Rate-Based Stochastic Fusion Calculus and Continuous Time Markov

Rate-Based Stochastic Fusion Calculus and Continuous Time Markov Chains? Gabriel Ciobanu1 and Angelo Troina2 1

Romanian Academy, Institute of Computer Science and “A.I.Cuza” University 2 Dipartimento di Informatica, Universit` a di Torino

Abstract. A stochastic extension of the fusion calculus is presented in terms of rate-based transition systems. The stochastic nature is provided by transitions with rate functions resulting from the exponential distributions modelling the actions durations. We extend the notion of hyperbisimulation to stochastic fusion calculus and we prove that the stochastic hyperequivalence is a congruence. The rate-based transition system deriving from a stochastic fusion process generates a continuous time Markov chain preserving hyperequivalence. An example inspired by biological interactions illustrates the expressiveness of our rate-based stochastic fusion calculus. A quantitative simulation is carried out with the PRISM model checker on the continuous time Markov chain derived from the stochastic fusion processes modelling one-to-many plant-fungal interactions.

1

Introduction

Process calculi are used as a formal framework for the study of concurrent computation. Several versions of π-calculus [19] and other process algebras use oneto-one interactions, and it is difficult to describe complex systems where oneto-many and many-to-many interactions are emerging. This paper presents a stochastic fusion calculus suitable to describe systems involving general patterns of interactions. We start from fusion calculus [20] which is a symmetric generalisation of the π-calculus, and present a rate-based stochastic fusion calculus, providing a concise and compositional way to describe the behaviour of complex systems by using probability distributions. The paper is structured as follows. First we summarise the fusion calculus by using labelled transition systems extended with fusions in defining the operational semantics rules. Then we present the semantics of stochastic fusion calculus by using rate-based transition systems [14] in the elegant and general variant proposed by De Nicola et al. [10]. The stochastic nature of the new transition systems is given by the fact that transition labels represent actions, and the transition result is a function associating a positive real value to each possible target process, expressing the stochastic rate of an exponential distribution ?

This research has been partially funded by the BioBITs Project (Converging Technologies 2007, area: Biotechnology-ICT), Regione Piemonte.

1

modelling the duration of the transition. For two processes running in parallel, we define the distribution of their synchronisation using their apparent rates. Associativity of parallel composition is a particularly desirable property either in the context of network and distributed systems, either in the context of biological systems, where parallel composition is often used to model molecular populations. Following the approach proposed in [10], associativity of the parallel composition operator is guaranteed in the rate-based stochastic semantics of the fusion calculus (differently to what happens in the stochastic π-calculus [21] and in a previous formalisation of a stochastic fusion calculus [4]). We extend the notion of hyperbisimulation to stochastic fusion calculus, and prove that the stochastic hyperequivalence is a congruence. The rate-based transition system resulting from a stochastic fusion process leads the expression of a continuous time Markov chain which preserves the notion of hyperequivalence. The modelling power of the stochastic fusion calculus is suggested by an example where we formalise some of the one-to-many interactions occurring between a plant root and a particular kind of fungi in the arbuscular mycorrhizal symbiosis. A quantitative simulation is performed using the PRISM model checker on the continuous time Markov chain extracted from the rate-based transition system describing such interactions by means of stochastic fusion processes.

2

Fusion Calculus

The fusion calculus was introduced by Parrow and Victor as a symmetric generalisation of the π-calculus [20]. The π-calculus has two binding operators (prefix and restriction), the effects of communication are local, and input and output actions are asymmetric. Unlike the π-calculus, the fusion calculus has only one binding operator, and the effects of communication are both local and global. Fusion calculus makes input and output operations fully symmetric: a more appropriate terminology for them might be action and co-action. A fusion is a name equivalence which allows to use interchangeably all the names of an equivalence class in a term of the calculus. Computationally, a fusion is generated as the result of a synchronisation between two complementary actions, and it is propagated to processes running in parallel within the same scope of the fusion. In practice, the effect of a fusion could be seen as the update of a (global) shared state. Fusions are suitable to express general patterns of interactions, including one-to-many and many-to-many interactions. We briefly recall the syntax and semantics of the fusion calculus (see [20] for details). Let N be a countable set of names representing communication channels, having a, b, . . . , x, y, . . . as metavariables. We keep the notation x e for a (possibly empty) finite sequence x1 , . . . , xn of names. By x e \ ye we denote the set of xi with xi 6= yi . We use ϕ and ψ to denote an equivalence relation, called fusion, over N , which is represented in the syntax by a finite set of equalities. We write xϕy if x and y are related by ϕ, and {e x = ye} to denote the smallest such 2

equivalence relation relating each xi with yi . The identity relation is denoted by 1. We assume a set P of processes ranged over by P, Q, . . .. Definition 1 (Fusion Calculus Syntax). Free actions ranged over by α, and processes ranged over by P are defined by: x | ϕ α::= ue x | ue def

P ::= 0 | α.P | P + Q | P | Q | (x)P | if xϕy then P else Q | A(e x) = P

An input action ue x means that we “consider the input objects along the channel u, and replace x e with these objects”; note that input does not entail binding. The output action ue x means “output the objects x e along the channel u”; x e are the objects of the action, and the channel u is the subject of the action. Fusion actions ϕ have neither subject nor objects and their effects (if not scoped) update the global fusion relation. The processes syntactic constructs have the usual interpretation. The empty process 0 cannot perform any action. An input prefix ue x.P means that a sequence of names x e is received along a channel u. After the input, the process continues as P with the newly received names replacing x e. Regarding the output prefix ue x.P , the intuition is that x e is sent along the name u, and afterwards the process continues as P . After a fusion prefix ϕ.P , the distinct names related by a fusion are treated as being the same. A sum P + Q represents a process which can act either as P or as Q. A parallel composition P | Q represents the combined behaviour of P and Q executed in parallel. P and Q act independently, and may also communicate if one performs an output and the other an input along the same channel name. The fusion resulting from such a communication is global and affects P , Q and any other process, running in parallel with them, using the names involved in the fusion. A scope (x)P defines the scope of x as P . This means that he name x, is bound in (x)P ; no communication action of (x)P can have x as its subject, and fusion effects with respect to x are limited to P . Restriction and input binding of the π-calculus can be seen as special cases of the fusion scope. The “if-then-else” syntax if xϕy then P else Q means that if x and y are related by a fusion (i.e., are from the same equivalence class) then P is executed, otherwise Q is executed. def

In A(e x) = P , every process reference is guarded in P (i.e. under the scope of an action prefixing). Transition actions, ranged over by δ, consist of fusion actions and communication actions of the form (z1 ) . . . (zn )ae x, where a is either an output action u or an input action u. For each process P we denote by fn(P ) the free names of P , by bn(P ) the bound names of P, and by n(P ) all the names occurring in P . A similar notation is used for fn(δ), bn(δ), n(δ) for the names in δ. We say that a substitution σ agrees with a fusion ϕ if for all names x and y, xϕy if and only if σ(x) = σ(y). σ is a substitutive effect of a fusion ϕ if σ sends all members of each equivalence class of ϕ to one representative of the class. The only substitutive effect of a communication action is the identity substitution. If [x] is the equivalence class of x, then by ϕ \ z we denote ϕ without the equivalence class [z], but keeping the identity {z}. Namely, ϕ \ z = ϕ ∩ (N − {z})2 ∪ {(z, z)}. 3

The operational semantics is given by a labelled transition system defined by the inference rules in Table 1.

