Decomposition and Complexity of Hereditary History Preserving Bisimulation on BPP

Decomposition and Complexity of Hereditary History Preserving Bisimulation on BPP Sibylle Fröschle and Sławomir Lasota Institute of Informatics, Warsaw University 02 097 Warszawa, Banacha 2, Poland sib,sl @mimuw.edu.pl Abstract. We propose a polynomial-time decision procedure for hereditary history preserving bisimilarity (hhp-b) on Basic Parallel Processes (BPP). Furthermore, we give a sound and complete equational axiomatization for the equivalence. Both results are derived from a decomposition property of hhp-b, which is the main technical contribution of the paper. Altogether, our results complement previous work on complexity and decomposition of classical and historypreserving bisimilarity on BPP. 1 Introduction The success of automatic verification in the finite-state world is contrasted by the reality that in practice most processes have either an infinite or an extremely large state space. Thus, it is important to clarify: how far can the automatic methods of the finitestate world be extended to infinite-state processes? It is folklore that full process calculi such as CCS are too expressive to allow for a decidable theory. However, there is now a standard hierarchy of restricted processes, the Process Rewrite Systems (PRS) hierarchy, along which the borderlines of decidability and complexity with respect to the major verification problems are well-investigated [19]. One central category of the PRS-hierarchy is Basic Parallel Processes (BPP): it can be seen as an extension of finite automata by a parallel composition operator. One of the major verification problems is to check whether two processes are equivalent under a given bisimulation equivalence. With the recent addition of two more results our understanding of the computational power of bisimulation equivalences on BPP is now almost complete. On the one hand, the complexity of classical bisimilarity on BPP has finally been settled to be PSPACEcomplete [18, 11]. On the other hand, [16] has established that truly-concurrent bisimulation equivalences, such as history preserving bisimilarity (hp-b), are P-complete for this class; in [12] the upper bound has been improved to Ç Ò µ, building on the technique of [11]. Together, these results indicate the following trend: while in the finitestate world truly-concurrent verification problems are at least as hard as their interleaving counterparts (e.g. [13, 15]), in the infinite-state world this effect seems reversed. The same trend has also been revealed in model-checking [4], and linear-time equivalence checking [20]. This work is supported by the European Community Research Training Network GAMES. Partially supported by Polish KBN grant No. 4 T11C 042 25.

One gap remains in our understanding of bisimilarities on BPP: the complexity of hereditary history preserving bisimilarity (hhp-b) [2, 14]. Hhp-b is known to coincide with hp-b for simple BPP (SBPP) [6], and is thus polynomial-time decidable here. For full BPP it was shown to be decidable [5], but the proof left the complexity open. This paper fills this gap: we establish that hhp-b is polynomial-time decidable on BPP. Thereby we settle that hhp-b conforms to the positive trend for true-concurrency in the infinite-state world. This is particularly interesting since hhp-b takes a special position among bisimilarities: it is often considered to be the bisimulation equivalence for trueconcurrency [14, 8]. Unlike all the other equivalences it is undecidable for finite-state systems [15]; only a few positive results could be achieved for restricted classes [7]. The reason behind the positive trend for true-concurrency in the infinite-state world seems to be the following: BPP processes have natural decomposition characteristics; these may translate into decomposition results for truly-concurrent equivalences, and allow us to decide the respective concept by a divide and conquer approach. There are two kinds of decomposition results that one can consider. The classical question is [17]: given a process class and an equivalence, is each process term uniquely, up to the equivalence, represented as a parallel composition of prime processes? A process is prime if it cannot be expressed, up to the equivalence, as a non-trivial parallel composition. This type of decomposition stands behind the polynomial-time algorithm for bisimilarity on normed BPP by Hirshfeld et. al. [10]. Unique decomposition has also been shown for BPP with respect to distributed bisimilarity [3] (which coincides with hp-b for BPP). As recently advocated in [6], in a truly-concurrent framework one can also consider whether a given equivalence is decomposable with respect to the independent components of the processes to be compared. If two processes È and É are equivalent then we ask whether there is a one-to-one correspondence between the components of È and those of É such that related components are equivalent. This kind of decomposition stands behind the coincidence of hhp-b with hp-b on SBPP: decomposition was proved for hp-b and hhp-b for a class that subsumes SBPP (and incomparable to BPP) [6]. Hp-b is not decomposable in general, and, as we will see later, neither is it for BPP. As our core result, we will resolve that, modulo hhp-bisimilar choices (a concept to be explained later), hhp-b on BPP is indeed decomposable in the second sense. We will also show that an analogue for the choice operator holds. Building on our decomposition theory we will design a decision procedure for hhp-b on BPP, running in Ç Ò ¾ ÐÓ Òµ time. Further, we will give a complete equational theory for hhp-b. The latter connects to work of Christensen, who presented equational theories for classical and distributed bisimilarity for BPP [3]. We proceed as follows. Section 2 contains the necessary definitions. In particular, we define hhp-b in terms of a step game. In Section 3 we prove our decomposition results. In Section 4 we present the algorithm and in Section 5 the equational theory. In Section 6 we discuss the consequences of our results, and highlight some further directions. Some proofs, missing here, can be found in [9]. 2 Preliminaries BPP. In the following assume a countably infinite set of actions Ø and a countably infinite set of process variables Î Ö ½. BPP expressions are

