h and ¡i2 must agree. Moreover, the operation has the effect of hiding the common channels.

Let P : a and Q : 7 be closed, well-formed expressions. If $ is a relabeling mapping each channel A e a f 7 into a channel $(A) e a U 7, the communicating parallel composition P *Q : (a U 7 )\(a f 7) is defined as

P*Q = (va f 7)[$(a f 7) ^ a f 7](P |(Q[$]))

where [$(af 7) ^ af 7] is just the application of [$(A) ^ A][$(B) ^ B]..., and (va f 7) of (vA)(vB)... for all A, B e a f 7.

2.3.2 Joining three processes

We define a few processes that are used later on.

The process AB,C, of type {A,B,C}, splits a channel, and it is defined as

= recx.^2 {a,^A,B (a),$A,c (a)}.x)

Instead, the process nB,C, of type {B,C}, just creates two component actions out of a silent action, and it is defined as nB,C = (vA)AB,C.

Let P : a1 U{A}, Q : a2U{B} and R : asU{C} be well-formed expressions, such that the ai's and {A}, {B}, {C} are mutually disjoint. Then, the well-formed expression

((P* AB,C) * (Q |R)) : ai U a2 U as

is to be thought of as a system formed by splitting the channel A into B and C, and then connecting it with the channels of the non-communicating parallel composition of Q and R. The result is that the channel A of the process P has been joined to the channels B and C of the processes Q and R, respectively. It is clear that to give a transition out of ((P* A^) * (Q|R)) is to give three

transitions P ^} P', Q (a)} Q and R (a)} R.

2.3.3 The Dining Philosophers

We give a well-formed expression intended to model an asynchronous variant of the dining philosophers system: other versions (where e.g. philosophers must pick up the left fork first) may be easily captured in the formalism. For the sake of simplicity, we assume that for each channel mentioned later on, its set of local actions contains {t, \, u}, and that those symbols are preserved by the 0's. The symbol \ denotes the action lock and the symbol u the action unlock. First, we describe the action of the left hand of a philosopher, as

PL = recx.(T.x + \.(recy.(T.y + u.x)))

so that the associated well-formed expression is PL : {L}; and, assuming that just swaps the channels L and R, then P = PL\\PR, for PR = PL[$R], with P : {L,R}. The philosopher may act concurrently, capturing (or releasing) two forks at once. Instead, each fork may be captured only by one philosopher at most, either on the right or on the left. So, if we consider the sub-processes

fl = {\i, tj}.(recy.({Ti, tj}.y + {ui, TJ}.x)) and, for the relabeling $J just swapping I and J, the process is

F = recx.({Ti, tj}.x + Fl + Fl[$j]) so that the associated well-formed expression is F : {I, J}.

So, the behaviour of a single philosopher is described by the process

DP1 = nLJ * (P*F[$R])

and the associated well-formed expression is DP\ : 0. Similarly, the description of the behaviour of two philosophers is given by the process

DP2 = nLMI) * ((P * F[$R]) * ((P * F[$?])[$]))

for the relabeling satisfying $(L) = I and $(I) a new channel (i.e., $(I) = L), and the associated well-formed expression is DP2 : 0. The effect of the n is to couple the left hand of the first philosopher to the rightmost fork of the other.

3 The cospan-span formalism

As mentioned in the Introduction, in the cospan-span model a system is represented by a graph of states and transitions, with extra structure required for capturing two operations on systems: parallel composition with communication requires interfaces, and sequential composition requires conditions.

We distinguish between left (often input) and right interfaces (often output ). An interface is represented by a labeling of the graph arcs (the transitions of the transition system) on a suitable alphabet: when an arc appears in the graph (i.e., a transition occurs in the transition system), the corresponding label occurs on the interface. Interfaces allow to describe both communicating and non-communicating parallel composition (restricted product denoted •, and free product denoted x) of transition systems; in both cases, a state is a pair of states, and a transition is a pair of transitions, one for each transition system, which agree (synchronize) on the common interface.