P REF :

δ

−

P ASS :

α

α.P → P

δ

(z)P → (z)P 0 δ P → P0

δ

SU M :

P → P 0, z ∈ / fn(δ)

P → P0

P AR : δ δ P + Q → P0 P | Q → P0 | Q ue y ue x e |=| ye | P → P 0 , Q → Q0 , | x COM : {e x=e y} 0 P | Q −−−−→ P | Q0 (e y )ae x

OP EN :

P −−−→ P 0 , z ∈ x e \ ye, a ∈ / {z, z}

IT E1 : IT E2 :

(z y e)ae x

(z)P −−−−→ P 0 δ P → P 0 , (x, y) ∈ ϕ δ

if xϕy then P else Q → P 0 δ /ϕ Q → Q0 , (x, y) ∈ δ

if xϕy then P else Q → Q0 ϕ P → P 0 , zϕx, z 6= x SCOP E : ϕ\z (z)P −−→ P 0 {x/z} δ P {e y /e x} → P 0 def , A(e x) = P SU BST : δ 0 A(e y) → P Table 1. Operational Semantics of Fusion Calculus.

The only rule dealing explicitly with bounded actions is OP EN . Pulling up (x)ayx the relevant scope to top level, we can infer P | (x)ayx.Q −−−−→ P | Q by using P REF and OP EN (an alpha-conversion is necessary whenever x ∈ / fn(P )). SCOP E entails a substitution of the scoped name z for a nondeterministically chosen name x related to it by ϕ (it does not matter which x replaces z). Definition 2. [Structural Congruence] The structural congruence ≡ between processes is the least congruence satisfying the following axioms (sum) P + 0 ≡ P , P + Q ≡ Q + P , P + (Q + R) ≡ (P + Q) + R; (fusion) ϕ.P ≡ ϕ.P σ for every substitution σ agreeing with ϕ; (par) P | 0 ≡ P , P | Q ≡ Q | P , P | (Q | R) ≡ (P | Q) | R; (scope) (x)0 ≡ 0 , (x)(y)P ≡ (y)(x)P , (x)(P + Q) = (x)P + (x)Q , P | (z)Q ≡ (z)(P | Q), where z ∈ / fn(P ).

Definition 3 (Hyperbisimulation). A fusion bisimulation is a binary symmetric relation S over processes such that (P, Q) ∈ S implies: δ

δ

if P → P 0 with bn(δ) ∩ fn(Q)= ∅, then Q → Q0 and (P 0 σ, Q0 σ) ∈ S, for some substitutive effect σ of δ. A hyperbisimulation is a substitution-closed fusion bisimulation. Process P and Q are said hyperequivalent if they are related by a hyperbisimulation. 4

Theorem 1. [20] Hyperequivalence is the largest congruence in bisimilarity. A particular kind of binding has been suggested, though not developed, for the π-calculus modelling a delayed input: in ue x; P the process P can continue its execution and receive the input on channel u at any time. While, in the πcalculus, this is different from ue x.0 | P , since, in the latter, the binding of x e does not extend into process P , in the fusion calculus the delayed input can be naturally expressed as (x)(ue x.0 | P ). The delayed input construct becomes particularly expressive in the context of systems biology. A cell has a complex and intrinsical activity, but, on its membrane, several receptors wait for communication from the external environment. These receptors, continuously waiting for signals from the outside, may affect, without blocking it, the inner behaviour of the cell. Such a functionality could be naturally expressed with delayed input channels. As an example, a cell abstraction, whose internal activity is described by process P and with two receptors R1 = ux.R1 and R2 = vy.R2 on its membrane, could be described by the fusion process Cell ::= (xy)(R1 | R2 | P ). Signals coming from the external environment, after communication with the receptor channels u and v, affect the execution of process P because of the fusion occurring with the communication.

3

Rate-Based Stochastic Fusion Calculus

Many phenomena which take place in practice are described by non-exponential distributions, and stochastic fusion calculus could be defined by using general distributions. For the sake of simplicity, we use here the exponential distribution, inheriting some properties derived from the memoryless feature of this distribution: the time at which a state change occurs is independent of the time at which the last state change occurred. In this way we do not have to keep track of the past state transitions (e.g. in an implementation). Using a metavariable X standing for an exponentially distributed random variable, the exponential distribution P (X ≤ t) = 1 − e−rt is characterised by a single positive real value parameter r, usually referred to as the rate of the distribution. The memoryless property of exponential distributions states that at each step in which an activity has started but not terminated yet, the remaining duration of the activity is still distributed as the entire duration of the activity: P (X > u + t|X > t) = P (X > u), for all u, t ≥ 0. We simplify the notation for the fusion relation: we write x eϕe y if elements in x e and ye are related by ϕ, we use {e x, ye} to denote the smallest such equivalence relation relating each xi with yi . For example, a fusion ϕ written {x = y, x = z, u = v} refers in our Rate-Based Stochastic Fusion Calculus (SFC) to the equivalence classes {x, y, z} and {u, v}, and we write ϕ = {{x, y, z}, {u, v}}. Definition 4 (Stochastic Fusion Calculus Syntax). Free actions ranged over by µ, and processes ranged over by P are defined by: x, r) | (ϕ, r) µ ::= (ue x, r) | (ue def

P ::= 0 | µ.P | P + Q | P | Q | (x)P | if xϕy then P else Q | A(e x) = P

5

Let SFC be the set of process expressions of the stochastic fusion calculus defined above. We use a generic notation µ = (α, r) for actions, where α can be x, or a fusion ϕ, and r is the rate of the expoeither an input ue x, an output ue nential distribution modelling the action duration. As before, transition actions δ include bounded actions. The structural congruence introduced in Definition 2 is extended to SFC processes in the natural way. Following the variant of rate transition systems [14] introduced in [10], we δ

define the semantics of SFC via a transition relation P − → ρ associating to a given process P and a transition action label δ a next state function (NSF) δ