given by the following grammar: ¼ where ¼ is the empty process, is a process variable, is action prefix, denotes nondeterministic choice, and parallel composition. We usually consider BPP expressions modulo associativity and commutativity of choice and parallel composition, and ¼ as unit for these operators. A BPP definition is a finite family of recursive equations, where the are distinct variables, and each is a BPP expression that only contains variables defined by and where each variable occurrence is guarded, i.e., within the scope of action prefix. (This ensures that recursive definitions yield unique solutions.) The set of variables occurring in is denoted by Î Ö. A BPP process is a pair µ, where is a BPP definition, and is an expression that only contains variables of Î Ö. If is clear from the context, we denote µ simply by. Execution Normal Form. We will mainly work with BPP in Execution Normal Form (ENF). BPP expressions in ENF (ENF expressions) are defined by: ¼ Each BPP process µ can easily be transformed into a process in ENF, Ò µ. During the transformation, always work modulo ¼ as unit for and : remove all superfluous occurrences of ¼ in the expressions. Translate and all defining expressions of into ENF expressions by replacing each subexpression ¼ by ¼. Add new equations ¼ ¼ to. ¼ is possibly unguarded. Therefore, replace each unguarded occurrence of a variable by. Treat such newly created defining expressions as the original ones, until finally all defining expressions will be in ENF. Note that this transformation only makes use of operations such as unfolding of variables and introduction of new variables for subexpressions, which will be respected by any behavioural equivalence. Transition-based ENF. For our definition of hhp-b, given a BPP, we need to be able to uniquely identify each occurrence of an action prefix within. A convenient way to do so is to work with labelled transitions rather than actions. In the following, for each ¾ Ø, assume a countably infinite set of transitions labelled by, Ì Ø Ø ½. Let Ì Ì Ì be the set of all transitions. Let Ø Ø ½ range over Ì, and set Рص if Ø ¾ Ì. Transition-based ENF (T-ENF) expressions are defined as follows: ¼ Ø where Ø is transition prefix. We denote the set of transitions occurring in by Ì. We only consider T-ENF expressions that are transition-genuine in that every Ø ¾ Ì appears syntactically only once in. Given Ø ¾ Ì, there will be exactly one such that Ø is a subexpression of ; denote by Ø. Given a definition, by Ì - Æ we denote all T-ENF expressions such that only contains variables of Î Ö.

Proviso. In the following, we mainly work with T-ENF processes. We allow us to assume that all defining expressions in a definition are in T-ENF, and that Ò µ is in T-ENF as well. Clearly, whatever we state for T-ENF processes can be carried over to ENF processes obtained by replacing all transitions with their labels. Steps of T-ENF Processes. Rather than providing an operational semantics for T-ENF processes we prefer to capture the concurrent steps of a T-ENF expression, i.e., the sequences of pairwise concurrent transitions initially enabled at. This will be sufficient for our definition of hhp-b. We say a transition Ø is enabled at, written Ø, iff Ø ¾ Ì. If Ø then the parallel remainder of wrt. Ø, written ÔÊ Øµ, is inductively defined as follows, where we work modulo ¼ as unit for and : ÔÊ Ø Øµ ¼ ÔÊ Øµ if Ø ¾ Ì then ÔÊ Øµ else ÔÊ Øµ ÔÊ Øµ if Ø ¾ Ì then ÔÊ Øµ else ÔÊ Øµ We say Ö Ø ½ Ø Ò ¾ Ì is a concurrent step of, denoted by Ö ¾ Ø Ô µ, iff Ø there is a sequence ½ Ò such that ½, and ¾ ½ Ò, and ½ ÔÊ Ø µ. We generalize ÔÊ Øµ to steps in the obvious way. Given Ö ¾ Ø Ô µ and Ø ¾ Ì, we say Ø is enabled at Ö, written Ö, Ø iff ¼ Ø, where ¼ ÔÊ Öµ. ¼ is a parallel remainder of, written ¼ ¾ ÔÊ µ, iff ¼ ÔÊ Öµ for some Ö ¾ Ø Ô µ. Step Game and Hhp-b. The usual way to define hhp-b for BPP would be to proceed as follows: first, give the standard definition of hhp-b for, say, 1-safe Petri nets; second, define true-concurrency semantics for BPP so that each BPP is interpreted as a (typically infinite) 1-safe Petri net; and third, define two BPP to be hhp-bisimilar iff their interpretations as 1-safe Petri nets are hhp-bisimilar ([5]). To avoid the bulk of definitions this would require, we define hhp-b in a non-standard way, making use of a characterization of [5]: two T-ENF processes and are hhp-bisimilar iff: (1) Duplicator has a winning strategy À in a bisimulation game with backtracking, which is only played in the scope of the concurrent steps of and ; and (2) whenever two transitions Ø and Ø are related by À then Ø and Ø are hhp-bisimilar. Let be a T-ENF expression, and Ö Ø ½ Ø ¾ Ø Ò ¾ Ø Ô µ. Write Ö for the length of Ö, that is Ö Ò. Given ¾ ½ Ö, we define Æ Ö µ to be the result of backtracking the th transition in Ö, that is Æ Ö µ Ø ½ Ø ½ Ø ½ Ø Ò. Observe that we have Æ Ö µ ¾ Ø Ô µ. Given À Ø Ô µ Ø Ô µ, we define Å Ø Àµ to be the set Ø Ø µ Ö Ø Ö ¼ Ö Ø Ö ¼ µ ¾ À where Ö Ö. Let and be T-ENF expressions. The µ Ø Ô -game between Spoiler and Duplicator is played as follows. Configurations are pairs Ö Ö µ ¾ Ø Ô µ Ø Ô µ with Ö Ö. The initial configuration is µ. A play proceeds from Ö Ö µ by the following rules: 1. Spoiler chooses one of or, say, and picks a transition Ø ¾ Ì that is enabled at Ö. Duplicator has to respond by executing a transition Ø in that is enabled at Ö and satisfies Ð Ø µ Ð Ø µ. Play continues at Ö Ø Ö Ø µ.

