# Process Algebra with Strategic Interleaving

## Abstract

In process algebras such as ACP (Algebra of Communicating Processes), parallel processes are considered to be interleaved in an arbitrary way. In the case of multi-threading as found in contemporary programming languages, parallel processes are actually interleaved according to some interleaving strategy. An interleaving strategy is what is called a process-scheduling policy in the field of operating systems. In many systems, for instance hardware/software systems, we have to do with both parallel processes that may best be considered to be interleaved in an arbitrary way and parallel processes that may best be considered to be interleaved according to some interleaving strategy. Therefore, we extend ACP in this paper with the latter form of interleaving. The established properties of the extension concerned include an elimination property, a conservative extension property, and a unique expansion property.

## Introduction

In algebraic theories of processes, such as ACP [5, 7], CCS [18, 21] and CSP [12, 19], processes are discrete behaviours that proceed by doing steps in a sequential fashion. The parallel composition of two processes is usually considered to incorporate all conceivable interleavings of their steps. In each interleaving, the steps of both processes occur in some order where each time one step is taken from either of the processes. According to many, this interpretation of parallel composition, called arbitrary interleaving, is a plausible, general, if not idealized interpretation. Underlying the usual justification of this claim is the assumption that at most one step is done at each point in time. However, others contend that interpretations in which this simplifying assumption is fulfilled are not faithful. Be that as it may, arbitrary interleaving turns out to be appropriate for many applications and to facilitate formal algebraic reasoning.

Multi-threading as found in programming languages such as Java  and C# , gives rise to parallel composition of processes. In the case of multi-threading, however, the steps of the processes concerned are interleaved according to a process-scheduling policy. We use the term strategic interleaving for this more constrained form of interleaving; and we further use the term interleaving strategy instead of process-scheduling policy. Arbitrary interleaving and strategic interleaving are quite different. The following points illustrate this: (a) whether the interleaving of certain processes leads to inactiveness depends on the interleaving strategy used; (b) sometimes inactiveness occurs with a particular interleaving strategy whereas arbitrary interleaving would not lead to inactiveness and vice versa.

In previous work, we studied strategic interleaving in the setting of thread algebra, which is built on a specialized algebraic theory of processes devoted to the behaviours produced by instruction sequences under execution (see e.g. [8,9,10]). We have, for instance, given demonstrations of points (a) and (b) above in this setting. Nowadays, multi-threading is often used in the implementation of systems. Because of this, in many systems, for instance hardware/software systems, we have to do with parallel processes that may best be considered to be interleaved in an arbitrary way as well as parallel processes that may best be considered to be interleaved according to some interleaving strategy. This is what motivated us to do the work presented in this paper, namely extending ACP such that it supports both arbitrary interleaving and strategic interleaving.

To our knowledge, there exists no work on strategic interleaving in the setting of a general algebraic theory of processes like ACP, CCS and CSP. In the work presented in this paper, we consider strategic interleaving where process creation is taken into account. The approach to process creation followed in this paper originates from the one first followed in  to extend ACP with process creation and later followed in [2, 3, 11] to extend different timed versions of ACP with process creation. The only other approach that we know of is the approach, based on , that has for instance been followed in [4, 14]. However, with that approach, it is most unlikely that data about the creation of processes can be made available for the decision making concerning the strategic interleaving of processes.

The extension of ACP presented in this paper covers a generic interleaving strategy that can be instantiated with different specific interleaving strategies. We found two plausible ways to deal with inactiveness of a process whose steps are being interleaved with steps of other processes in the case of strategic interleaving. This gives rise to two plausible extensions of ACP. We will treat only one of them in detail.

The rest of this paper is organized as follows. In Section 2, we review ACP (Section 2.1), guarded recursion in the setting of ACP (Section 2.2), and some relevant results about the latter (Section 2.3). In Section 3, we extend ACP with strategic interleaving (Section 3.1) and establish some important properties of the extension (Section 3.2). In Section 4, we make some concluding remarks.

## ACP with Guarded Recursion

In this section, we give a survey of ACP (Algebra of Communicating Processes), guarded recursion in the setting of ACP, and some relevant results about the extension of ACP with guarded recursion. For a comprehensive overview, the reader is referred to [5, 13].

### ACP

In ACP, it is assumed that a fixed but arbitrary set A of actions, with δA, has been given. We write Aδ for A ∪{δ}. It is further assumed that a fixed but arbitrary commutative and associative communication function γ: Aδ ×AδAδ, with γ(δ,a) = δ for all aAδ, has been given. The function γ is regarded to give the result of synchronously performing any two actions for which this is possible, and to give δ otherwise.

The signature of ACP consists of the following constants and operators:

• for each aA, the action constant a ;

• the inaction constant δ ;

• the binary alternative composition operator _+_ ;

• the binary sequential composition operator _ ⋅_ ;

• the binary parallel composition operator _∥_ ;

• the binary left merge operator ;

• the binary communication merge operator _∣_ ;

• for each HA, the unary encapsulation operator H.

We assume that there are infinitely many variables, including x, y, z. Terms are built as usual. We use infix notation for the binary operators. The precedence conventions used with respect to the operators of ACP are as follows: + binds weaker than all others, ⋅ binds stronger than all others, and the remaining operators bind equally strong.

The constants and operators of ACP can be explained as follows:

• the constant a denotes the process that is only capable of first performing action a and next terminating successfully;

• the constant δ denotes the process that is not capable of doing anything;

• a closed term of the form t + t denotes the process that behaves either as the process denoted by t or as the process denoted by t, but not both;

• a closed term of the form tt denotes the process that first behaves as the process denoted by t and on successful termination of that process it next behaves as the process denoted by t;

• a closed term of the form tt denotes the process that behaves as the process that proceeds with the processes denoted by t and t in parallel;

• a closed term of the form denotes the process that behaves the same as the process denoted by tt, except that it starts with performing an action of the process denoted by t;

• a closed term of the form tt denotes the process that behaves the same as the process denoted by tt, except that it starts with performing an action of the process denoted by t and an action of the process denoted by t synchronously;

• a closed term of the form H(t) denotes the process that behaves the same as the process denoted by t, except that actions from H are blocked.