ρ : SFC → IR≥0 . Given process P and action label δ, ρ is unique, i.e. if P − → ρ1 δ δ and P − → ρ2 then ρ1 = ρ2 . Intuitively, given the transition P − → ρ with ρ(Q) = r, a process structurally congruent to Q is reachable from P performing a transition δ labelled by δ with rate r. As a consequence, given P − → ρ, the apparent rate of δ in P (the total P capacity of P of performing actions labelled with δ) is defined as ⊕ρ = [Q]∈SF C/≡ ρ(Q). We denote with ∅ the constant NSF 0 and, ˜ = Q1 , . . . , Qn , we given the sequences of rates r˜ = r1 , . . . , rn and processes Q ˜ [Q] denote with ρ[˜r] the NSF associating rate ri to process Qi , for all i ∈ [1, . . . , n], and 0 to all other processes. With ρ1 + ρ2 we denote the NSF ρ such that ρ(Q) = ρ1 (Q) + ρ2 (Q). Given a NSF ρ, ρ|Q denotes the NSF adding Q in parallel with the processes reached by ρ; namely, ρ|Q (R) = ρ(P ) if R ≡ P | Q, 0 otherwise. Similarly, given a NSF ρ a variable x and a name z, ρ(z) (R) = ρ(P ) if R ≡ (z)P , 0 otherwise, and ρ{x/z} (R) = ρ(P ) if R = P {x/z} and 0 otherwise. Finally, ρ1 | ρ2 , also called the synchronisation distribution, denotes the NSF resulting from communication between two processes, in parallel, with NSFs ρ1 and ρ2 , respectively. The formula for calculating ρ1 | ρ2 depends on the intrinsical meaning of the synchronisation. Various choice could be taken for different contexts. In applications related to performance evaluation, the synchronisation could follow the PEPA [13] minimal rate law : ρ1 | ρ2 (P | Q) = min{⊕ρ1 , ⊕ρ2 } ·

ρ1 (P ) · ρ2 (Q) . ⊕ρ1 · ⊕ρ2

For applications in systems biology, a more appropriate choice, recovering the law of mass action, is: ρ1 | ρ2 (P | Q) = ρ1 (P ) · ρ2 (Q). In [14] sufficient requirements are given for ρ1 | ρ2 to be associative (e.g., ρ1 | ρ2 (P | Q) = c · ρ1 (P ) · ρ2 (Q) for any real constant c > 0). The operational semantics of SFC is given by the inference rules in Table 2. Note that rule P REF∅ allows to sum the rates of two processes in a uniform way, in particular when one of the two processes cannot perform certain actions (see rule SU M ). The P ASS rule is similar to a local variable declaration: the restriction of z on top of P declares a new name for use in P which cannot be used as a communication subject. However, such a restricted z might not remain local to P ; it can be exported outside by using the OP EN rule which removes the restriction. A COM rule expresses the synchronous communication between 6

α

[P ]

P REF : (α, r).P − → ρ[r]

P REF∅ : δ

SU M :

β 6= α α

(β, r).P − →∅

δ

P − → ρ1

Q− → ρ2 δ

P +Q− → ρ1 + ρ2 δ

P AR :

P − → ρ1

δ

Q− → ρ2

bn(δ) ∩ fn(Q) = ∅

δ

P |Q− → ρ1|Q + ρ2|P ϕu

COM :

ϕu

ue y

ue x

ue y

ue x

− → ρ3 P − − → ρ2 Q − − → ρ4 P −−→ ρl Q −−→ ρr P − − → ρ1 Q − ϕu

P | Q −−→ ρl|Q + ρr|P + (ρ1 | ρ2 ) + (ρ3 | ρ4 ) ϕu is the fusion class resulting from communication on channel u. For the actual synchronisation of P and Q we have ϕu = [e x] ∪ [e y] ϕ

δ

P ASS :

P − → ρ, z ∈ / fn (δ)

SCOP E :

δ

P − → ρ, zϕx, z 6= x

(z)P − → ρ(z) (e y )ue x

OP EN :

ϕ\z

(z)P −−→ ρ{x/z}

P −−−→ ρ

z∈x e \ ye, u ∈ / {z, z} (z y e)ue x

(z)P −−−−→ ρ δ

→ ρ, (x, y) ∈ ϕ P −

IT E1 :

δ

→ρ if xϕy then P else Q − δ

→ ρ, (x, y) ∈ /ϕ Q−

IT E2 :

δ

if xϕy then P else Q − →ρ δ

SU BST :

P {e y /e x} − →ρ δ

, A(e x) = P

A(e y) − →ρ Table 2. Operational Semantics of SFC.

7

two processes; if we have a step from P by an input action according to a NSF ρ1 , and a step from Q by a corresponding output action with NSF ρ2 , then we have a step from the parallel process P | Q with the parallel NSF ρ1 | ρ2 by a fusion action ϕ containing the class [e x] ∪ [e y ]. This means that not only x e and ye fuse, but all the names in the equivalence class of x e fuse with those of the equivalence class of ye. In the COM rule we take into account also the possible communications, on the same channel, that may have taken place within the subprocesses (see [10, 9]). Note that, in the given semantics, statements in the IT E are evaluated without implying passage of time. Another possibility could be to add rates (thus durations) to statements evaluations in such a way to reflect the time needed in reality to actually evaluate a statement (this could become important e.g.,in applications related to quantitative security analysis). Example 1. We could infer the transition: [y]∪[w]

[Q]

[R]

(z)(P | (uxy, r1 ).Q | (uzw, r2 ).R) −−−−→ ((ρ[r1 ] | ρ[r2 ] )|P ){x/z}

by using the following rules: i) Four applications of the P REF rule: uxy

uzw

[Q]

(uxy, r1 ).Q −−→ ρ[r1 ]

[R]

(uzw, r2 ).R − −− → ρ[r2 ]

uxy

uzw

−− →∅ (uzw, r2 ).R −

(uxy, r1 ).Q −−→ ∅

ii) An application of the COM rule: ϕu

[Q]

[R]

(uxy, r1 ).Q | (uzw, r2 ).R −−→ ρ[r1 ] | ρ[r2 ]

where ϕu = [x] ∪ [z] ∧ [y] ∪ [w]. iii) An application of the P AR rule: ϕu

[Q]

[R]

P | (uxy, r1 ).Q | (uzw, r2 ).R −−→ (ρ[r1 ] | ρ[r2 ] )|P

iv) An application of the SCOP E rule: [y]∪[w]