2. Alternatively, Spoiler chooses one of or, say ; he picks ¾ ½ Ö, and backtracks the th transition in Ö. Duplicator has to backtrack the corresponding transition in Ö. Play resumes at Æ Ö µ Æ Ö µµ. 3. The play continues like this forever, in which case Duplicator wins, or until either Spoiler or Duplicator is unable to move, in which case the other participant wins. Note that a play can continue indefinitely only because of repeated backward and forward steps which may undo each other. A winning strategy for Duplicator in the µ Ø Ô -game is a set of configurations À such that µ ¾ À and whenever Spoiler has a move at some Ö Ö µ ¾ À then Duplicator has a response and the accordingly updated configuration is in À. Let be a BPP definition in T-ENF. We map a relation Ì - Æ Ì - Æ to a relation Ì - Æ Ì - Æ as follows: iff Duplicator has a winning strategy À in the µ Ø Ô -game such that for all Ø Ø µ ¾ Å Ø Àµ, Ø Ø (by convention, for variables and we write if ). In [9] it is proved that the standard definition of hhp-b on BPP (e.g. [5]) is equivalent to: Definition 1. Hhp-b, denoted by Ô, is the greatest relation such that. We carry over Ô to all BPP processes: Ô iff Ò µ Ô Ò µ. 3 Decomposition Let be a BPP definition in T-ENF. All processes that appear in this section are assumed to be in Ì - Æ. We define the summands and factors of a process inductively as follows: ÙÑÑ Ò ½ ¾ µ ÙÑÑ Ò ½ µ ÙÑÑ Ò ¾ µ ÙÑÑ Ò ½ ¾ µ ½ ¾ ØÓÖ ½ ¾ µ ½ ¾ ØÓÖ ½ ¾ µ ØÓÖ ½ µ ØÓÖ ¾ µ ÙÑÑ Ò Ø µ Ø ÙÑÑ Ò ¼µ ØÓÖ Ø µ Ø ØÓÖ ¼µ We investigate whether hhp-b is decomposable wrt. parallel composition in the following sense: whenever and are hhp-bisimilar is there a bijection between the factors of and those of such that related factors are hhp-bisimilar? We also ask whether hhp-b is decomposable wrt. choice in the analogous sense. In view of Section 4 we prove our decomposition results in a more general formulation: we work with rather than Ô, where we assume Ì - Æ Ì - Æ to be an arbitrary equivalence. A first observation is that we will have to work modulo choices that are trivial wrt. : let È and É È ¼ È ¼¼ such that È È ¼ È ¼¼ ; clearly È is equivalent to É under any reasonable behavioural equivalence, but there is no bijection between the factors of È and those of É. Formally, we capture trivial choices as follows. Definition 2. We say that contains a trivial choice wrt. if it contains, up to associativity and commutativity of, a subexpression ½ ¾ with ½ ¾. When Ô, we say that contains a hhp-bisimilar choice.

We will prove that, modulo trivial choices, is indeed decomposable wrt. both operators. The proof of decomposition wrt. parallel composition relies on three lemmas. The first is a cancellation lemma, which holds in general. Lemma 1. µ. Proof. For shorter notation we set Ä and Ê. Assume a winning strategy À for Duplicator in the Ä Êµ Ø Ô -game such that for all Ø Ä Ø Ê µ ¾ Å Ø Àµ, ØÄ ØÊ. Based on À we exhibit a winning strategy À ¼ for Duplicator in the µ Ø Ô -game. The idea behind the construction of À ¼ is as follows. Assume, in the µ Ø Ô -game, Spoiler picks a transition in, say Ø, as his first move. This move can be copied to the Ä Êµ Ø Ô -game. According to À, Duplicator has a reply, say Ø Ñ, either in or in. If the latter holds then Duplicator can copy Ø Ñ straight to the µ-game. But what to do if Ø Ñ is in? Then Duplicator can obtain her answer to Ø by the following zig-zag -strategy. Spoiler can choose Ø Ñ in Ä as his next move in the Ä Êµ Ø Ô -game. If, according to À, Duplicator s answer, say Ø ¼ Ñ, is in, take ؼ Ñ to be her reply to Ø in the µ Ø Ô -game. Otherwise, let Spoiler perform Ø ¼ Ñ in Ä as his next move in the Ä Êµ Ø Ô -game, and check whether this time Duplicator s answer is in. We repeat this procedure, until, finally, we hit a match in. In this manner, we will exhibit answers for Duplicator not only to Spoiler s first moves but to all of his moves. We will make use of the following two observations, where Ö Ä ¾ Ø Ô Äµ, Ö Ê ¾ Ø Ô Êµ, Ö ¾ Ø Ô µ, and Ö ¾ Ø Ô µ. We use a notation Ö Ì for projection of a concurrent step Ö on a set of transitions Ì, i.e., Ö Ì is a concurrent step obtained by dropping all transitions of Ö that are not in Ì. 1. If Ö Ä Ì Ö Ê Ì then Ø ¾ Ì, Ö Ä Ø µ Ö Ê Ø. 2. If Ö Ä Ì Ö then Ø ¾ Ì, Ö Ä Ø µ Ö Ø. And, in analogy: If Ö Ê Ì Ö then Ø ¾ Ì, Ö Ê Ø µ Ö Ø. Formally, we construct À ¼ inductively from the initial configuration while preserving the following property: Property P. Let Ö Ö µ ¾ À ¼ ; Ö Ö µ is of the form Ø ½ ØÑ Ø½ ØÑ µ, where Ñ ¼ and ¾ ½ Ñ, Ø ¾ Ì, Ø ¾ Ì. Then there is Ö Ä Ö Ê µ ¾ À such that Ö Ä ÛÄ ½ ÛÑ Ä, Ö Ê ÛÊ ½ ÛÑ Ê, and ¾ ½ Ñ, Û Ä and Û Ê are of the form ÛÄ Ø Ø½ ØÒ or Û Ä Ø½ ØÒ Ø ÛÊ Ø½ ØÒ Ø Û Ê Ø Ø½ ØÒ where Ò ¼ and ¾ ½ Ò, Ø ¾ Ì. Base case. We start with µ ¾ À ¼. Property (P) trivially holds since µ ¾ À. Inductive case. Let Ö Ö µ ¾ À ¼. Spoiler chooses his next move according to rule (1) or (2) of the game. Assume Ö Ä Ö Ê µ ¾ À as given by (P). In either case, we construct a response for Duplicator such that (P) is preserved.