Very often the state space of a transition system decomposes into a disjoint sum of cases, usually relevant to activating (creating) or disactivating (destroying) sub-systems. Any such condition is a subset of the set of states and it represents states in which the configuration may change in a particular way. However it is crucial not to think of conditions just as either initial or terminal states. It may sound reasonable in sequential programming, but when there are several active processes, one of those may die in a particular terminal state while the others are in general active - that is, the global state of the system in which a change of configuration occurs is a terminal state in only one component. To permit a change of configuration in only one component of a system it is crucial to allow for the whole state space among both in-and out-conditions. With the structure of in- and out-conditions, the restricted sum (denoted +) of transition systems can be defined, which expresses the de-activation of the first transition system in one of its out-conditions, followed by the activation of the second in one of its in-conditions.

3.1 Graphs

A graph G is a set G0 of vertices and a set G1 of (directed) arcs, together with two functions d0,d1 : G1 ^ G0 which specify the source and target, respectively, of each arc. A morphism from G to H consists of a function from vertices to vertices, and a function from arcs to arcs which respects source and target; an isomorphism is a morphism for which both functions are bijections.1

3.2 Cospans of spans of graphs

Definition 3.1 A cospan of spans of graphs G (called for simplicity a transition systemj consists of a graph G, four sets X,Y,A,B and four functions

do : Gi ^ X, di : Gi ^ Y, 7o : A ^ Go, 7i : B ^ Go.

Both d0, d1 may be thought of as labeling the arcs of G in the alphabets X, Y, respectively, and in fact they may be considered to be graph morphisms from G to one vertex graphs. These labelings are used in the restricted product of two transition systems, the operation which expresses communicating parallel processes. Alternatively, one may think of the vertices and arcs of G as the states and transitions of the system, whereas the elements of X, Y are the transitions of the interfaces. We call X the left interface, and Y the right interface - transition systems communicate through these interfaces.

The set A represents a condition on the states in which the transition system may come into existence, and the set B a condition in which it may cease to exist. We call A the in-condition of the transition system, and B the out-condition. The functions 70,71 of a transition system will be used in the restricted sum of transition systems - an operation which expresses change of configuration of processes.

There is a useful diagrammatic representation of transition systems (see also [13]). For example, we represent a transition system with left interface U x V, right interface Z x W, in-condition D + E, and out-condition B, by

1 We shall use the following terminology: given two sets X and Y, their cartesian product is denoted X xY, and the projections prX : X xY ^ X, prY : X xY ^ Y; similarly, their sum (disjoint union) is denoted X + Y, and the injections inX : X ^ X + Y, inY : Y ^ X + Y.

For the sake of simplicity we often use the same names d0, d1,Y0, Y1 for the four functions of any transition system when there is no risk of confusion, or we drop them altogether, introducing instead further suffixes when clarification is needed. We use symbols X, Y, Z, U, V, W... for the (left and right) interfaces, and symbols A, B,C, D, E, F, I,... for the (in- and out-) conditions.

3.2.1 Parallel composition

Given two transition systems G = (G,X, Y,A,B) and H = (H,Y,Z, C, D), the restricted product (communicating parallel composition) of G and H, denoted G ■H, is the transition system whose set of vertices is G0 x H0 and whose set of arcs is that subset of G1 x H1 consisting of pairs of arcs (g, h) such that d1(g) = d0(h). The interfaces and conditions of G^H are X, Z,A x C,B x D; the four functions are

do,gm(g, h) = do,g (g), di,gm(g, h) = di>n(h), YogH = Yo,g x Yo,h , YigH = Yi,g x Yi,h .

Diagrammatically we represent the restricted product as follows

Closely related is the free product of transition systems. Given two transition systems G = (G, X, Y, A, B) and H = (H, Z, W, C, D), the free product (parallel composition with no communication) of G and H, denoted Gx H, is the transition system diagrammatically represented as follows

Ignoring functions Yo, Y1, the restricted product of transition systems is the span composition of [13] and the free product is the tensor product of the corresponding spans of graphs. See there for some examples of how these operations may be used to model concurrent systems.