[Q]

[R]

(z)(P | (uxy, r1 ).Q | (uzw, r2 ).R) −−−−→ ((ρ[r1 ] | ρ[r2 ] )|P ){x/z}

where [y] ∪ [w] = ϕu \ z = {[x] ∪ [z], [y] ∪ [w]} \ z. 3.1

Stochastic Hyperbisimulation

Several papers of the last two decades define Markovian bisimulations, we mention the seminal paper by Larsen and Skou [18]. The definition of stochastic hyperbisimulation is also related to the notion of lumpability for Markov chains [15] (also see the next section). Two processes P and Q are lumping equivalent, and we denote this by P ∼ Q, if the total rate of moving to an equivalence class S under ∼ is identical for both processes. Lumping equivalence also preserves stochastic rewards while reducing the size of the underlying stochastic transition system. δ We define γδ : SFC × SFC − → R as γδ (R, R0 ) = ρ(R0 ), given R − → ρ,. We call cumulative rate function, the cumulative rate of transitions labelled by δ from a process R to a subset S of processes. 8

Definition 5 (Cumulative Rate Function). γδ : SFC ×P(SFC) → − PR is the cumulative rate function given by: ∀R ∈ SFC, ∀S ⊆ SFC, γδ (R, S) = {ρ(R0 ) | P δ R− → ρ, [R0 σ] ∈ S/≡ } = [R0 ]σ∈S/ γδ (R, R0 ) for some substitutive effect σ of δ. ≡

We can now define stochastic bisimulations. Definition 6 (Stochastic Bisimulation). A stochastic bisimulation is an equivalence relation R over the set SFC of processes satisfying the following property: for each pair (P, Q) ∈ R, for all actions δ, and for all equivalence classes S ∈ SFC /R , we have γδ (P, S)=γδ (Q, S). .

Two processes P and Q are stochastic bisimilar, written P ∼SH Q, if they are related by a stochastic bisimulation. Stochastic bisimilarity is not a congruence, and the following example is illustrative: .

(y, ry ) | (z, rz ) ∼SH (y, ry ).(z, rz ) + (z, rz ).(y, ry ) .

[y] ∪ [z].((y, ry ) | (z, rz )) SH [y] ∪ [z].((y, ry ).(z, rz ) + (z, rz ).(y, ry ))

(1) (2)

We therefore look for the largest congruence included in the stochastic bisimilarity. This is achieved by closing the definition of stochastic bisimulation under arbitrary substitutions. Definition 7 (Stochastic Hyperbisimulation). A stochastic hyperbisimulation is an equivalence relation R over SFC satisfying the following properties: i) R is closed under any substitution σ, i.e., P RQ implies P σRQσ for any σ; ii) for each pair (P, Q) ∈ R, for all actions δ, and for all equivalence classes S ∈ SFC/R, we have γδ (P, S) = γδ (Q, S). Two processes P and Q are stochastic hyperbisimulation equivalent (or stochastic hyperequivalent) if they are related by a stochastic hyperbisimulation. We write P ∼SH Q. Definition 8 (Context). A process context C is given by the following syntax: C ::= [ ] | µ.C | C + P | P + C | C | P | P | C | (x)C | if xϕy then C else P | if xϕy then P else C

C[P ] denotes the result of filling the hole in the context C by a process P . The set of all SFC contexts is denoted by SFC[ ]. Theorem 2. (Congruence) Stochastic hyperequivalence is a congruence, i.e., for P, Q ∈ SFC and C ∈ SFC[ ], P ∼SH Q implies C[P ] ∼SH C[Q]. 9

4

Stochastic Fusion Processes as CTMCs

We show how the rate-based transition system deriving from the stochastic semantics can be transposed into a Continuous Time Markov Chain (CTMC), providing a wide set of means for automatic verification. Definition 9. A Continuous Time Markov Chain is a triple hS, T, s0 i, where: – S is the set of states, – T : S × S 7→ IR≥0 is the transition function, – s0 ∈ S is the initial state. A state s ∈ S denotes a possible configuration of the described system. The system is assumed to pass from a state s to a state s0 by consuming an exponentially distributed quantity of time, in which P the parameter of the exponential distribution is T(s, s0 ). The summation s0 ∈S T(s, s0 ) is called the exit rate of state s. The system is assumed to start from state s0 . If the set of states of the CTMC is finite (S = {s1 , . . . , sn }), then the transition function T can be represented as a square matrix of size n in which the element at position (i, j) is equal to T(si , sj ). The simulation procedure for CTMCs is standard: starting from the initial state of the CTMC we perform a sequence of steps by moving from state to state. At each step a global clock variable (initially set to zero) is incremented by a random quantity which is exponentially distributed with the exit rate of the current state s as parameter, and the next state s0 is randomly chosen with a probability proportional to T(s, s0 ). Many analysis techniques are available from mathematics and computer science for CTMCs. For example, if the set of states of the CTMC is finite, one can verify properties of the described system by using a probabilistic model checker such as PRISM [17]. P Given the cumulative rate T(s, C) = s0 ∈C T(s, s0 ) we can define the notion of strong Markovian bisimilarity. Definition 10 (Markovian bisimulation [2]). Given a CTMC hS, T, s0 i, an equivalence relation R on S is a strong Markovian bisimulation if and only if for all (s1 , s2 ) ∈ R and for all equivalence classes C ∈ S/R , T(s1 , C) ≥ T(s2 , C). Two states s1 and s2 are strong Markovian bisimilar, written s1 ∼M s2 , if and only if there exists a Markovian bisimulation R on S with (s1 , s2 ) ∈ R. Given two CTMCs M C1 = hS1 , T1 , s01 i and M C2 = hS2 , T2 , s02 i with S1 ∩ S2 ∩ s0 = ∅ we build the joint CTMC J(M C1 , M C2 ) = hS, T, s0 i where: – S = S1 ∪ S2 ∪ s0 ; – T(s0 , s01 ) = T(s0 , s02 ) = 1 and T(s, s0 ) = T1 (s, s0 ) if s, s0 ∈ S1 and T(s, s0 ) = T2 (s, s0 ) if s, s0 ∈ S2 . Two CTMCs M C1 = hS1 , T1 , s01 i and M C2 = hS2 , T2 , s02 i, are strong Markovian bisimilar, written M C1 ∼M M C2 , if s01 ∼M s02 in J(M C1 , M C2 ). 10