(1) Spoiler chooses one of or, say, and performs a transition Ø of that is enabled at Ö. Consider the Ä Êµ Ø Ô -game. Let Spoiler perform Ø at Ö Ä Ö Ê µ; this is possible by Observation (2). Say Duplicator s response according to À is Ø Ñ. We obtain a match for Ø in the µ Ø Ô -game by the following zig-zag algorithm: Ö Ä Ö Ä Ø ; Ö Ê Ö Ê Ø Ñ ; -- update the configuration while Ø Ñ ¾ Ì do let Spoiler perform Ø Ñ in Ä; set Ø ¼ Ñ to be Duplicator s response according to À; Ö Ä Ö Ä Ø Ñ ; Ö Ê Ö Ê Ø ¼ Ñ ; -- update the configuration Ø Ñ Ø ¼ Ñ; -- update the match return Ø Ñ ; The following is an invariant of the while-loop: let ÖÊ ¼ be given by Ö Ê minus Duplicator s last match; (a) Ö Ä Ì ÖÊ ¼ Ì, and (b) ÖÊ ¼ Ì Ö. By (a) and Observation (1), the first instruction of the while-loop is indeed a valid move in the Ä Êµ Ø Ô -game. The algorithm clearly terminates: there is only a finite number of transitions in Ì. We take Ø Ñ to be Duplicator s response to Ø in the µ Ø Ô -game; by (b) and Observation (2) this is a legal move. Thus, we extend À ¼ by Ö Ø Ö Ø Ñ µ. Property (P) will be preserved: at the last stage of the algorithm Ö Ä Ö Ê µ is a configuration as required. (2) Spoiler chooses one of or, say ; he picks ¾ ½ Ö, and backtracks the th transition in Ö. Duplicator must backtrack the th transition in Ö. We add Æ Ö µ Æ Ö µµ to À ¼. Property (P) will be preserved by this addition. In the Ä Êµ Ø Ô -game, at Ö Ä Ö Ê µ, let Spoiler backtrack all the ÛÄ -transitions. Then ÛÄ ½ Û ½ Û ½ Ä Ä ÛÄ Ñ Û½ Ê Û ½ Û ½ Ê Ê ÛÑ Ê µ ¾ À; but this is exactly a configuration as required. It remains to check whether for all Ø Ø µ ¾ Å Ø À ¼ µ, Ø Ø. Let Ø Ø µ ¾ Å Ø À ¼ µ. If Ø Ø µ ¾ Å Ø Àµ then Ø Ø is immediate. Otherwise, wlog. assume (P) gives us Ø Ø ½ µ, ؽ ؾ µ,..., ØÒ Ø µ ¾ Å Ø Àµ, where Ò ¼, and ¾ ½ Ò, Ø ¾ Ì. We know that Ø Ø ½, ¾ ½ Ò ½, Ø Ø ½, and Ø Ò Ø. But then Ø Ø follows by transitivity of. ÙØ Relation is a congruence with respect to parallel composition; hence we also obtain: Corollary 1. ( ¼ µ ² ¼ ¼ µ µ ¼. The second lemma implies: if a choice and a parallel composition are related by then the choice must be trivial wrt.. Lemma 2. If. and ØÓÖ µ ¾ then for each ¾ ÙÑÑ Ò µ, Proof. Let and be given as above. If ÙÑÑ Ò µ ¾ then the lemma is immediate. Otherwise, let À be a winning strategy for Duplicator in the µ Ø Ô -game such that for all Ø Ø µ ¾ Å Ø Àµ, Ø Ø. Choose any ¾ ÙÑÑ Ò µ. We will exhibit a winning strategy À ¼ for Duplicator in the µ Ø Ô -game such that