The operators and ∣ are of an auxiliary nature. They are needed to axiomatize ACP.

The axioms of ACP are the equations given in Table 1. In these equations, a, b and c stand for arbitrary constants of ACP, and H stands for an arbitrary subset of A. Moreover, γ(a,b) stands for the action constant for the action γ(a,b). In D1 and D2, side conditions restrict what a and H stand for.

In other presentations of ACP, γ(a,b) is regularly replaced by ab in CM5–CM7. By CM12, which is more often called CF, these replacements give rise to an equivalent axiomatization. In other presentations of ACP, CM10 and CM11 are usually absent. These equations are not derivable from the other axioms, but all there closed substitution instances are derivable from the other axioms. Moreover, CM10 and CM11 hold in virtually all models of ACP that have been devised.

In the sequel, we will use the sum notation $${\sum }_{i<n} t_{i}$$. For each $$i \in \mathbb {N}$$, let ti be a term of ACP or an extension of ACP . Then $${\sum }_{i<0} t_{i} = \delta$$ and, for each $$n \in \mathbb {N}_1$$,Footnote 1 the term $${\sum }_{i<n} t_{i}$$ is defined by induction on n as follows: $${\sum }_{i<1} t_{i} = t_{0}$$ and $${\sum }_{i<n + 1} t_{i} ={\sum }_{i<n} t_{i} {+} t_{n}$$.

### Guarded Recursion

A closed ACP term denotes a process with a finite upper bound to the number of actions that it can perform. Guarded recursion allows the description of processes without a finite upper bound to the number of actions that it can perform.

Let T be ACP or a concrete extensions of ACP,Footnote 2 and let t be a T term containing a variable X. Then an occurrence of X in t is guarded if t has a subterm of the form at where aA and t is a T term containing this occurrence of X.

Let T be ACP or a concrete extension of ACP. Then a T term t is a guardedT term if all occurrences of variables in t are guarded.

Let T be ACP or a concrete extension of ACP. Then a guarded recursive specification over T is a finite or countably infinite set of recursion equations E = {X = tXXV }, where V is a set of variables and each tX is either a guarded T term in which variables other than the variables from V do not occur or a T term rewritable to such a term using the axioms of T in either direction and/or the equations in E, except the equation X = tX, from left to right. We write V(E) for the set of all variables that occur in E. A solution of E in some model of T is a set {PXX ∈V(E)} of elements of the carrier of that model such that the equations of E hold if, for all X ∈V(E), X is assigned PX. We are only interested models of ACP and concrete extensions of ACP in which guarded recursive specifications have unique solutions.

Let T be ACP or a concrete extension of ACP. We extend T with guarded recursion by adding constants for solutions of guarded recursive specifications over T and axioms concerning these additional constants. For each guarded recursive specification E over T and each X ∈V(E), we add a constant standing for the unique solution of E for X to the constants of T. The constant standing for the unique solution of E for X is denoted by 〈X|E〉. We use the following notation. Let t be a T term and E be a guarded recursive specification. Then we write 〈t|E〉 for t with, for all X ∈V(E), all occurrences of X in t replaced by 〈X|E〉. We add the equation RDP and the conditional equation RSP given in Table 2 to the axioms of T. In RDP and RSP, X stands for an arbitrary variable, tX stands for an arbitrary T term, and E stands for an arbitrary guarded recursive specification over T. Side conditions restrict what X, tX and E stand for. We write Trec for the resulting theory.

The equations 〈X|E〉 = 〈tX|E〉 for a fixed E express that the constants 〈X|E〉 make up a solution of E. The conditional equations EX = 〈X|E〉 express that this solution is the only one.

In extensions of ACP whose axioms include RSP, we have to deal with conditional equational formulas with a countably infinite number of premises. Therefore, infinitary conditional equational logic is used in deriving equations from the axioms of extensions of ACP whose axioms include RSP. A complete inference system for infinitary conditional equational logic can be found in, for example, . It is noteworthy that derivations are allowed to be of countably infinite length in infinitary conditional equational logic.

### Some Results about Guarded Recursion

This section is concerned with legitimate ways of manipulating guarded recursive specifications and with guarded terms of a special form.

Let T be ACP or a concrete extension of ACP. Then, each guarded recursive specification over T can be manipulated in several ways that are justified by RDP and RSP.

### Proposition 1 (Manipulation)

Let T be ACP or a concrete extension of ACP. Then, for all guarded recursive specifications E over T, for allX ∈V(E):

1. (1)

ifY = tYEand$$t_{Y} = t^{\prime }_{Y}$$isderivable from the axioms of T, then$$\langle X \vert E \rangle = \langle X \vert (E \setminus \nolinebreak \left \{ Y = t_{Y} \right \}) \cup \left \{ Y = t^{\prime }_{Y} \right \} \rangle$$isderivable from the axioms of T, RDP and RSP;

2. (2)

ifY = tYE,Z = tZE,and$$t^{\prime }_{Y}$$istYwith some occurrence of Z intYreplaced bytZ,then$$\langle X \vert E \rangle = \langle X \vert (E \setminus \left \{ Y = t_{Y} \right \}) \cup \left \{ Y = t^{\prime }_{Y} \right \} \rangle$$isderivable from the axioms of T, RDP and RSP;

3. (3)

ifY ∉V(E) andtYis a guarded T term in which variables other than the variables from V(E) do not occur, thenX|E〉 = 〈X|E ∪{Y = tY}〉 is derivable from the axioms of T, RDP and RSP.

### Proof 1

In case (1), first we apply RDP for each recursion equation in E, next we apply $$t_{Y} = t^{\prime }_{Y}$$ to 〈Y |E〉 = 〈tY|E〉, and finally we apply RSP to the resulting set of equations. In case (2), first we apply RDP for each recursion equation in E, next we apply 〈Z|E〉 = 〈tZ|E〉 to 〈Y |E〉 = 〈tY|E〉, and finally we apply RSP to the resulting set of equations. In case (3), we first apply RDP for each recursion equation in E ∪{Y = tY} and then we apply RSP to the resulting set of equations.Footnote 3

Proposition 1 will be used in the proof of Theorem 1 in Section 3.2.