The semantics of a SFC process P , given a global fusion relation ϕ can be naturally transformed into a CTMC by considering pairs ([P ], ϕ) as states of the CTMC, where [P ] denotes the equivalence class of process P up to structural congruence. We set the initial state of the CTMC as ([P ], 1) and defineT(([P ], ϕ), ([P 0 ], ϕ0 )) as the sum of the rate of all reactions from P to P 0 updating the fusion ϕ to ϕ0 : P δ T(([P ], ϕ), ([P 0 ], ϕ)) = δ {ρ(P 0 ) | P − → ρ} where the action δ updates the fusion ϕ to ϕ0 (or leaves it unchanged, i.e. when ϕ = ϕ0 ). The set of states of the CTMC obtained by the semantics of process P can be restricted to the set of SFC processes which are reachable from P , if such a set is finite, we obtain a finite state CTMC. We call [|P |]M C the CTMC obtained as the semantics of the SFC process P . When simulating SFC processes as CTMCs, a frame of the simulation is a pair (([P ], ϕ), t) where ([P ], ϕ) represents the current process and fusion and t ∈ IR≥0 is the global clock. We have a finite set of transitions starting from a state ([P ], ϕ), namely the set of transitions {([P ], ϕ) → − ([Pi ], ϕi )}, with i ∈ [1, n], where n is the number of possible reductions starting from process P given the fusion ϕ, and with T(([P ], ϕ), ([Pi ], ϕi )) > 0. Now, a simulation step transforms the frame (([P ], ϕ), t)Pinto (([Pi ], ϕi ), t + τ ) where τ is exponentially distributed n with parameter p = i=1 T(([P ], ϕ), ([Pi ], ϕi )) and the target state ([Pi ], ϕi ) is i ],ϕi )) . chosen randomly with probability T(([P ],ϕ),([P p By construction, the following holds. Theorem 3. Stochastic hyperequivalence preserves strong Markovian bisimulation, i.e., for P, Q ∈ SFC, P ∼SH Q implies [|P |]M C ∼M [|Q|]M C . A translation from CTMCs to SFC processes could be done immediately by just using the prefix (with a fixed unique action label) and the + operators. Given such a translation, also the inverse of the theorem would hold.

5

Modelling the Arbuscular Mycorrhizal Symbiosis

The arbuscular mycorrhizal (AM) symbiosis is an example of association with high compatibility formed between fungi belonging to the Glomeromycota phylum and the roots of most land plants [12]. AM fungi are obligate symbionts, in the absence of a host plant, spores of AM fungi germinate and produce a limited amount of mycelium. The recognition between the two symbionts is driven by the perception of diffusible signals and, once reached the root surface, the AM fungus enters in the root, overcomes the epidermal layer and it grows inter-and intracellularly all along the root in order to spread fungal structures. Once inside the inner layers of the cortical cells the differentiation of specialised, highly branched intracellular hyphae called arbuscules occur. Arbuscules are considered the major site for nutrients exchange between the two organisms. The fungus supply the host with essential nutrients such as phosphate, nitrate and other minerals from the soil. In return, AM fungi receive carbohydrates derived from photosynthesis in the host. AM symbiosis also confers resistance to the plant against pathogens 11

and environmental stresses. The colonisation of the host plant requires the accomplishment of two main events: i) signalling and partner recognition, ii) the colonisation of root tissues and the development of intraradical fungal structures leading to a functional symbiosis.

Fig. 1. The Arbuscular Mycorrhizal symbiosis

The interaction begins with a molecular dialogue between the plant and the fungus [12]. Host roots release signalling molecules characterised as strigolactones. Within just a few hours, strigolactones at subnanomolar concentrations induce alterations in fungal physiology, mitochondrial activity and extensive hyphal branching (leading the fungal spore to produce hyphae towards the plant root). The external signal released by AM fungi (called myc factor ) is perceived by a receptor on the plant plasma membrane and is transduced into the cell with the activation of a symbiotic signalling pathway that lead to the colonisation process (Pre Penetration Apparatus, PPA). We model these initial communication between the plant root and AM fungi with SFC. We focus on the communication between one thousand epidermal cells of the plant root (EpiCell) and ten fungal spores (Spore) within the soil. The plant root (P lantRoot) releases the strigolactones signals (named s) on the soil affecting all the spores. Such a one-to-many communication exploits the soil as a shared medium. Once a spore recognises the strigolactones signals (through the if-then-else operator) it starts producing hyphae (Hypha) towards the soil. Hyphae may contact one of the epidermal cells using myc factor signals (named m). This is described as a one-to-one communication modelled as a bounded delayed input with an external receptor of the plant cell. Hyphae may either branch or die. The internal activity of the plant epidermal cell is described by the process IntEpiCell. We mark as Active the epidermal plant root cells which have been contacted by the hyphae. We use the notation n × P to denote the 12

parallel composition of n processes P . P lantRoot ::= Soil ::= Spore ::= Hypha ::= EpiCell ::= IntEpiCell ::=

(us, rs ) | 1000 × EpiCell (ux, 1) | 10 × Spore xϕs?Hypha : Spore (vm, rmB ).Hypha + (vm, rmD ).0 (y)((vy, 1).0 | IntEpiCell) yϕm?Active : IntEpiCell

In the absence of myc factor, the internal behaviour of the plant cells leads the usual functionalities. When the myc factor is present, the internal behaviour of the plant cell changes. One of the first response observed in epidermal cells of the root is a repeated oscillation of the calcium (Ca2+ ) concentration in the nucleus and in the perinuclear cytoplasm through the alternate activity of Ca2+ channels and transporters. Here we do not model explicitly this phenomenon, and just mark as Active the cells of the plant root contacted by the fungi. 5.1

Simulating the AM Symbiosis with PRISM

We used the synchronisation distribution for the biological context, namely ρ1 | ρ2 (P | Q) = ρ1 (P ) · ρ2 (Q). The following PRISM module represents the CTMC extracted by hand from the SFCs processe P lantRoot | Soil describing the above system. stochastic const int SPORE=100; //number of fungal spores in the soil const int EPRC=1000; //number of epidermal plant root cells const double rs; //rate of strigolactone signal release const double rmB=0.0005; //rate of myc factor release + hyphal branch const double rmD; //rate of myc factor release + hyphal death module AMsymbiosis //State variables: str: [0..1] init 0; //strigolactone signal released h: [0..SPORE] init SPORE; //number of hyphae a: [0..EPRC] init 0; //number of active EPRC //Transitions ([label] "guard" -> "rate":"state update"): [sigStr] (str=0) -> rs:(str’=1); //str=1 when the strigolagtone signal is released in the soil [sigMFB] (str=1)&(EPRC-a>0)&(h>0) -> h*(EPRC-a)*rmB:(a’=a+1); //an hypha activates a plant root cell [sigMFD] (str=1)&(EPRC-a>0)&(h>0) -> h*(EPRC-a)*rmD:(a’=a+1)&(h’=h-1); //an hypha activates a plant root cell and then dies endmodule //rewards are used as plotting monitors rewards "activated_cells" true : a; endrewards

Analysing with the PRISM model checker [17] the derived CTMC, we can plot, e.g., the number of epidermal plant root cells which have been contacted, and activated, by the AM fungi. 13

Fig. 2. Activated Plant Cells.