Ø Ø µ ¾ Å Ø À ¼ µ only if Ø Ø µ ¾ Å Ø Àµ. This will clearly yield. If Spoiler picks a transition in as his first move then Duplicator can copy her response and all subsequent moves straight from À. This is so because: once we have decided for, the other -summands become disabled, and, from this point onwards, the µ Ø Ô -game corresponds exactly to the µ Ø Ô -game. Similarly, if Spoiler picks a transition in as his first move, and, according to À, Duplicator responds with a -transition then she can copy this response and all subsequent moves from À. The difficult case is when Spoiler performs his first move in, say he executes Ø, and À prescribes a match in a -summand other than. We show that, in this case, Duplicator has an alternative match in : we exhibit Ø ¾ such that Ø Ø µ ¾ À. Consider the µ Ø Ô -game. At µ, let Spoiler perform a transition in, say Ø ; this is clearly possible. Assume, according to À, Duplicator answers this move by Ø ¼. There are three cases: (a) Ø ¼ Ø, (b) Ø ¼ and Ø are concurrent in, (c) Ø ¼ and Ø are in conflict in. (Given an expression, two distinct transitions Ø, Ø ¼ ¾ Ì are in conflict in if there is a subexpression ½ ¾ of with Ø ¾ Ì ½ and Ø ¼ ¾ Ì ¾ ; otherwise Ø, Ø ¼ are concurrent in.) If (a) holds then Ø is a match as required. In case (b) Spoiler can perform Ø as his next move. Duplicator must match Ø by a transition in, say Ø ¼. Let Spoiler backtrack Ø ¼. Duplicator must backtrack Ø. We arrive at Ø ¼ Ø µ ¾ À, and thus Ø ¼ is a match as required. Finally, assume (c) holds. Ø and Ø ¼ must belong to the same factor of, say À. There must be a further factor of, say À ¼. Spoiler can perform a transition in À ¼, say Ø ¼¼, as his next move. Duplicator must match ؼ¼ by a -transition, say ؼ. Let Spoiler backtrack Ø ¼. Duplicator must backtrack Ø. We arrive at Ø ¼ ؼ¼ µ ¾ À; but from here we can proceed exactly as in (b). ÙØ With the help of the previous lemma we will show: given, where and are non-zero and contain no trivial choice, we can always find a factor of and a factor À of such that À. This will ensure that we can apply Corollary 1 consecutively to obtain our decomposition result. Lemma 3. Assume that and contain no trivial choice wrt., and ¼ or ¼. If then there exist ¾ ØÓÖ µ and À ¾ ØÓÖ µ such that À. Proof. Wlog. assume ¼. Let À be a winning strategy for Duplicator in the µ Ø Ô -game such that for all Ø Ø µ ¾ Å Ø Àµ, Ø Ø. Choose any ¾ ØÓÖ µ, and consider Ö ¾ Ø Ô µ such that ÔÊ Ö µ ; this is clearly possible. There must be Ö ¾ Ø Ô µ such that Ö Ö µ ¾ À. Set ¼ ÔÊ Ö µ. It is straightforward to derive ¼. One of the following three cases will hold: 1. ¼ ¾ ØÓÖ µ. 2. ¼ ¾ ÔÊ Àµ and ¼ À for some À ¾ ØÓÖ µ.

3. ¼ À ¼ ½ À Ò ¼, where Ò ¾ and ¾ ½ Ò, À ¼ ¼ and À ¼ ¾ ÔÊ Àµ for some À ¾ ØÓÖ µ. If (1) holds then and ¼ are factors as required. If (2) applies, at Ö Ö µ, let Spoiler backtrack all the À-transitions in Ö. Duplicator must backtrack the corresponding transitions. The new configuration, say Ö ¼ Ö¼ µ, satisfies: ÔÊ Ö¼ µ À and ÔÊ Ö ¼ µ ¼ ½ ¼ Ò, where Ò ½ and ¾ ½ Ò, ¼ ¼ and ¼ ¾ ÔÊ ¼ µ for some ¼ ¾ ØÓÖ µ. But this means (2) reduces to (3): wlog. we can exchange by À. Finally, assume (3) holds. cannot be of the form Ø : we have ¼ but there are at least two concurrent transitions in ¼ for Duplicator to match. Since cannot be a parallel composition either, we conclude ÙÑÑ Ò µ ¾. But then we can apply Lemma 2 to obtain a contradiction with our assumption that does not contain any trivial choice wrt.. ÙØ Now, we are ready to prove decomposition wrt. parallel composition. Theorem 1. Assume and contain no trivial choice wrt.. If then there exists a bijection ØÓÖ µ ØÓÖ µ such that µ for each ¾ ØÓÖ µ. Proof. Set Ñ ØÓÖ µ. The proof is by induction on Ñ. If Ñ ¼ then we must also have ØÓÖ µ ¼, and a bijection as required is trivially given. If Ñ ¼, we can apply Lemma 3 to obtain ¾ ØÓÖ µ and À ¾ ØÓÖ µ such that À. Let ¼ be given by ¼, and ¼ by ¼ À. Corollary 1 gives us ¼ ¼, and, applying the induction hypothesis, we easily obtain a bijection as required. ÙØ Decomposition wrt. choice is not as involved to prove. It is a consequence of the following theorem. Theorem 2. If then for each ¾ ÙÑÑ Ò µ there is À ¾ ÙÑÑ Ò µ such that À, for each À ¾ ÙÑÑ Ò µ there is ¾ ÙÑÑ Ò µ such that À. Corollary 2. Assume and contain no trivial choice wrt.. If then there exists a bijection ÙÑÑ Ò µ ÙÑÑ Ò µ such that µ for each ¾ ÙÑÑ Ò µ. Although we will build on Theorem 1 and Corollary 2 it is worth spelling them out for the special case Ô. By definition of hhp-b all the previous results carry over, and we obtain decomposition of hhp-b wrt. all BPP operators. Corollary 3. Assume and contain no hhp-bisimilar choice. If Ô then there exists a bijection ØÓÖ µ ØÓÖ µ such that Ô µ for each ¾ ØÓÖ µ; there exists a bijection ÙÑÑ Ò µ ÙÑÑ Ò µ such that Ô µ for each ¾ ÙÑÑ Ò µ. Note that, including Ô, is clearly compositional, i.e., preserved by and ; hence the opposite directions of Theorems 1, 2 and Corollaries 2, 3 hold as well.