Let T be ACP or a concrete extension of ACP. Then the set HNF of head normal forms ofT is inductively defined by the following rules:

• δHNF;

• if aA, then aHNF;

• if aA and t is a T term, then atHNF;

• if t,tHNF, then t + tHNF.

Each head normal form of T is derivably equal to a head normal form of the form $${\sum }_{i<n} a_{i} \cdot t_{i} {+} {\sum }_{j<m} b_{i}$$, where $$n,m \in \mathbb {N}$$, for all $$i \in \mathbb {N}$$ with i < n, aiA and ti is a T term, and, for all $$j \in \mathbb {N}$$ with j < m, bjA.

It is well-known that each guarded ACPrec term is derivably equal to a head normal form of ACPrec (see also Lemma 2.4.7 in ).

### Proposition 2 (Head normal form)

For each guarded ACPrecterm t, there exists a head normal formtof ACP such thatt = tis derivable from the axioms of ACPrec.

### Proof 2

The proof is analogous to the proof of Proposition 3 in Section 3.2. □

## Strategic Interleaving

In this section, we extend ACP with strategic interleaving, i.e. interleaving according to some interleaving strategy. Interleaving strategies are abstractions of scheduling algorithms. Interleaving according to some interleaving strategy is what really happens in the case of multi-threading as found in contemporary programming languages.

### ACP with Strategic Interleaving

In the extension of ACP with strategic interleaving presented below, it is expected that an interleaving strategy uses the interleaving history in one way or another to make process-scheduling decisions.

The set $$\mathcal {H}$$ of interleaving histories is the subset of $${(\mathbb {N}_1 \times \mathbb {N}_1)}^{\ast }$$ that is inductively defined by the following rules:

• $${\langle \rangle } \in \mathcal {H}$$;

• if in, then $$\left (i,n \right ) \in \mathcal {H}$$;

• jn, and n − 1 ≤ mn + 1, then h ↷ (i,n) ↷ (j,m) ∈. Footnote 4

The intuition concerning interleaving histories is as follows: if the k th pair of an interleaving history is (i,n), then the i th process got a turn in the k th interleaving step and after its turn there were n processes to be interleaved. The number of processes to be interleaved may increase due to process creation (introduced below) and decrease due to successful termination of processes.

The presented extension of ACP is called ACP + SI (ACP with Strategic Interleaving). It covers a generic interleaving strategy that can be instantiated with different specific interleaving strategies that can be represented in the way that is explained below.

In ACP + SI, it is assumed that the following has been given:

• a fixed but arbitrary set S;

• for each $$n \in \mathbb {N}_1$$, a fixed but arbitrary function $$\sigma _{n} {:} \mathcal {H} \times S \to \left \{ 1,\ldots ,n \right \}$$;

• for each $$n \in \mathbb {N}_1$$, a fixed but arbitrary function $$\vartheta _{n} {:} \mathcal {H} \times S \times \left \{ 1,\ldots ,n \right \} \times \mathsf {A} \to S$$.

The elements of S are called control states, σn is called an abstract scheduler (for n processes), and 𝜗n is called a control state transformer (for n processes). The intuition concerning S, σn, and 𝜗n is as follows:

• the control states from S encode data that are relevant to the interleaving strategy, but not derivable from the interleaving history;

• if σn(h,s) = i, then the i th process gets the next turn after interleaving history h in control state s;

• if 𝜗n(h,s,i,a) = s, then s is the control state that arises from the i th process doing a after interleaving history h in control state s.

Thus, S, $${\left \langle \sigma _{n} \right \rangle }_{n \in \mathbb {N}_1}$$, and $${\left \langle \vartheta _{n} \right \rangle }_{n \in \mathbb {N}_1}$$ make up a way to represent an interleaving strategy. This way to represent an interleaving strategy is engrafted on .

Consider the case where S is a singleton set, for each $$n \in \mathbb {N}_1$$, σn is defined by

and, for each $$n \in \mathbb {N}_1$$, 𝜗n is defined by

$$\vartheta{n}(h,s,i,a) = s .$$

In this case, the interleaving strategy corresponds to the round-robin scheduling algorithm. More advanced strategies can be obtained if the scheduling makes more advanced use of the interleaving history and the control state. The interleaving history may, for example, be used to factor the individual lifetimes of the processes to be interleaved and their creation hierarchy into the process-scheduling decision making. Individual properties of the processes to be interleaved that depend on the actions performed by them can be taken into account by making use of the control state. The control state may, for example, be used to factor the processes being interleaved that currently wait to acquire a lock from a process that manages a shared resource into the process-scheduling decision making.Footnote 5

In ACP + SI, it is also assumed that a fixed but arbitrary set D of data and a fixed but arbitrary function ϕ:DP, where P is the set of all closed terms over the signature of ACP + SI (given below), have been given and that, for each dD and a,bA, $$\mathsf {cr}(d),\overline {\mathsf {cr}}(d) \in \mathsf {A}$$, γ(cr(d),a) = δ, and γ(a,b)≠cr(d). The action cr(d) can be considered a process creation request and the action $$\overline {\mathsf {cr}}(d)$$ can be considered a process creation act. They represent the request to start the process denoted by ϕ(d) in parallel with the requesting process and the act of carrying out that request, respectively.

The signature of ACP + SI consists of the constants and operators from the signature of ACP and in addition the following operators:

• for each $$n \in \mathbb {N}_1$$, $$h \in \mathcal {H}$$, and sS, the n-ary strategic interleaving operator $$\parallel ^{n}_{h,s}$$;

• for each $$n,i \in \mathbb {N}_1$$ with in, $$h \in \mathcal {H}$$, and sS, the n-ary positional strategic interleaving operator .