Figure 2 exhibits the number of expected activated cells under different values for parameters rs and rmD (that could vary, e.g., depending on the soil conditions). Parameter rmB is set at 0.0005. The plotted results are obtained as the mean from a 1000 sample of stochastic simulations. Note that while single simulation experiments can produce, as it happens in real experiments, a very wide range of outputs, the plot in Figure 2 shows the average behaviour under different parameters. Thus, the maximum number of activated plant cells tends to the plotted averages. The lower the value for rs , the slowest the activation of the plant cells. The lower the value for rmD (making the hyphae more active), the higher the number of activated plant root cells. In Figure 2 red coloured curves represent more resistent hyphae, while blue coloured hyphae represent more vulnerable hyphae. Aspects of the AM symbiosis process have also been studied with the Calculus of Wrapped Compartments [8], a multilevel framework with compartments and term rewrite rules. In particular, in [7] a newly discovered ammonium transporter is studied in the context of nutrient exchange, in [3] a spatial analysis is carried on about the diffusion of strigolactones within the soil and the growth of the fungal hyphae.

6

Conclusions and Related Work

Process algebras provide the means to deal with compositionality with operators that allow to build up processes out to smaller ones and transformation to reduce the internal activity, and complexity, of the composing subsystems. Behavioural equivalences offer then an important instrument for the description and comparison of a system’s observable behaviour. The analysis of quantitative aspects in the behaviour of distributed systems is nowadays a central topic of investigation. The introduction of stochastic rates in the transitions modelling the system’s behaviour allows to describe the probabilistic function modelling the 14

distribution of the action durations. Additive race conditions are used instead of nondeterministic choices, interleaving and action synchronisation are enriched with new functions used to define the action rates for the composed system. Thus, stochastic process algebras, combining aspects of compositionality with probability distributions and action durations, constitute a successful tool for the performance analysis of concurrent distributed systems. A first probabilistic extension of the fusion calculus is presented in [5] following two directions: a first extension is along the lines of classical timing-based approach in stochastic process algebras; a second extension deals with possible incomplete effects of fusion actions. A stochastic extension of fusion calculus was presented in [4]. The calculus presented here could be considered a novel process algebra, syntactically and semantically different from the idea presented in [4]. In [4] indices are used to distinguish different semantic derivations of the same process, making everything more confused; the synchronisation distribution is expressed in a different, less general, way. In the present paper, the analysis is more CTMCs-oriented and the new calculus guarantees essential properties. Rate-based transition systems have been proposed in [14] as a format for the semantics specification of stochastic processes. The abstraction of rate-based transition systems based on next state functions proposed in [10] allows to define the semantics of stochastic process calculi in a simple, elegant and general way. In the present paper, we present a semantics of the fusion calculus with rate-based transition systems where the evolution of a system is driven by exponential probability distributions resulting from next state functions. The new formalisation guarantees the associativity property for parallel composition, a property that becomes essential in the analysis of biological systems. Also note that a complete and sound axiomatisation of the stochastic hyperequivalence could be given (more details could be found in the Appendix). There have been several attempts to define high level formalisms mapping to continuous-time Markov chains: stochastic Petri nets, stochastic automata networks, Markovian queuing networks, stochastic rewrite systems and stochastic process algebras. Among stochastic rewrite systems we mention the Calculus of Wrapped Compartments [8], the stochastic extensions of bigraphs [16] and P Systems [23]. Among stochastic process algebras, more closely related to the present paper, we should mention the first attempt given by the stochastic extension of the π-calculus [21]. In this calculus, a rate is associated to each activity; the rate and the associated exponential distribution describe the stochastic behaviour of the activity. The semantics underlying the biochemical stochastic π-calculus [22] describes a sound executable model for biochemistry based on Gillespie’s stochastic simulation algorithm [11]. A correct abstract machine for the stochastic π-calculus is defined by Phillips and Cardelli. The modern version of stochastic π-calculus is then defined by the same authors in [1]. It allows a compositional approach to the dynamics of gene regulatory networks by using the stochastic π-calculus, and develop a representation of gene network elements which can be used to build complex circuits in 15

a transparent and efficient way. The authors point out how the interplay of the stochastic gate interactions influence the circuit behaviour. Regarding the complexity of interactions, we mention the stochastic process algebra PEPA [13] and its recent biological extension, Bio-PEPA [6], that supports multiway synchronisation and stochastically timed actions as primitive. A useful result is presented in [13], namely that the set of derivative processes from a finite control stochastic process defines a finite continuous-time Markov chain. Then, standard analysis techniques are applicable, and it can be given a friendly automata-like scalable graphical syntax. The stochastic process algebras mapping to continuous-time Markov chains are directly executable via Gillespie’s algorithms. All these advantages are valid for the rate-based stochastic fusion calculus presented in this paper. PRISM [17] is a probabilistic model checker that allows modelling and analysing systems which exhibit a probabilistic behaviour. It allows to describe CTMCs in a simple and effective way through its stochastic modules. Recently, an interpretation of PEPA processes into PRISM modules has been developed.

Acknowledgements The first author was supported by a grant of the Romanian National Authority for Scientific Research, CNCS-UEFISCDI, project number PN-II-ID-PCE-20113-0919. The second author has been partially funded by the BioBITs Project (Converging Technologies 2007, area: Biotechnology-ICT), Regione Piemonte.