3.2.2 Sums

Given two transition systems G = (G,X, Y,A,B) and H = (H,X, Y,B,C), the restricted sum (change of configuration) of G and H, denoted G + H, is the transition system diagrammatically represented as follows

The intended interpretation is that initially only the process G exists; when a state in B is reached the process G may die and the process H be created.

Similarly, given two transition systems G = (G,X,Y,A,B) and H = (H, X, Y, C, D), their unrestricted sum G®H=(G 0 H,X,Y,A + C,B + D) is obviously defined.

3.2.3 Feedbacks

Given a transition system G = (G, X x Y, Z x Y,A,B), the product feedback of G with respect to Y, denoted PfbY (G), is the transition system whose set of vertices is G0 and whose set of arcs is that subset of G1 consisting of arcs g such that (prY o d1)(g) = (prY o d0)(g). The interfaces and conditions of PfbY(G) are X, Z, A, B, with the four functions defined as follows:

do,pfby(g) = prx o do,g, di,pfbY(g) = prz ◦ dhg,

Yo,PfbY(G) = Yo,g, Yi,PfbY(G) = Yi,g.

Given a transition system G = (G, X,Y,A + B,C + B), the sum feedback of G with respect to B, denoted SfbB (G), is the transition system whose set of arcs is G1 and whose set of vertices is G0/ i.e, G0 quotiented by the relation (y1 o inB)(b) ~ (y0 o inB)(b) (for all b G B). The interfaces and conditions of SfbB (G) are X,Y,A and C, and the four functions are defined as follows:

d0,SfbB (G) = d0,G, d1,SfbB (G) = d1,G, 7o,SfbB (G) = Yo,G o in A, 7l,SfbB (G) = Yl,G o inc.

The diagrammatic representation of PfbY(G) involves joining the right interface Y to the left interface Y ; and, similarly, the diagrammatic representation of SfbB (G) involves joining the out-condition B to the in-condition B.

Remark 3.2 We described here only the principal operations, though there are a variety of useful special constants described in [13,14], including a diagonal component which allows synchronization between multiple components.

Notice also that clearly any finite graph labeled in X x Y may be obtained as an expression using only the sum operations of the cospan-span model in constant graphs which have at most three states and at most one transition. Further any expression in the cospan-span model involving finite constants is again a finite transition system. To describe infinite transition systems recursive equations over cospan-span expressions must be added, see e.g. [15].

3.3 Denotational encoding of spa

We present a denotational semantics of well-formed expressions, by means of (labeled, directed) graphs. We actually encode processes into a sub-class of graphs, often denoted in the literature as graphs with no 'horizontal sharing' (i.e., such that between two nodes there is at most one cycle-free path).

We first need an assumption: since spa does not make an a priori choice of left and right channels (which results in the main operation being, in engineering terms, 'soldering' rather than 'series composition') we arbitrarily choose of taking all channels to be on the left.

We denote the semantics of a well-formed expression P : a by Sem(P): it represents a (possibly cyclic) graph, whose arcs are labeled on the left by tuples of actions as indicated by the inference rules and on the right by t . We view Sem(P) as a transition system labeled by Aea La) x {t}, with in-condition the root vertex, and out-condition the set of free variables in P.

In order to define the mapping, we need to choose some constants. First, for sets: Sa is the set J}Aea LA, for each a type. Then, for transition systems: T^ is the transition system with two states and a transition labelled (^,t) among them (and {0} as the obvious in- and out-condition); projA is the transition system with one state and | LA x Bea LB) | transitions, with transition (a,b1,..., bn) labeled on the left by (b1,..., bn) and on the right by (a,b1,...,bn); 2 the transition system nA has one state and | LA | transitions, with a labeled on the left by t, and on the right by (a, a).

We may now describe the operators of spa in terms of the operations of the cospan-span model. It is clear that only a restricted version of recursion is codeable in the basic operations of the cospan-span formalism: The deno-tational encoding Sem : SVX ^ G maps each well-formed expression with sequential recursion (i.e., an expression where a free variable may occur only in the scope of either a summation or a recursion operator) into a transition system with {0} as in-condition, {t} as right interface and Sa as left-interface.