4 Algorithm Let be a BPP definition in T-ENF. By convention, let denote the defining expression of a variable. Let Ò be the size of, i.e., the sum of lengths of all. We will concentrate on relations Î Ö Î Ö between variables in this section. Hence, in the following, symbol Ô is used to denote hhp-b restricted to variables. We will show that Ô can be computed in time polynomial wrt. Ò. Define an operator that given Î Ö Î Ö yields a relation µ Î Ö Î Ö, defined by: ¾ µ iff. can be seen as the restriction of the mapping to variables. In particular, is monotonic: if ½ ¾ then ½ µ ¾ µ. By Definition 1 we get: Proposition 1. Ô is the greatest fixed point of. Hence, Ô Î Ö Î Ö : is the limit of the following sequence of approximants, where ¼ ¼ ¼ µ ¾ ¼ µ In other words, Ô equals the first ¼ µ with ¼ µ ½ ¼ µ. It can easily be shown, by induction on, that all the approximants are equivalence relations; hence the number of iterations is not greater than the number of variables. We only need to show that computing ½ ¼ µ from ¼ µ can be done in polynomial time. We will prove: Lemma 4. Given an equivalence Î Ö Î Ö, relation µ can be computed in time Ç Ò ÐÓ Òµ. We will also show that checking whether the limit has been reached can be done without any extra cost. Thus, altogether we obtain: Theorem 3. Relation Ô can be computed in time Ç Ò ¾ ÐÓ Òµ. In the rest of this section we describe the algorithm announced in Lemma 4. It is inspired by the standard algorithm solving tree isomorphism (e.g. [1]). Our algorithm assigns an integer Úµ to each node Ú of the syntactic trees corresponding to the defining expressions of such that for any two nodes Ú ½, Ú ¾ we have: Ú ½ µ Ú ¾ µ iff the expressions represented by Ú ½ and Ú ¾ are related by. The nodes of the syntactic trees are of three types: prefix, and ; the leaves are precisely the nodes of type prefix. We assume that the trees are constructed up to associativity and commutativity of and. In particular, if a node has type, its parent has type, and vice versa. The trees can be constructed in time Ç Òµ. The algorithm works in bottom-up manner, visiting each of the nodes once. It starts in the leaves and each non-leaf is processed after all its children have been visited. In each node Ú, a sorted list Ð Ú is computed. To start off with, Ð Ú exactly contains the child nodes of Ú. To notionally remove trivial choices from the trees, Ð Ú is processed such that: (1) if Ú is of type then, for any integer, Ð Ú will contain at most one node Ú ¼ with Ú ¼ µ ; (2) if Ú is of type and some child Ú ¼ of Ú has been identified as a trivial choice, i.e., Ú ¼ is of type and Ð Ú ¼ contains only one node, say Ú ¼¼, then the nodes of

Ð Ú ¼¼ will be inserted into Ð Ú in place of Ú ¼. For convenience, we assume Ð Ú Ú at each leaf Ú. A table Ì is used to store triples Ü Øµ, where is an integer assigned to some non-leaf node Ú, Ü is the type of Ú, and Ø Ð Ú µ is the sorted tuple of integers assigned to the nodes of Ð Ú. The table Ì is initially empty. Assign integers to all leaves such that two leaves Ø and Ø ¼ ¼ have the same integer iff Рص Ð Ø ¼ µ and ¼. This can clearly be done in time Ç Òµ. The processing of a non-leaf Ú depends on its type. First, we do the following: let Ð Ú be a tuple containing all child nodes of Ú if Ú is of type sort Ð Ú wrt. the integers assigned to the nodes remove duplicates from Ð Ú : µ as long as Ú ½ Ú ¾ ¾ Ð Ú, Ú ½ Ú ¾ and Ú ½ µ Ú ¾ µ, remove one of Ú ½ Ú ¾ if Ð Ú contains only one node, mark node Ú trivial choice else -- i.e., Ú is of type for each node Ú ¼ ¾ Ð Ú marked trivial choice replace Ú ¼ by the elements of Ð Ú ¼¼, where Ú ¼¼ Ð Ú ¼ µ sort Ð Ú wrt. the integers assigned to the nodes. If Ú is marked trivial choice then we assign to Ú the integer that has been given to the unique element of Ð Ú. Otherwise, we perform a look-up in Ì. If a triple Ü Øµ is found with Ø Ð Ú µ and Ü the type of Ú, assign to Ú. Otherwise, assign to Ú a fresh number ¼ and update Ì by inserting ¼ Ü ¼ Ð Ú µµ into Ì, where Ü ¼ is the type of Ú. After all nodes have been processed we assign to each variable of the integer assigned to the root of the tree that represents. This yields a representation of µ. The correctness of the algorithm follows from Lemma 5 below. For its formulation and proof we adopt some conventions. Given an expression, define the children of, denoted by Ð Ö Ò µ, as follows: if is a choice then set Ð Ö Ò µ ÙÑÑ Ò µ, otherwise define Ð Ö Ò µ ØÓÖ µ. (If is a prefix this implies Ð Ö Ò µ.) Given a processed node Ú, let ÐÚ Ö be the real tuple of Ú: if Ú is marked trivial choice set ÐÚ Ö to be Ð Ú where ¼ Ú¼ Ð Ú, otherwise set ÐÚ Ö to be Ð Ú. We carry over to nodes in the obvious way: e.g., given a node Ú, we write Ú iff and the expression represented by Ú are related by. Lemma 5. Let Ú, Ú ½, Ú ¾ be nodes of the trees after termination of the algorithm. 1. Ú for some process such that (a) does not contain any trivial choice; (b) there exists a bijection ÐÚ Ö Ð Ö Ò µ such that Ú ¼ Ú ¼ µ for each Ú ¼ ¾ ÐÚ Ö; (c) if there is no entry for Úµ in Ì then is a prefix, otherwise is of type Ü, where Ü is given by Úµ Ü ÐÚ Ö µµ ¾ Ì. 2. Ú ½ Ú ¾ iff Ú ½ µ Ú ¾ µ. Proof (Sketch). The lemma follows by induction on the number of nodes that have already been processed. (1) If Ú is a prefix then take to be Ú. Otherwise, for each Ú ¾ ÐÚ Ö assume such that Ú as given by the induction hypothesis. Let Ü be