The strategic interleaving operators can be explained as follows:

• a closed term of the form $$\parallel ^{n}_{h,s}(t_{1},\ldots ,t_{n})$$ denotes the process that results from interleaving of the n processes denoted by t1,…,tn after interleaving history h in control state s, according to the interleaving strategy represented by S, $${\left \langle \sigma _{n} \right \rangle }_{n \in \mathbb {N}_1}$$, and $${\left \langle \vartheta _{n} \right \rangle }_{n \in \mathbb {N}_1}$$.

The positional strategic interleaving operators are auxiliary operators used to axiomatize the strategic interleaving operators. The role of the positional strategic interleaving operators in the axiomatization is similar to the role of the left merge operator found in ACP.

The axioms of ACP + SI are the axioms of ACP and in addition the equations given in Table 3. In the additional equations, n and i stand for arbitrary numbers from $$\mathbb {N}_1$$ with in, h stands for an arbitrary interleaving history from $$\mathcal {H}$$, s stands for an arbitrary control state from S, a stands for an arbitrary action constant that is not of the form cr(d) or $$\overline {\mathsf {cr}}(d)$$, and d stands for an arbitrary datum d from D.

Axiom SI2 expresses that, in the event of inactiveness of the process whose turn it is, the whole becomes inactive immediately. A plausible alternative is that, in the event of inactiveness of the process whose turn it is, the whole becomes inactive only after all other processes have terminated or become inactive. In that case, the functions $$\vartheta _{n} {:}~ \mathcal {H} \times S \times \left \{ 1,\ldots ,n \right \} \times \mathsf {A} \to S$$ must be extended to functions 𝜗n : × S ×{1,…,n} × (A ∪{δ}) → S and axiom SI2 must be replaced by the axioms in Table 4.

In (ACP + SI)rec, i.e. ACP + SI extended with guarded recursion in the way described in Section 2, the processes that can be created are restricted to the ones denotable by a closed ACP + SI term. This restriction stems from the requirement that ϕ is a function from D to the set of all closed ACP + SI terms. The restriction can be removed by relaxing this requirement to the requirement that ϕ is a function from D to the set of all closed (ACP + SI)rec terms. We write (ACP + SI)$$_{\text {rec}}^{+}$$ for the theory resulting from this relaxation. In other words, (ACP + SI)$$_{\text {rec}}^{+}$$ differs from (ACP + SI)rec in that it is assumed that a fixed but arbitrary function ϕ : DP, where P is the set of all closed terms over the signature of (ACP + SI)rec, has been given.

It is customary to associate transition systems with closed terms of the language of an ACP-like theory of processes by means of structural operational semantics and to use this to construct a model in which closed terms are identified if their associated transition systems are bisimilar. The structural operational semantics of ACP can be found in [5, 13]. The additional transition rules for the strategic interleaving operators and the positional strategic interleaving operators are given in Appendix A.

### Basic Properties of ACP with Strategic Interleaving

In this section, the subject of concern is the connection between ACP and ACP + SI. The main results are an elimination result and a conservative extension result. We begin with establishing some results that will be used in the proof of those main results.

Each guarded ACP + SI term is derivably equal to a head normal form of ACP + SI.

### Proposition 3 (Head normal form)

For each guarded ACP + SIterm t, there exists a head normal formtof ACP + SIsuch thatt = tis derivable from the axioms of ACP + SI.

### Proof 3

The proof is straightforward by induction on the structure of t. The case where t is of the form δ and the case where t is of the form a (aA) are trivial. The case where t is of the form t1t2 follows immediately from the induction hypothesis and the claim that, for all head normal forms t1 and t2 of ACP + SI, there exists a head normal form t of ACP + SI such that t1t2 = t is derivable from the axioms of ACP + SI. This claim is easily proved by induction on the structure of t1. The case where t is of the form t1 + t2 follows immediately from the induction hypothesis. The cases where t is of one of the forms are proved along the same lines as the case where t is of the form t1t2. In the case that t is of the form t1t2, each of the cases to be considered in the inductive proof of the claim demands a proof by induction on the structure of t2. In the case that t is of the form the claim is of course proved by induction on the structure of ti instead of t1. The case that t is of the form t1t2 follows immediately from the case that t is of the form and the case that t is of the form t1 | t2. The case that t is of the form $$\parallel ^{n}_{h,s}{(t_1,\ldots ,t_n)}$$ follows immediately from the case that t is of the form . Because t is a guarded ACP+SI term, the case where t is a variable cannot occur. □

Each of the four theorems to come refer to several process algebras. It is implicit that the same set A of actions and the same communication function γ are assumed in the process algebras referred to.

Each guarded recursive specification over ACP + SI can be reduced to a guarded recursive specification over ACP.

### Theorem 1 (Reduction)

For each guarded recursive specification E over ACP + SI and eachX ∈V(E),there exists a guarded recursive specificationEover ACP such thatX|E〉 = 〈X|Eis derivable from the axioms of ( ACP + SI)$$_{\text {rec}}^{+}$$.

### Proof 4

Let E be a guarded recursive specification over ACP + SI. Assume that, for each equation X = tX from E, tX is a guarded ACP + SI term. It follows from Proposition 1 that this assumption does not lead to loss of generality.

Let X = tX be an equation from E. Now, by Proposition 3, there exist $$n,m \in \mathbb {N}$$ such that, for each $$i \in \mathbb {N}$$ with i < n and $$j \in \mathbb {N}$$ with j < m, there exist an aiA, an ACP + SI term ti, and a bjA such that $$t_{X} = {\sum }_{i<n} a_{i} \cdot t_{i} {+} {\sum }_{j<m} b_{j}$$ is derivable from the axioms of ACP+SI. For each $$i \in \mathbb {N}$$ with i < n, let $$t^{\prime }_{i}$$ be ti with, for each equation Y = tY from E, each unguarded occurrence of Y in ti replaced by the guarded ACP + SI term tY. For each $$i \in \mathbb {N}$$ with i < n, by its construction, the term $$t^{\prime }_{i}$$ is a guarded ACP + SI terms in which variables other than the ones from V(E) do not occur. Now, by Proposition 1, the equation $$X_{i} = t^{\prime }_{i}$$, where Xi is a fresh variable, can be added to E for each $$i \in \mathbb {N}$$ with i < n and the equation X = tX can be replaced by the equation $$X = {\sum }_{i<n} a_{i} \cdot X_{i} {+} {\sum }_{j<m} b_{j}$$ in E. The other equations from E can be replaced by a set of equations in the same way as the equation X = tX.