2 That is, projA has fewer channels on the left than on the right, and will be used to cut channels: we have just represented the projection function A x Bea B) ^ dlBea B) as a transition system. In a similar way any finite relation, including the relabeling isomorphisms, and the opposite relation AA of the diagonal function, may be represented as a transition system with only one state - we will use the same name for the relation and the corresponding transition system.

Definition 3.3 (model mapping) The encoding Sem : SPX is inductively defined by the following set of of inference rules.

(i) Let a be a set of channels. Then

Sem(0 : a) = ({0}, , {t}, {0}, 0) Sem(x : a) = ({x}, , {t}, {0}, {x}).

(ii) Let Pi : a for i E I be well-formed expressions, and Hi for i E I be actions for the channels in a. Then

Sem(J] HiPi) = Di + (Tw + Sem(Pi)),

where DI is the transition system vnth one state, {0} as in-condition and "Yhi^{0} as out-conditions, and ®ieI(T^. + Sem(Pi)) is the transition system obtained by the unrestricted sum of the + Sem(Pi) 's, vnth the free variables of the processes as out-conditions.3

(iii) Let P : a U {A} be a well-formed, closed expression. Then

Sem((^A)P) = projA • Sem(P).

(iv) Let P : a U {A,B} be a well-formed, closed expression. Then

Sem([B ^ A]P) = PfM(AA x vb) • (Sem(P) x fa,a)).

(v) Let P : a and Q : p be well-formed, closed expressions. Then

Sem(P ||Q) = Sem(P) x Sem(Q).

(vi) Let P : a be a ujell-formed expression. Then

Sem(recx.P) = Sfbw(({0}, 5,, {t}, {0} + {x}, {0}) + Sem(P)).

It is clear that the graph associated to a well-formed expression P : a is not isomorphic to the fragment of the transition system T, reachable from P. Nevertheless, a tight correspondence holds among the two models.

Proposition 3.4 (model correspondence) Let P be a closed process with sequential recursion, and P : a a ujell-formed expression. Then Sem(P) and the fragment of T, reachable from P are trace equivalent.

The proof is given by induction, defining a mapping from Sem(P) to T, that coalesces nodes corresponding to different instances of the same process.

3 Of course, note that the collapsing of some nodes is required: we leave to the reader the task of providing the additional constants needed for performing such a collapsing.

4 The tile logic

4.1 Building States

We introduce an inductive presentation for Conway theories (see e.g. in [2] for their definition). With respect to the better-known algebraic theories, they are equipped with a parametric operator, j, allowing to capture also recursive definitions. We spell out only the definition for one-sorted signatures, with (underlined) natural numbers as sorts, the general instance of many-sorted being a straightforward extension.

Our presentation of Conway theories is original, even if it relies on similar descriptions for algebraic and weaker theories [4]. Some of them are mentioned later on, and used for our encoding of spa at the end of the section.

Definition 4.1 (Conway theories) Let E be a one-sorted signature. The set of arrows of the Conway theory C(E) is generated by the inference rules

f E En,m .. s : n — m,t : — mL (generators) —- (pairing)

f : n — m s 0 t : n + n' — m + m'

..s n E N , .. . s : n — m,t : m — k

(identities) —--(composition) ---

idn : n — n s; t : n — k

(duplicators) n E N (dischargers) n E N

Vn : n — n + n !n : n — 0

n,m E N s : n + m — m

(permutations) - (dagger) ---

pn,m : n + m — m + n sT : n — m

Moreover, the composition operator is associative, the pairing operator is associative with ido the neutral element of the resulting monoid of arrows, and the monoidality axiom idn+m — idn 0 idm holds for all n,m E N. In addition, the monoid of arrows satisfies the functoriality axiom (s 0 t); (s' 0 t') = (s; s') 0 (t; t') (whenever both sides are defined) and the identity axiom idn; s — s = s; idm for all s : n — m; the monoidality axioms

!o = Vo = Po,o = ido Pn+m,l_ = (idn 0 Pm,l) (Pn,l 0 idm)