defined by Úµ Ü ÐÚ Ö µµ ¾ Ì. If Ü then take to be the parallel composition of the, otherwise take to be the choice of the. Using the induction hypothesis of (2) it is routine to check that Ú and that conditions (a) (c) are satisfied. (2)(µ) Assume ½ and ¾ such that ½ Ú ½ and ¾ Ú ¾ as given by (1). Since ½ and ¾ do not contain any trivial choice we can apply Theorem 1 and Corollary 2 to obtain: ½ and ¾ must be of the same type, and there is a bijection between the children of ½ and those of ¾ such that related children are in. If ½ and ¾ are of type prefix then Ú ½ µ Ú ¾ µ can be derived immediately. Otherwise, using the induction hypothesis, we first obtain ÐÚ Ö ½ µ ÐÚ Ö ¾ µ, and then conclude Ú ½ µ Ú ¾ µ. ( ) By a converse argument using congruence rather than decomposition. ÙØ Finally, we provide a cost estimation of the algorithm. Claim. The algorithm runs in time Ç Ä ÐÓ Òµ, where Ä È Ú Ð Ú is the sum of lengths of all tuples Ð Ú. (When Ú is a node, we consider the length of Ð Ú before removing duplicates in µ.) Indeed: sorting Ð Ú requires Ç Ð Ú ÐÓ Ð Ú µ time; each look-up and update can be done in time Ç Ð Ú ÐÓ Òµ by bisection: Ì never contains more than Ò entries, and equality test for Ð Ú requires at most time Ð Ú since all tuples are sorted. The crucial observation for the total cost estimation is the following: Claim. L is Ç Òµ. Each node Û belongs to a tuple Ð Ú of its parent Ú (before Û may be removed from Ð Ú during µ). Moreover, a node can belong to several other tuples Ð Ú ¼, due to the replacement µ in the algorithm. Obviously, Ä is equal to the total number of pairs Û Úµ Û ¾ Ð Ú. There are at most Ò such pairs with Ú being the parent of Û. We will show that there are also at most Ò pairs with Ú not the parent of Û. Concretely, we will injectively assign to each such pair a node in the tree. Consider stage µ of the algorithm: assume a node Ú with one of its children Ú ¼ marked trivial choice ; let Ð Ú ¼ Ú ¼¼, and assume Û ¾ Ð Ú ¼¼. Node Ú ¼ has type and Ú ¼¼ can either be of type prefix or of type. We will assign to the pair Û Úµ a node as follows. There must be a second child Ú ¼¼ of Ú ¼ which satisfies Ú ¼¼ µ Ú ¼¼ µ; Ú ¼¼ must have been removed from Ð Ú ¼ at an earlier stage of the algorithm. We have Ð Ú ¼¼ µ Ð Ú ¼¼ µ. Assign to Û Úµ a corresponding node Û in Ð Ú ¼¼. (Note that Û is not necessarily a child of Ú ¼¼.) In total, all pairs Û Úµ with Û ¾ Ð Ú ¼¼ can be assigned injectively to the nodes of Ð Ú ¼¼. The crucial observation is that a node from Ð Ú ¼¼ will not be assigned to any other pair again later, since Ú ¼¼ has been removed from Ð Ú ¼. This implies that the mapping is injective. To complete the cost estimation, we note that checking whether µ can be done without any extra cost. It can be shown that, as long as the limit has not been reached, in each iteration of the algorithm the set of nodes marked trivial choice is a strict subset of the nodes thus marked in the previous iteration. Hence, let the overall algorithm terminate when no node is unmarked during the current iteration.

5 Equational Theory In this section we work with general BPP expressions. We give a complete equational theory for hhp-b. That is to say, Ô if and only if can be derived within the theory. Our approach is sequent-based (similarly to [3]), i.e., we provide a set of axioms of the form, to be read as is provable under assumption, where is a finite set of equations. We write when is empty. Interestingly, our axiomatization is essentially the same as that given by [3] for hp-b on SBPP, a subclass for which hhp-b and hp-b coincide [6]. We work relative to a BPP definition. Summation (S1) (S2) µ µ (S3) ¼ (S4) Composition (P1) (P2) µ µ (P3) ¼ Recursion (R1) (R2) µ¾ Axioms (S1)-(S3) and (P1)-(P3) are the commutative monoid laws for summation and parallel composition. Axiom (S4) is idempotency for summation. Rules (R1)-(R2) are laws for recursion and can be seen as an instance of fixed-point induction. In particular, Rule (R2) says that in order to prove a goal under assumption, one is allowed to replace by its defining expression. Moreover, the additional assumption is added to, which guarantees immediate termination of the proof, by (R1), whenever a subgoal is to be proved again. In addition, we need standard equivalence rules (E1)-(E3) and substitutivity rules (C1)-(C3): Equivalence (E1) Congruence (C1) (E2) (E3) (C2) (C3) A proof of is in the form of a finite tree, whose root is labelled by, leaves are instances of axioms and the children of each non-leaf are determined by an instance of some rule (in fact, only (E3) admits more than one child). We write when such a proof exists. (It would be more precise to write ; however, we assume that is clear from the context.) Soundness of the theory for hhp-b is intuitively clear: one would expect each rule to be respected by any behavioural equivalence. Completeness follows from the strong