The set of equations so obtained can be manipulated following the same procedure as in the case of E, but the manipulation can be restricted to the added equations. Repeating this procedure, perhaps countably infinitely many times, we obtain a guarded recursive specification E over ACP for which 〈X|E〉 = 〈X|E〉 is derivable from the axioms of (ACP+SI)$$_{\text {rec}}^{+}$$. □

The next three theorems will be proved by means of term rewriting systems. In Appendix B, basic definitions and results regarding term rewriting systems are collected. This appendix also serves to fix the terminology on term rewriting systems used in the proofs of the next three theorems.

Each closed (ACP+SI)$$_{\text {rec}}^{+}$$ term is derivably equal to a closed ACPrec term.

### Theorem 2 (Elimination)

For each closed ( ACP + SI)$$_{\text {rec}}^{+}$$term t, there exists a closed ACPrectermtsuch thatt = tis derivable from the axioms of ( ACP + SI)$$_{\text {rec}}^{+}$$.

### Proof 5

We prove this by means of a term rewriting system that takes equational axioms of (ACP+SI)$$_{\text {rec}}^{+}$$ and equations derivable from the axioms of (ACP+SI)$$_{\text {rec}}^{+}$$ as rewrite rules. Thus, the proof boils down to showing that (a) the term rewriting system concerned has the property that each (ACP+SI)$$_{\text {rec}}^{+}$$ term has a unique normal form modulo axioms A1 and A2 and (b) each closed (ACP+SI)$$_{\text {rec}}^{+}$$ term that is a normal form modulo axioms A1 and A2 is a closed ACPrec term. Henceforth, we will write AC for the set of equations that consists of axioms A1 and A2.

Let R be a set of equations that contains for each guarded recursive specification E over ACP + SI and X ∈V(E) an equation 〈X|E〉 = 〈X|E〉, where E is a guarded recursive specification over ACP, that is derivable from the axioms of (ACP + SI)$$_{\text {rec}}^{+}$$. Such a set R exists by Theorem 1. Consider the term rewriting system $$\mathcal {R}((\text {ACP}+\text {SI})_{\text {rec}}^{+})$$ that consists of the axioms of (ACP + SI)$$_{\text {rec}}^{+}$$, with the exception of A1, A2, RDP, and RSP, and the equations from R taken as rewrite rules.

We show that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) has the property that each (ACP + SI)$$_{\text {rec}}^{+}$$ term has a unique normal form modulo AC by proving that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+})$$ is terminating modulo AC and confluent modulo AC.

First, we show that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+})$$ is terminating modulo AC. This can be proved by the reduction ordering > induced by the extended integer polynomials 𝜃(t) associated with (ACP + SI)$$_{\text {rec}}^{+}$$ terms t as follows:Footnote 6

where it is assumed that, for each variable X over processes, X is a variable over integers. The following is easy to see: (a) t > t for all rewrite rules t = t of $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) and (b) t > t implies s > s for all (ACP + SI)$$_{\text {rec}}^{+}$$ terms s and s for which t = s and t = s are derivable from AC.Footnote 7 Hence, $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) is terminating modulo AC.

Next, we show that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) is confluent modulo AC. It follows from Theorems 5 and 16 in  and the fact that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) is terminating modulo AC that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) is confluent modulo AC if it does not give rise to critical pairs modulo AC that are not convergent. It is easy to see that all critical pairs modulo AC arise from overlappings of (a) A3 on A4, CM4, CM8, CM9, D3, and SI8, (b) A6 on A4, CM4, CM8, CM9, D3, and SI8, (c) A7 on CM3, CM5, CM6, CM7, D4, and SI5, (d) CM10 on CM9, and (e) CM11 on CM8. It is straightforward to check that all critical pairs concerned are convergent. Hence, $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) is confluent modulo AC.

Above, we have shown that $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) is terminating modulo AC and confluent modulo AC and by this that it has the property that each (ACP + SI)$$_{\text {rec}}^{+}$$ term has a unique normal form modulo AC. It remains to be shown that each closed (ACP + SI)$$_{\text {rec}}^{+}$$ term that is a normal form modulo AC is a closed ACPrec term. It is not hard to see that, for each closed (ACP + SI)$$_{\text {rec}}^{+}$$ term in which other operators than + and ⋅ occur, a reduction step modulo AC is still possible in $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$). Because a reduction step modulo AC is impossible for a normal form modulo AC, no other operators than + or ⋅ can occur in a closed (ACP + SI)$$_{\text {rec}}^{+}$$ term that is a normal form modulo AC. Hence, each closed (ACP + SI)$$_{\text {rec}}^{+}$$ term that is a normal form modulo AC is a closed ACPrec term. □

Each equation between closed ACP terms that is derivable in ACP + SI is also derivable in ACP.

### Theorem 3 (Conservative extension)

For each two closed ACP terms t andt,t = tis derivable from the axioms of ACP + SI only ift = tis derivable from the axioms of ACP.

### Proof 6

We prove this by means of a restriction of the term rewriting system from the proof of Theorem 2. Consider the term rewriting system $$\mathcal {R}$$(ACP + SI) that consists of the axioms of ACP + SI, with the exception of A1 and A2. $$\mathcal {R}$$(ACP + SI) is $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) restricted to ACP + SI terms. Just like $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$), $$\mathcal {R}$$(ACP + SI) is terminating modulo AC and confluent modulo AC. The proofs of these properties for $$\mathcal {R}$$((ACP + SI)$$_{\text {rec}}^{+}$$) carry over to $$\mathcal {R}$$(ACP + SI).