!n+m !n 0 !m V n®m (Vn

0V ); (idn 0 pn,m 0 idm)

for all n,m,l E N; the coherence axioms

V„; (idn 0 Vn) — V„; (Vn 0 idn) V

Vn; (idn0!n) idn pn,m; pm,n idn 0 idm

for all n,m E N; the naturality axioms

(s 0 t); pmk - Pn,i;(t 0 s) s; Vm - V„;(s 0 s) s;!m -!n

for all s : n — m,t : I — k; and finally, the Conway axioms

((s 0 idm); t)t = s; tt (wt)t = ((id„ 0 Vm); u)t

(Vi+n; (idi_0!n 0 v); w)t = (Vt_; (idi_ 0 (Vi+m; (idi_0!m 0 w); v)t); w)

for all s : n — I, t : l + m — m, u : n + m + m — m, v : l + n — m, w : l + m — n.

We refer to graph theories G(£) for the arrows obtained by using only the generators, pairing and identities rules; to monoidal theories M(£) if the composition rule is added; and to algebraic theories A(£) if all rules, except for dagger, are considered.

A Conway theory C(£) is just an instance of a monoidal category. It can be considered as categorical folklore the fact that the cartesian product canon-ically induces a monoidal product, together with a family of natural transformations, often denoted as diagonals and projections. Then, our definitions of Conway and algebraic theories are equivalent to the standard ones: a classical result relates algebraic theories and the usual term algebra construction.

Proposition 4.2 (algebraic theories and term algebras) Given a one-sorted signature £, for all n,m E N there exists a one-to-one correspondence between the set of arrows with source n and target m of A(£) and the m-tuples of elements of the term algebra -over a set of n variables- associated to £.

4.2 Describing Systems

We recall now the basic definitions for tile logic [10], a general framework for the specification of rule-based systems, in the vein of both the rewriting logic formalism [16] and the sos approach [17]. Intuitively, it extends the standard definition for rewriting systems: a rule is seen as a module (kind of a basic component of a system) carrying information (equivalently, expressing conditions) on the possible behaviour of its sub-components (that is, of the terms to which it can be applied).

Definition 4.3 (algebraic rewriting systems) An algebraic rewriting system (ars) R is a four-tuple (£,, £T ,N,R), where £,, £T are signatures, N is a set of (rule) names and R is a function R : N — A(E,) x G(ET) x G(ET) x A(E,) such that for all d E N, with R(d) = (I, a, b, r), we have I : n — m,r : p — q iff a : n — p,b : m — q.

With an abuse of notation, we denoted the set of arrows of a theory by the

theory itself. We usually write a rule as d : I

r or, graphically, as a tile

making explicit the source and the target of the operators.

We consider a rewriting system R as a logical theory, and any rewrite -using rules in R- as a sequent entailed by that theory. A sequent is therefore a five-tuple (a, s, a, b, t), where s — t is a rewriting step, a is a proof term (an encoding of the causes of the step), and a and b are respectively the input and output conditions, the observations associated to the rewrite. In the following, we say that s rewrites to t via a (using a trigger a and producing an effect b) if the sequent a : s —1 can be obtained by finitely many applications of the set of inference rules described below.

Definition 4.4 (the tile logic) Let R = (£CT, £T,N,R) be an ars. We .say that R entails the set T(R) of Conway sequents obtained by a finite number of applications of the following set of inference rules: The basic rules

d : s —1 E R

(gen) -

d : s t E T(R)

(h-refl) S : a ^^ E C(S-) (v-refl) ° : * ^ ^ E )

tds : s s E T(R) ida : id id E T(R)

(where id is shorthand for both idn and idm); the composition rules

a : s—^ t,p : uv E T (R) a : st,p : ^ v E T (R)

(par)- (hor)-

a 0 0 : s 0 u -jg^ t 0 v E T(R) a * 3 : s; u t; v E T(R)

a : s —^ u, 3 : u —^ t E T(R)

(vert) -;

a • 3 : s^r t E T (R)

and finally, the auxiliary rules

a : n — m,b : rt — m- E M(ET) (perm) -

Pa,b : Pn,n' ga Pm,m' E T (R)

... a : n — m E M(ST) a : n — m E M(£T) (dupl) - (dis)