References 1. R. Blossey, L. Cardelli, A. Phillips. A Compositional Approach to the Stochastic Dynamics of Gene Networks. Transactions on Computational Systems Biology, vol.3939, 99-122, 2006. 2. E. Brinksma, H. Hermanns. Process algebra and Markov chains. In Euro Summer School on Trends in Computer Science, LNCS vol. 2090, 183-231, 2001. 3. C. Calcagno, M. Coppo, F. Damiani, M. Drocco, E. Sciacca, S. Spinella, A. Troina Modelling Spatial Interactions in the Arbuscular Mycorrhizal Symbiosis using the Calculus of Wrapped Compartments In Proc. of CompMod’11, EPTCS vol. 67, 2011. 4. G. Ciobanu. From Gene Regulation to Stochastic Fusion. LNCS vol.5204, 51-63, 2008. 5. G. Ciobanu, J. Mishra. Performance Analysis and Name Passing Errors in Probabilistic Fusion. Scientific Annals of “A.I.Cuza” University, vol.16, 57-76, 2005. 6. F. Ciocchetta, J. Hillston. Bio-PEPA: A Framework for the Modelling and Analysis of Biological Systems. Theoretical Computer Science, vol.410, 3065-3084, 2009. 7. M. Coppo, F. Damiani, M. Drocco, E. Grassi, M. Guether, A. Troina. Modelling Ammonium Transporters in Arbuscular Mycorrhiza Symbiosis. Transactions on Computational Systems Biology, vol. XIII, pp. 85-109, 2011.

16

8. M. Coppo, F. Damiani, M. Drocco, E. Grassi, E. Sciacca, S. Spinella, A. Troina. Simulation Techniques for the Calculus of Wrapped Compartments. Theoretical Computer Science, to appear. 9. R. De Nicola, D. Latella, M. Loreti, M. Massink. MarCaSPiS: a Markovian Extension of a Calculus for Services. ENTCS vol. 229, 11-26, 2009. 10. R. De Nicola, D. Latella, M. Loreti, M. Massink. Rate-based Transition Systems for Stochastic Process Calculi. Proc. ICALP, LNCS vol.5556, 435-446, 2009. 11. D.T. Gillespie. Exact Stochastic Simulation of Coupled Chemical Reactions. Journal of Physical Chemistry, vol.81, 2340-2361, 1977. 12. J. Harrison. Signaling in the Arbuscular Mycorrhizal Symbiosis. Annu. Rev. Microbiol., vol.59, 19–42, 2005. 13. J. Hillston. A Compositional Approach to Performance Modelling. PhD Thesis, University of Edinburgh, 1994. 14. B. Klin, V. Sassone. Structural Operational Semantics for Stochastic Process Calculi. Proc. FoSSaCS, LNCS vol.4962, 428-442, 2008. 15. J.G. Kemeny, J.L. Snell. Finite Markov Chains. Springer, 1976. 16. J. Krivine, R. Milner, A. Troina. Stochastic Bigraphs. Proc. MFPS’08, ENTCS, vol.218, 73-96, 2008. 17. M. Kwiatkowska, G. Norman, D. Parker. Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach. Int. Journal on Software Tools for Technology Transfer, vol.6, 128–142, 2004. 18. K.G. Larsen, A. Skou. Bisimulation through Probabilistic Testing. Information and Computation, vol.94, 1-28, 1991. 19. R. Milner, J. Parrow, D. Walker. A Calculus of Mobile Processes. Information and Computation, vol.100, 1-40, 1992. 20. J. Parrow, B. Victor. The Fusion Calculus: Expressiveness and Symmetry in Mobile Processes. Proc. LICS, IEEE Computer Society, 176-185, 1998. 21. C. Priami. Stochastic π-Calculus. Computer Journal, vol.38, 578-589, 1995. 22. A. Regev, E. Shapiro. The π-Calculus as an Abstraction for Biomolecular Systems. In G.Ciobanu, G.Rozenberg (Eds.): Modelling in Molecular Biology, Natural Computing Series, Springer, 219-266, 2004. 23. A. Spicher, O. Michel, M. Cieslak, J.-L. Giavitto, P. Prusinkiewicz. Stochastic P Systems and the Simulation of Biochemical Processes with Dynamic Compartments. Biosystems, vol.91, 458-472, 2008.

17

Appendix: Stochastic Hyperbisimulation is a Congruence (α,r)

In this appendix we assume the notation P −−−→ P 0 if there is a transition α P − → ρ such that ρ(P 0 ) = r. Theorem.[Congruence] Stochastic hyperequivalence is a congruence, i.e., for P, Q ∈ SFC and C ∈ SFC[ ], P ∼SH Q implies C[P ] ∼SH C[Q]. Proof. The idea of this proof originates from [19]. The proof is a bit different, because we insist on the fact that bisimulations should be equivalences, and reason in terms of the function γδ rather than using the underlying transitions. This helps when we add the probabilistic distributions. Note that for an expression C[P ], any variable in P is either bound within P , free within P but bound within C[P ], or free both within P and C[P ]. It is enough to show that the equivalence closure R of R0 = {(C[P ], C[Q]) | P ∼SH Q, C ∈ SFC[ ] such that C[P ], C[Q] ∈ SFC} is a stochastic hyperbisimulation. This can be proven by showing that for all P, Q ∈ SFC such that P ∼SH Q, for all C ∈ SFC[ ] such that C[P ], C[Q] ∈ SFC, for all S ∈ SFC/R, and for all actions δ we have γδ (C[P ], S) = γδ (C[Q], S) (3) We can assume that (C[P ], C[Q]) ∈ R0 , since the extension to the equivalence closure is straightforward. We proceed by induction on the depth of inference. Let P, Q ∈ SFC such that P ∼SH Q and suppose (3) is established for pairs P 0 , Q0 ∈ SFC with a smaller depth of inference. It is enough to establish only one direction of (3), with ≤ substituted for =, as the converse direction follows by (α,r)

symmetry. Now, adopting the convention RSF C `n P −−−→ P 0 if the transition (α,r)

P −−−→ P 0 can be derived by a proof-tree of depth n or less, then, based on the rules of the operational semantics, we define γαn : SFC × P(SFC) → R for all α ∈ N , for all R ∈ SFC, and for all S ⊆ SFC by γαn (R, S) =

X (α,r) {r | RSF C `n R −−−→ R0 , R0 σ ∈ S}. i∈I

Now γα (R, S) = lim γαn (R, S), and so we only have to show that for all n ≥ 0, n→inf

for all C ∈ SFC[ ] such that C[P ], C[Q] ∈ SFC, for all S ∈ SFC/R, and for all actions α, γαn (C[P ], S) ≤ γα (C[Q], S) (4) This is proved by induction. The case n = 0 is trivial, so we may assume (4) for a certain n ≥ 0. Depending on the topmost operator of C, we distinguish seven cases in proving (4) for (n + 1). Here we present only three cases. Empty context. We have to show that for all S ∈ SFC/R, and for all actions α, γαn+1 (P, S) ≤ γα (Q, S) (5) 18

Since ∼SH is contained in the equivalence relation R, S is the disjoint union of one or more T ∈ SFC/∼SH , and it is enough to prove (5) for T instead of S. This follows immediately from P ∼SH Q, i.e., γαn+1 (P, T ) = γα (P, T ) ≤ γα (Q, S) Action prefixing. We have to show that for all C ∈ SFC[ ] such that C[P ], C[Q] ∈ SFC, for all S ∈ SFC/R , and for all actions α we have γαn+1 (µ.C[P ], S) ≤ γα (µ.C[Q], S)