Let t and t be two closed ACP terms such that t = t is derivable from the axioms of ACP + SI. Reduce t and t to normal forms s and s, respectively, by means of the term rewriting system $$\mathcal {R}$$(ACP + SI). By Theorem 5 in , being confluent modulo AC is equivalent to being Church-Rosser modulo AC for a term rewriting system that is terminating modulo AC. This means that t and t have the same normal form modulo AC. In other words, s = s is derivable from axioms A1 and A2. Because (a) no other operators than + and ⋅ occur in t and t and (b) no rewrite rule introduces one or more of the other operators if one or more of the other operators was not already in its left-hand side, each rewrite rule applied in the reduction from t to s or the reduction from t to s is one of the axioms of ACP. Therefore, each rewrite rule involved in the reduction from t to s or the reduction from t to s is an axiom of ACP. Hence, the reduction from t to s shows that t = s is derivable from the axioms of ACP and the reduction from t to s shows that t = s is derivable from the axioms of ACP. From this and the fact that s = s is derivable from axioms A1 and A2, it follows t = t is derivable from the axioms of ACP. □

The following theorem concerns the expansion of minimal models of ACP to models of ACP + SI.

### Theorem 4 (Unique expansion)

Each minimal model of ACP has a unique expansion to a model of ACP + SI.

### Proof 7

We write $$f^{\mathcal {A}}$$, where $$\mathcal {A}$$ is a model of ACP or ACP + SI and f is a constant or operator from the signature of $$\mathcal {A}$$, for the interpretation of f in $$\mathcal {A}$$. We write $$t^{\mathcal {A}}$$, where $$\mathcal {A}$$ is a model of ACP or ACP + SI and t is a closed term over the signature of $$\mathcal {A}$$, for the interpretation of t in $$\mathcal {A}$$.

Let $$\mathcal {A}$$ be a minimal model of ACP. Let CT be a function from the carrier of $$\mathcal {A}$$ to the set of all closed ACP terms such that, for each element p of the carrier of $$\mathcal {A}$$, $$\mathit {CT}(p)^{\mathcal {A}} = p$$. Because $$\mathcal {A}$$ is a minimal model of ACP, CT(p) is a total function. We write $$\underline {p}$$, where p is an element of the carrier of $$\mathcal {A}$$, for CT(p). Let NF be a function from the set of all closed ACP + SI terms to the set of all closed ACP terms such that, for each closed ACP + SI term t, NF(t) is one of the normal forms that t can be reduced to by means of the term rewriting system $$\mathcal {R}$$(ACP + SI) from the proof of Theorem 3.

We start with constructing an expansion of $$\mathcal {A}$$ with interpretations of the additional operators of ACP + SI. Let $$\mathcal {B}$$ be the expansion of $$\mathcal {A}$$ with interpretations of the additional operators of ACP + SI where these interpretations are defined as follows:

for all p1,…,pn from the carrier of $$\mathcal {A}$$.

We proceed with proving that $$\mathcal {B}$$ is a model of ACP + SI. By Theorem 3, it is sufficient to prove that $$\mathcal {B}$$ satisfies axioms SI1–SI8. By its construction, $$\mathcal {B}$$ is a minimal algebra and consequently it is sufficient to prove that $$\mathcal {B}$$ satisfies all closed substitution instances of SI1–SI8. We use the following three claims to prove this:

• for all closed substitution instances t = t of SI1–SI8, $$t^{\mathcal {B}} = {\mathit {NF}(t)}^{\mathcal {A}}$$;

• for all closed substitution instances t = t of SI1–SI8, $$t^{\prime \mathcal {B}} = {\mathit {NF}(t^{\prime })}^{\mathcal {A}}$$;

• for all closed substitution instances t = t of SI1–SI8, $$\mathit {NF}(t)^{\mathcal {A}} = \mathit {NF}(t^{\prime })^{\mathcal {A}}$$.

The first claim follows easily from the definitions of the interpretations of the additional operators of ACP + SI given above. The second claim follows easily from these definitions and the proof of the first claim. Because $$\mathcal {R}$$(ACP + SI) is Church-Rosser modulo AC (see the proof of Theorem 3), we have that NF(t) = NF(t) is derivable from axioms A1 and A2. From this, the third claim follows immediately. It is an immediate consequence of the three claims that $$\mathcal {B}$$ satisfies all closed substitution instances of SI1–SI8.

We still have to prove that $$\mathcal {B}$$ is the only expansion of $$\mathcal {A}$$ to a model of ACP + SI. We can prove this by contradiction. Assume that $$\mathcal {C}$$ is an expansion of $$\mathcal {A}$$ to a model of ACP + SI that differs from $$\mathcal {B}$$. Then at least one of the additional operators of ACP + SI has different interpretations in $$\mathcal {B}$$ and $$\mathcal {C}$$. By the definitions of the interpretations of the additional operators of ACP + SI in $$\mathcal {B}$$, this means that there exists a closed ACP + SI term t such that $$t^{\mathcal {C}} \neq \mathit {NF}(t)^{\mathcal {A}}$$. Moreover, because because t = NF(t) is derivable from the axioms of ACP + SI, $$t^{\mathcal {C}} = \mathit {NF}(t)^{\mathcal {C}}$$. Hence, $$\mathit {NF}(t)^{\mathcal {C}} \neq \mathit {NF}(t)^{\mathcal {A}}$$. Because NF(t) is a closed ACP term, this contradicts the fact that $$\mathcal {C}$$ is an expansion of $$\mathcal {A}$$. □

## Concluding Remarks

We have extended the algebraic theory of processes known as ACP with the form of interleaving that underlies multi-threading as found in contemporary programming languages. We have also established some basic properties of the resulting theory. It remains an open question whether strategic interleaving is definable in an established extension of ACP.

1. We write $$\mathbb {N}_1$$ for the set $$\left \{ n \in \mathbb {N} \mid n \geq 1 \right \}$$ of positive natural numbers.

2. A concrete extension of ACP is an extension of ACP that does not offer the possibility of abstraction from certain actions. All extensions of ACP introduced in this paper are concrete extensions.

3. Further details on cases (1) and (2) can be found in the proof of Theorem 4.3.2 from .

4. We write 〈〉 for the empty sequence, d for the sequence having d as sole element, and for the concatenation of sequences α and α. We assume that the usual identities, such as 〈 〉↷ α = α and , hold.