Va : Vn ~aga Vm E T(R) !a :!„ ^ E T(R)

The basic rules provide the generators of the sequents, together with suitable identity arrows, whose intuitive meaning is that an element of C(XCT) or M(XT) stays idle during a rewrite. The composition rules express the way in which sequents can be combined, either sequentially (vert), or executing them in parallel (par), or nesting one inside the other (hor). The auxiliary rules are the counterpart of the auxiliary operators in Definition 4.1: they provide a way of permutating (perm) two sequents, and either duplicating (dupl) or discharging (dis) a sequent. No additional rule corresponds to the dagger operators of Conway theories: we do not want to close sequents with respect to such operators, but just to be able to unfold a recursive definition, and to this end the (h-refl) rule is all that is needed.

4.3 An observational semantics

An abstract semantics could be recovered by providing a set of axioms for proof terms, so that an equivalence class would correspond to a normalized proof: see e.g. [11], where a comparison is traced with concurrent computations in rewriting logic. Nevertheless, the two spatial dimensions of a sequent -horizontal for source and target, vertical for effect and trigger- hardly play the same role. When introducing tiles, we referred to source and target as states of our system, and to trigger and effect as conditions to be verified, before applying a rule. It seems then perspicuous to discuss a semantics over states, which is only observational, identifying states that show the same behaviour on the input (trigger) and output (effect) components. To this end, we simplify the structure of sequents, dropping the proof term, thus recovering a generalized notion of transition system.

Definition 4.5 (tile transition system) Let R = (Ea, ET,N,R) be an ars.

The associated (Conway) tile transition system is the relation Tr(R) C C(Ea) x M(ET) x M(ET) x C(Ea) obtained dropping the first component from the relation T(R).

Abusing notation, we refer to a four-tuple (s,a,b,t) as a sequent entailed by an ars. Restricting our attention to transition systems allows us to define a suitable notion of behavioural equivalence by means of trace equivalence.

Definition 4.6 (tile trace equivalences) Let R = (Ea, ET ,N,R) be an ars. Two terms s,t E C(Ea) are tile trace equivalent in R (denoted s = t) if for any sequent s —^ s' entailed by R a corresponding sequent t —^ t' is entailed, and vice versa.

4.4 Operational encoding of spa

For representing the semantics of spa by a tile system, we need a signature Espa such that each process may be embedded into a term in C(ESpa).

Definition 4.7 (many-sorted signature for spa) The many-sorted signature Espa associated to spa has 2U as set of sorts, and it contains the constants nila : e — a, denoting the inactive states; the unary operators prefix {^a : a — a}, restriction {(vA)a : a U {A} — a\{A}} and merging {[B ^ A]a : a U {A,B} — (a\{B}) U {A}}; and finally, the binary operators non-deterministic choice {+a : a 0 a — a} and parallel composition { | | a,^ : a 0 y — a U 7} for a Pi 7 —

We often omit the subscript, whenever clear from the context. The reader may immediately recover for a well-formed, closed expression P : a the embedding {|P|} : e — a, obtaining an arrow of the Conway theory associated to Espa. Note that recursion is simulated by the j operator. For example, let us consider the processes FL, FL[$J] and F, as defined in Section 2.3.3: the associated terms are respectively {|FL }} — (({u/,tj} 0 {ti,tj});+)^; {lI,tj},

(IFl№] } = (({UJ, TI} 0 {TJ, TI}); +)t; {Ij, TI}, and

(IF} = (^{I,J}; (^{I,J} 0 id{I,J}); ({TI, TJ} 0 tFL 0 ]); (+ 0 id{I,j}); +y.

The operational semantics of spa is given by the transition system Tspa, presented in Section 2 by a set of rules, in a sos style. A similar description may also be obtained for tiles, by means of their inference mechanism.

Definition 4.8 (tile system for spa) The ars Rspa for spa is the 4-tuple

(£spa, £spa,Lspa,Rspa), where Rspa is the set of labeled rules given below

act : fi id°> ida resA : (vA) (vA) for a E LA

+ : + ^ ida0\a +r : + ^ \* 0 ida par :|\

merBA :[B ^ A] [B ^ A] for b E Lb

Except for recursion, there is one tile for each inference rule of spa: they are parametric with respect to types, since the corresponding rules are so. The effect ¡i indicates that a process is 'running', outputting a label f.