decomposition characteristics of hhp-b on BPP. A formal proof of soundness and completeness is provided in [9]. Theorem 4 (soundness, completeness). if and only if Ô. 6 Conclusions We have provided a polynomial-time procedure (working in time Ç Ò ¾ ÐÓ Òµ) to compute hhp-b on BPP. Our algorithm takes a BPP definition in T-ENF as input. Transformation to T-ENF can easily be done in time quadratic wrt. the size of the input; the size of the definition may also grow by that factor during the transformation. Furthermore, we have proposed a sound and complete equational axiomatization of the equivalence. The crucial insight behind both of these results is that, modulo hhp-bisimilar choices, hhp-b is decomposable wrt. parallel composition and choice. Our results highlight that, modulo trivial choices, hhp-b fully reflects the structure of BPP expressions. One could argue that this is what one would intuitively expect of a truly-concurrent bisimulation equivalence. In particular, it does not imply that hhp-b is trivial on BPP: hhp-bisimilar choices may be hidden deeply within the process definition. One could ask whether hhp-b also satisfies the unique decomposition property usually investigated in the interleaving setting: is each BPP process uniquely, up to hhp-b, represented as a parallel composition of primes? A process is prime if it cannot be expressed, up to hhp-b, as a non-trivial parallel composition. Indeed, from our results it is straightforward to derive that hhp-b does satisfy unique decomposition in this sense: Lemma 2 ensures that there is a one-to-one correspondence between prime factors wrt. hhp-b and factors that do not contain any hhp-bisimilar choices. As mentioned in the introduction, unique decomposition with respect to distributed bisimilarity, and hence with respect to hp-b, has been established for BPP [3]. It has also been proved that cancellation (c.f. Lemma 1) does hold for distributed bisimilarity [3]. However, the following example of [3] shows that hp-b is not decomposable wrt. or, in the sense of Section 3. ¼ ¼µ ¼ ¼ ¼ ¼ ¼µ ¼ Both and have no hp-bisimilar choices, and Ô. But ÙÑÑ Ò µ and ØÓÖ µ have two elements while ÙÑÑ Ò µ and ØÓÖ µ are singletons. In particular, the example illustrates that Lemma 2 fails for hp-b. An interesting question that remains open is whether, modulo hhp-bisimilar choices, hhp-b is decomposable with respect to prime decompositions of labelled asynchronous transition systems (c.f. [6]). Our algorithm is a natural complement of the polynomial-time procedures for hp-b on BPP [16, 12]. However, in the case of hhp-b the good complexity is due to its very strong decomposition properties; the technique of [11] seems not to be applicable here. Both algorithms can be carried over to CPP, an extension of BPP that allows for synchronization between processes in CCS style but disallows a silent action to appear explicitly inside expressions. It is not clear whether a polynomial-time procedure exists

for hhp-b or hp-b on BPP, which extends CPP by allowing explicit -actions. Preliminary investigations give hope that polynomial-time complexity of hhp-b on BPP can indeed be achieved; this issue will be treated in detail in a full version of this paper. References 1. A.V. Aho, J.E. Hopcroft, and J.D. Ullman. The Design and Analysis of Computer Algorithms. Addison-Wesley Publishing Co., 1974. 2. M. Bednarczyk. Hereditary history preserving bisimulation or what is the power of the future perfect in program logics. Technical report, Polish Academy of Sciences, Gdansk, 1991. 3. S. Christensen. Decidability and Decomposition in process algebras. PhD thesis, Dept. of Computer Science, University of Edinburgh, UK, 1993. 4. J. Esparza and A. Kiehn. On the model checking problem for branching time logics and basic parallel processes. In CAV 95, volume 939 of LNCS, pages 353 366. Springer-Verlag, 1995. 5. S. Fröschle. Decidability of plain and hereditary history-preserving bisimulation for BPP. In Proc. EXPRESS 99, volume 27 of ENTCS, 1999. 6. S. Fröschle. Composition and decomposition in true-concurrency. In Proc. FOSSACS 05, LNSC. Springer-Verlag, to appear, 2005. 7. S. Fröschle. The decidability border of hereditary history preserving bisimilarity. Information Processing Letters, to appear, 2005. 8. S. Fröschle and T. Hildebrandt. On plain and hereditary history-preserving bisimulation. In MFCS 99, volume 1672 of LNCS, pages 354 365. Springer-Verlag, 1999. 9. S. Fröschle and S. Lasota. Decomposition and complexity of hereditary history preserving bisimulation on BPP. Technical Report 280, Institute of Informatics, Warsaw University, Poland, 2005. 10. Y. Hirshfeld, M. Jerrum, and F. Moller. A polynomial time algorithm for deciding bisimulation equivalence of normed basic parallel processes. Mathematical Structures in Computer Science, 6:251 259, 1996. 11. P. Jančar. Bisimilarity of basic parallel processes is PSPACE-complete. In Proc. LICS 03, pages 218 227, 2003. 12. P. Jančar and Z. Sawa. On distributed bisimilarity over Basic Parallel Processes. In Proc. AVIS2 05, 2005. 13. L Jategaonkar and A. R. Meyer. Deciding true concurrency equivalences on safe, finite nets. Theoretical Computer Science, 154:107 143, 1996. 14. A. Joyal, M. Nielsen, and G. Winskel. Bisimulation from open maps. Information and Computation, 127:164 185, 1996. 15. Marcin Jurdziński, Mogens Nielsen, and J. Srba. Undecidability of domino games and hhpbisimilarity. Inform. and Comput., 184:343 368, 2003. 16. S. Lasota. A polynomial-time algorithm for deciding true concurrency equivalences of Basic Parallel Processes. In Proc. MFCS 03, LNCS 2747, pages 521 530. Springer-Verlag, 2003. 17. R. Milner and F. Moller. Unique decomposition of processes. TCS, 107(2):357 363, 1993. 18. J. Srba. Strong bisimilarity and regularity of Basic Parallel Processes is PSPACE-hard. In Proc. STACS 02, LNCS 2285, 2002. 19. J. Srba. Roadmap of Infinite Results, volume 2: Formal Models and Semantics. World Scientific Publishing Co., 2004. 20. K. Sunesen and M. Nielsen. Behavioural equivalence for infinite systems partially decidable! In ICATPN 96, volume 1091 of LNCS, pages 460 479. Springer-Verlag, 1996.