5. In , various examples of interleaving strategies are given in the setting of the relatively unknown thread algebra. The representation of the more serious of these examples in the current setting demands nontrivial use of the control state.

6. Here, extended polynomials differ from polynomials in that both variables and expressions of the form 2X, where X is a variable, are allowed where only variables are allowed in polynomials.

7. We do not have that t > t for all rewrite rules t = s if SI2 is replaced by SI2a and SI2b (see Table 4).

8. See e.g. Definition 10 in  for the definitions of most general unifier and complete set of unifiers modulo E.

## References

1. America, P., de Bakker, J.W.: Designing equivalent semantic models for process creation. Theor. Comput. Sci. 60(2), 109–176 (1988)

2. Baeten, J.C.M., Bergstra, J.A.: Real space process algebra. Form. Asp. Comput. 5(6), 481–529 (1993)

3. Baeten, J.C.M., Middelburg, C.A.: Process Algebra with Timing. Monographs in Theoretical Computer Science, an EATCS Series. Springer, Berlin (2002)

4. Baeten, J.C.M., Vaandrager, F.W.: An algebra of process creation. Acta Informatica 29(4), 303–334 (1992)

5. Baeten, J.C.M., Weijland, W.P.: Process Algebra Cambridge Tracts in Theoretical Computer Science, vol. 18. Cambridge University Press, Cambridge (1990)

6. Bergstra, J.A.: A process creation mechanism in process algebra. In: Baeten, J.C.M. (ed.) Applications of Process Algebra, Cambridge Tracts in Theoretical Computer Science, vol. 17, pp 81–88. Cambridge University Press, Cambridge (1990)

7. Bergstra, J.A., Klop, J.W.: Process algebra for synchronous communication. Inf. Control. 60(1–3), 109–137 (1984)

8. Bergstra, J.A., Middelburg, C.A.: Thread algebra for strategic interleaving. Form. Asp. Comput. 19(4), 445–474 (2007)

9. Bergstra, J.A., Middelburg, C.A.: A thread algebra with multi-level strategic interleaving. Theory Comput. Syst. 41(1), 3–32 (2007)

10. Bergstra, J.A., Middelburg, C.A.: Distributed strategic interleaving with load balancing. Futur. Gener. Comput. Syst. 24(6), 530–548 (2008)

11. Bergstra, J.A., Middelburg, C.A., Usenko, Y.S.: Discrete time process algebra and the semantics of SDL. In: Bergstra, J.A., Ponse, A., Smolka, S.A. (eds.) Handbook of Process Algebra, pp 1209–1268. Elsevier, Amsterdam (2001)

12. Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. J. ACM 31(3), 560–599 (1984)

13. Fokkink, W.J.: Introduction to Process Algebra. Texts in Theoretical Computer Science, an EATCS Series. Springer, Berlin (2000)

14. Gehrke, T., Rensink, A.: Process creation and full sequential composition in a name-passing calculus. Electron. Notes Theor. Comput. Sci. 7, 141–160 (1997)

15. van Glabbeek, R.J., Vaandrager, F.W.: Modular specification of process algebras. Theor. Comput. Sci. 113(2), 293–348 (1993)

16. Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification, 2nd edn. Addison-Wesley, Reading (2000)

17. Hejlsberg, A., Wiltamuth, S., Golde, P.: C# Language Specification. Addison-Wesley, Reading (2003)

18. Hennessy, M., Milner, R.: Algebraic laws for non-determinism and concurrency. J. ACM 32(1), 137–161 (1985)

19. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)

20. Jouannaud, J.P., Kirchner, H.: Completion of a set of rules modulo a set of equations. SIAM J. Comput. 15(4), 1155–1194 (1986)

21. Milner, R.: Communication and Concurrency. Prentice-Hall, Englewood Cliffs (1989)

22. Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Computer Security Foundations Workshop 2000, pp 200–214. IEEE Computer Society Press (2000)

## Acknowledgements

We thank an anonymous referee for carefully reading a preliminary version of this paper, for pointing out an error in one of the proofs, and for suggesting improvements of the presentation.

## Author information

Authors

### Corresponding author

Correspondence to C. A. Middelburg.

### Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

## Appendices

### Appendix A: Structural Operational Semantics of ACP + SI

It is customary to associate transition systems with closed terms of the language of an ACP-like theory about processes by means of structural operational semantics and to use this to construct a model in which closed terms are identified if their associated transition systems are bisimilar. The structural operational semantics of ACP can be found in [5, 13]. The additional transition rules for the strategic interleaving operators and the positional strategic interleaving operators are given in Table 5. In this table,

• $$t \overset {a}{\rightarrow } \surd$$ indicates that t is capable of performing action a and then terminating successfully;

• $$t \overset {a}{\rightarrow } t^{\prime }$$ indicates that t is capable of performing action a and then behaving as t.

The transition rules for the strategic interleaving operator are similar to the transition rules for the positional strategic interleaving operators. However, each transition rule for the strategic interleaving operator has the side-condition i = σn(h,s).

### Appendix B: Term Rewriting Systems

In this appendix, basic definitions and results regarding term rewriting systems are collected. This appendix also serves to fix the terminology on term rewriting systems used in the proofs that make use of term rewriting systems.

We assume that a set of constants, a set of operators with fixed arities, and a set of variables have been given; and we consider an arbitrary term rewriting system $$\mathcal {R}$$ for terms that can be built from the constants, operators, and variables in these sets.

A rewrite rule is a pair of terms ts, where t is not a variable and each variable occurring in s occurs in t as well. A term rewriting system is a set of rewrite rules.

A reduction step of $$\mathcal {R}$$ is a pair ts such that for some substitution instance ts of a rewrite rule of $$\mathcal {R}$$, t is a subterm of t, and s is t with t replaced by s. Here, t is called the redex of the reduction step. A reduction of $$\mathcal {R}$$ is a pair $$t \twoheadrightarrow s$$ such that either ts or there exists a finite sequence t1t2, …, tntn+ 1 of consecutive reduction steps of $$\mathcal {R}$$ such that tt1 and stn+ 1.