Proposition 4.9 (interleaving correspondence) Let P and Q be closed spa processes, and P : a a well-formed expression. (1) If a transition P Q is entailed by the spa transition system Tspa, then a sequent {|P|} {|Q }

is entailed by the tile system Rspa. Vice versa, (2) if a sequent {|P}} t is entailed by the tile system Rspa, then there exists a process Q such that a transition P Q is entailed by the spa transition system Tspa and t = {|Q }.

5 Sketching the correspondence

How to compare the two encodings? On the one hand, the cospan-span model associates to each well-formed expression P : a (for P a closed process with sequential recursion) a transition system Sem(P), with no out-conditions and a single in-condition, whose abstract semantics is represented by the set of paths of the underlying graph. On the other hand, in the tile logic approach a set of tiles is associated to the set of inference rules of spa, and transitions are mimicked by rewrites. Thus, a first attempt is to assume that these two sets coincide: the result stated below is an immediate consequence of the properties of the two encodings (namely, see Proposition 3.4 and Proposition 4.9).

Proposition 5.1 (on paths and rewrites) Let P be a closed process with sequential recursion, and P : a a well-formed expression. Then, (1) for each path on Sem(P), mapped into a sequence of labels f . ..fn, there exists a closed process Q such that a tile {|P}} {|Q }} is entailed by Rspa; and vice

versa (2), for each tile {\P} ¿¡din t entailed by Rspa, there exists a path on Sem(P), mapped into a sequence of labels f... f n.

There are more paths than tiles: for example, given the process P = 0 +

¡1.0, Sem(P) has two paths labeled ¡, corresponding to the tile {|P} l<t> 0.

Nevertheless, the previous result may be enriched with a denotational flavour.

Theorem 5.2 (on trace semantics) Let P and Q be closed processes with sequential recursion, and P : a and Q : a well-formed expressions. Then, Sem(P) and Sem(Q) are trace equivalent if and only if {P|} =

6 Conclusions and further work

In the paper we introduced a simple process algebra, and we encoded it into both the cospan-span model and the tile logic formalism. Then, we proved a correspondence among the two encodings, by means of trace equivalence.

The algebra we considered is quite powerful, since it offers an effective calculus for describing finite state systems. It is yet rather simplistic, with respect to the possibilities offered by the tools of both the cospan-span model and the tile logic formalism. In fact, its name reveals that we consider the operators of the calculus quite close to those of the span(Graph) model: the operators available on cospan-span(Graph) are much richer, and we plan to investigate a calculus which supports the same operations of that model.

Our choice of the spa algebra, and our restriction to a behavioural semantics such as trace equivalence, instead of e.g. the more expressive bisimulation, is on purpose. A direct translation of cospan-spans into tiles would be by no means straightforward, since the composition operations of the first model only bear a similarity with those of double-categories, which are the semantic domain of tiles. Besides the technical points, intuitively the two dimensions of cospan-span expressions are spatial (the horizontal dimension being the underlying geometry of the system, the vertical dimension being the space of states), while instead the vertical dimension in tiles represents the flow of time. Thus, even if our case study does not allow for properly testing the expressiveness of the two formalisms, restricting our attention to an algebra which is easily encoded in both meta-frameworks focuses the paper on the comparison among them, highlighting the different tools they offer for system specification (in a similar fashion to what has been already done for tiles and other rewrite-based formalisms in [11]).

We then feel confident that we were able to cast some light on the correspondence between the two approaches. Roughly, each expression in the cospan-span model is a system, and each operation is a system constructor; on the contrary, a tile is a (open) state transformer, and each tile expression represents (the encoding of) a possible evolution from one state into another. The dichotomy denotational vs. operational that we mentioned in the Introduction is thus justified, even if, of course, also denotational models for tiles are at hand, as long as we analyze formalisms such as the calculus spa, where processes univocally denote also states.