A term tis a normal form of$$\mathcal {R}$$ if there does not exist a term s such that ts is a reduction step of $$\mathcal {R}$$. A term thas a normal form in$$\mathcal {R}$$ if there exists a reduction $$t \twoheadrightarrow s$$ of $$\mathcal {R}$$ and s is a normal form of $$\mathcal {R}$$. $$\mathcal {R}$$is terminating on term t if there does not exist an infinite sequence tt1, t1t2, t2t3,… of consecutive reduction steps of $$\mathcal {R}$$. $$\mathcal {R}$$is terminating if $$\mathcal {R}$$ is terminating on all terms. $$\mathcal {R}$$is confluent if for all reductions $$t \twoheadrightarrow s_{1}$$ and $$t \twoheadrightarrow s_{2}$$ of $$\mathcal {R}$$ there exist reductions $$s_{1} \twoheadrightarrow s$$ and $$s_{2} \twoheadrightarrow s$$ of $$\mathcal {R}$$. If $$\mathcal {R}$$ is terminating and confluent, then each term has a unique normal form in $$\mathcal {R}$$.

A reduction ordering for $$\mathcal {R}$$ is a well-founded ordering on terms that is closed under substitutions and contexts. $$\mathcal {R}$$ is terminating if and only if there exists a reduction ordering > for $$\mathcal {R}$$ such that t > s for each rewrite rule ts of $$\mathcal {R}$$.

A unifier of two terms s and t is a substitution σ such that σ(s) ≡ σ(t). A critical pair of $$\mathcal {R}$$ is a pair (t1,t2) of terms for which there exist rewrite rules ss and tt of $$\mathcal {R}$$ and a ‘most general unifier’ σ of s and a non-variable subterm of t such that t1σ(t) and t2σ(t), where t is t with σ(s) replaced by σ(s).Footnote 8 A critical pair (t1,t2) of $$\mathcal {R}$$is convergent if there exist reductions $$t_{1} \twoheadrightarrow s$$ and $$t_{2} \twoheadrightarrow s$$ of $$\mathcal {R}$$. If $$\mathcal {R}$$ is terminating, then $$\mathcal {R}$$ is confluent if and only if all critical pairs of $$\mathcal {R}$$ are convergent.

Henceforth, we consider an arbitrary set E of equations between terms.

A reduction step moduloE of $$\mathcal {R}$$ is a pair tEs such that there exists a reduction step ts of $$\mathcal {R}$$ such that t = t and s = s are derivable from E. A reduction moduloE of $$\mathcal {R}$$ is pair $$t \twoheadrightarrow _{E} s$$ such that either t = s is derivable from E or there exists a finite sequence t1Et2,…,tnEtn+ 1 of consecutive reduction steps modulo E of $$\mathcal {R}$$ such that tt1 and stn+ 1.

A term tis a normal form moduloEof$$\mathcal {R}$$ if there does not exist a term s such that tEs is a reduction step modulo E of $$\mathcal {R}$$. A term thas a normal form moduloE in $$\mathcal {R}$$ if there exists a reduction modulo E$$t \twoheadrightarrow _{E} s$$ of $$\mathcal {R}$$ and s is a normal form modulo E of $$\mathcal {R}$$. $$\mathcal {R}$$is terminating modulo E on term t if there does not exist an infinite sequence tEt1, t1Et2, t2Et3, … of consecutive reduction steps modulo E of $$\mathcal {R}$$. $$\mathcal {R}$$is terminating moduloE if $$\mathcal {R}$$ is terminating modulo E on all terms. $$\mathcal {R}$$is confluent moduloE if for all reductions modulo E$$t \twoheadrightarrow _{E} s_{1}$$ and $$t \twoheadrightarrow _{E} s_{2}$$ of $$\mathcal {R}$$ there exist reductions modulo E$$s_{1} \twoheadrightarrow _{E} s$$ and $$s_{2} \twoheadrightarrow _{E} s$$ of $$\mathcal {R}$$. If $$\mathcal {R}$$ is terminating modulo E and confluent modulo E, then each term has a unique normal form modulo E in $$\mathcal {R}$$.

A reduction ordering > for $$\mathcal {R}$$isE-compatible if t > s implies t > s for all terms t and s for which t = t and s = s are derivable from E. $$\mathcal {R}$$ is terminating modulo E if and only if there exists an E-compatible reduction ordering > for $$\mathcal {R}$$ such that t > s for each rewrite rule ts of $$\mathcal {R}$$.

A unifier moduloE of two terms s and t is a substitution σ such that σ(s) = σ(t) is derivable from E. A critical pair moduloE of $$\mathcal {R}$$ is a pair (t1,t2) of terms for which there exist rewrite rules ss and tt of $$\mathcal {R}$$ and a substitution σ from a ‘complete set of unifiers modulo E of s and a non-variable subterm of t such that t1σ(t) and t2σ(t), where t is t with σ(s) replaced by σ(s).8 If $$\mathcal {R}$$ is terminating modulo E, then $$\mathcal {R}$$ is confluent modulo E if and only if all critical pairs modulo E of $$\mathcal {R}$$ are convergent.

An E-equality step is a pair such that, for some substitution instance t = s of an equation from E, either t is a subterm of t and s is t with t replaced by s or s is a subterm of t and s is t with s replaced by t. An $$\mathcal {R}$$E-equality step is a pair such that ts is a reduction step of $$\mathcal {R}$$ or st is a reduction step of $$\mathcal {R}$$ or is an E-equality step. An $$\mathcal {R}$$E-equality is a pair such that either ts or there exists a finite sequence of consecutive $$\mathcal {R}$$E-equality steps such that tt1 and stn+ 1. $$\mathcal {R}$$ is Church-Rosser moduloE if for all $$\mathcal {R}$$E-equalities there exist reductions modulo EtEs and tEs of $$\mathcal {R}$$. If $$\mathcal {R}$$ is terminating modulo E, then $$\mathcal {R}$$ is Church-Rosser modulo E if and only if $$\mathcal {R}$$ is confluent modulo E.