Summing up, on the one hand, the cospan-span model offers a rich algebra for the description of systems, and its operations thus allow for a powerful denotational formalism, on which the orthogonal aspects of parallel and sequential composition of systems are of pivotal importance. On the other hand, tile logic offers a flexible tool for the specification of rule-based formalisms: the emphasis is less on the structure of a system, which can actually be considered as parametric, and much more on the the inference mechanism for building single transitions out of an initial set, and sequentially compose them.

Acknowledgement

We wish to thank Roberto Bruni for the interesting discussions and the careful reading of the paper, as well as the referees for their valuable suggestions.

References

[1] A. Arnold. Finite transition systems. Prentice Hall, 1994.

[2] S. Bloom and Z. Esik. Iteration Theories. EATCS Monographs on Theoretical Computer Science. Springer, 1993.

[3] R. Bruni, D. de Frutos-Escrig, N. Marti-Oliet, and U. Montanari. Bisimilarity congruences for open terms and term graphs via tile logic. In C. Palamidessi, editor, Concurrency Theory, volume 1877 of Lect. Notes in Comp. Science, pages 259-274. Springer, 2000.

[4] R. Bruni, F. Gadducci, and U. Montanari. Normal forms for algebras of connections. Theoret. Comput. Sci., 2002. To appear. Available at http: //www.di.unipi.it/~ugo/tiles.html.

[5] R. Bruni, J. Meseguer, and U. Montanari. Executable tile specifications for process calculi. In J.-P. Finance, editor, Fundamental Approaches to Software Engineering, volume 1577 of Lect. Notes in Comp. Science, pages 60-76. Springer, 1999.

[6] R. Bruni and U. Montanari. Cartesian closed double categories, their lambda-notation, and the pi-calculus. In Logic in Computer Science, pages 246-265. IEEE Computer Society Press, 1999.

[7] R. Bruni, U. Montanari, and F. Rossi. An interactive semantics of logic programming. Theory and Practice of Logic Programming, 2001.

[8] R. Bruni, U. Montanari, and V. Sassone. Open ended systems, dynamic bisimulation and tile logic. In J. van Leeuwen, O. Watanabe, M. Hagiya, P. D. Mosses, and T. Ito, editors, IFIP Theoretical Computer Science, volume 1872 of Lect. Notes in Comp. Science, pages 440-456. Springer, 2000.

[9] G. Ferrari and U. Montanari. Tile formats for located and mobile systems. Information and Computation, 156:173-235, 2000.

[10] F. Gadducci and U. Montanari. The tile model. In G. Plotkin, C. Stirling, and M. Tofte, editors, Proof, Language and Interaction: Essays in Honour of Robin Milner. MIT Press, 2000.

[11] F. Gadducci and U. Montanari. Comparing logics for rewriting: Rewriting logic, action calculi and tile logic. Theoret. Comput. Sci., 2002. To appear. Available at http://www.di.unipi.it/~ugo/tiles.html.

[12] P. Katis, N. Sabadini, and R.F.C. Walters. Bicategories of processes. Journal of Pure and Applied Algebra, 115:141-178, 1997.

[13] P. Katis, N. Sabadini, and R.F.C. Walters. SPAN(Graph): A categorical algebra of transition systems. In M. Johnson, editor, Algebraic Methodology and Software Technology, volume 1349 of Lect. Notes in Comp. Science, pages 307-321. Springer, 1997.

[14] P. Katis, N. Sabadini, and R.F.C. Walters. A formalization of the IWIM model. In A. Porto and G.-C. Roman, editors, Coordination, volume 1906 of Lect. Notes in Comp. Science, pages 267-283. Springer, 2000.

[15] P. Katis, N. Sabadini, and R.F.C. Walters. Recursion and concurrency. In A. Labella, editor, Fixed Points in Computer Science, 2001.

[16] J. Meseguer. Conditional rewriting logic as a unified model of concurrency. Theoret. Comput. Sci., 96:73-155, 1992.

[17] G. Plotkin. A structural approach to operational semantics. Technical Report DAIMI FN-19, Computer Science Department, Aarhus University, 1981.