(6)

Let µ = (β, Fβ ). For any P ∈ SFC, γαn+1 (µ.P, S) = γα (µ.P, S) if α = β. If α 6= β, (6) is fulfilled trivially; if α = β, (6) follows because C[P ] and C[Q] are in the same equivalence class S 0 ∈ SFC/R . Summation. We have to show that for all C1 , C2 ∈ SFC[ ] such that Ci [P ], Ci [Q] ∈ SFC, for all S ∈ SFC/R , and for all actions α, γαn+1 (C1 [P ] + C2 [P ], S) ≤ γα (C1 [Q] + C2 [Q], S)

(7)

We have γαn+1 (C1 [P ]+C2 [P ], S) =

X

ind

γαn (Ci [P ], S) ≤

i=1,2

X

γα (Ci [Q], S) = γα (C1 [Q]+C2 [Q], S).

i=1,2

Appendix: Stochastic Hyperequivalence Axiomatisation We present a sound and complete axiomatic system for ∼SH in the framework of SFC. Such an axiomatisation facilitates to prove the stochastic hyperequivalence of processes at a syntactic level. The axiomatisation extends the axiomatisation of Parrow and Victor with stochastic axioms. For instance, axiom S4 describes the additive property of the exponential distribution. We use M, N to stand for a condition xϕy in the if-then-else operator, where ϕ is a fusion relation, and define the names occurring in M by n(M ) = {x, y}. We use a simplified notation for the if-then-else operator, namely M ?P :Q, and add a scope law for the structural congruence: (x)M ?P :Q ≡ M ?(x)P :(x)Q, if x 6∈ n(M ). Note that if we have M ?(N ?P :Q):Q, then we can write M N ?P :Q, where M N is the conjunction of the conditions M and N . A sequence of conditions f, N e , and we say that M f implies N e, x1 ϕy1 x2 ϕy2 . . . xk ϕyk ranges over by M f e f written M ⇒ N , if the conjunction of all conditions in M logically implies all e (similar for M f⇔N e ). elements in N f, Definition 11. [20] A substitution σ agrees with a sequence of conditions M f agrees with σ, if for all x, y which appear in M f, σ(x)ϕσ(y) iff M f ⇒ xϕy. and M We call Axiomatic Stochastic Hyperequivalence (ASHE), the stochastic extension of the axiomatic system presented in [20]. Summation S1 P + 0 = P S2 P + Q = Q + P

19

S3 P + (Q + R) = (P + Q) + R S4 (α, r1 ).P + (α, r2 ).P = (α, r1 + r2 ).P Scope R1 R2 R3 R4 R5

(x)0 = 0 (x)(y)P = (y)(x)P (x)(P + Q) = (x)P + (x)Q (x)(α, r).P = (α, r).(x)P , if x ∈ / fn(α) (x)(α, r).P = 0, if x is the subject of α If-Then-Else

I1 I2 I3 I4 I5

f?P : Q = N e ?P : Q, if M f⇔N e M xϕy?P : Q = xϕy?(P {x/y}) : Q M ?P : P 0 + M ?Q : Q0 = M ?(P + Q) : (P 0 + Q0 ) xϕx?P : Q = P P = xϕy?P : 0 + xϕy?0 : P If-Then-Else and Scope

IR1 (x)yϕz?P : Q = yϕz?(x)P : (x)Q, if x 6= y, x 6= z IR2 (x)xϕy?P : 0 = 0, if x 6= y Fusion F1 (ϕ, r).P = (ϕ, r).(xϕy?P : Q), if xϕy F2 (z)(ϕ, r).P = (ϕ \ z, r).P , if z ∈ / fn(P ) Expansion X X E1 If P ≡ Mi ?(xei )(αi , rαi ).Pi : 0 and Q ≡ Nj ?(yej )(βj , rβj ).Qj : 0, i

j

where all the names in Mi (Nj ) are related by fusion ϕi (ϕj respectively), then weX have: X P |Q= Mi ?(xei )(αi , rαi ).(Pi | Q) : 0 + Nj ?(yej )(βj , rβj ).(P | Qj ) : 0+ Xi

+

j

Mi Nj ?(xei )(yej )(ϕ, rϕ ).(Pi | Qj ) : 0,

αi ≡uzi ∧βj ≡uwj

where ϕ = [zi ] ∪ [wj ], rϕ is the exponential rate obtained from the chosen synchronisation distribution, and xei 6∈ fn(αi ), yej 6∈ fn(βj ). We also have the following derived rules: If-Then-Else DM1 DM2 DM3 DM4

xϕy?((α, r).(xϕy?P : R)) : Q = xϕy?(α, r).P : Q f?P : Q = M f?(P σ) : Q, for σ agreeing with M f M f M ?0 : 0 = 0 f?P : P ) + P = P (M

Fusion DF1 (ϕ, r).P = (ϕ, r).(P σ), where σ agrees with ϕ DF2 (z)(ϕ, r).P = (ϕ \ z, r).(P {w/z}), if zϕw and z = 6 w

20

Theorem 4 (Soundness). ASHE ` P = Q implies P ∼SH Q. Proof. We follow [19] in order to prove the soundness of the axioms which do not involve the distribution of the transitions. For the other axioms we follow the proof presented in [5]. We present here the proof with respect to the summations, scope, fusion and expansion axioms. Summation: First we prove that 1. P + 0 ∼SH P 2. P + Q ∼SH Q + P 3. P + (Q + R) ∼SH (P + Q) + R For the equivalence closure of ∼SH , the following relations are stochastic hyperbisimulations: S1 = {(P + 0, P ) | P agent } ∪ Id S2 = {(P + Q, Q + P ) | P, Q agents } ∪ Id S3 = {((P + Q) + R, P + (Q + R)) | P, Q, R agents } ∪ Id where Id is the identity on processes. For S1 the only actions the components of the µ µ pair (P + 0, P ) can execute are P → P 0 , and by SU M , P + 0 → P 0 . Hence we have 0 0 (P , P ) ∈ Id ⊂ S1 . For S2 and S3 , using SU M , it follows that these relations are stochastic hyperbisimulations. In order to prove that (α, r1 ).P + (α, r2 ).P ∼SH (α, r1 + r2 ).P , we consider the relation S4 = {((α, r1 ).P + (α, r2 ).P, (α, r1 + r2 ).P ) | P agent )} ∪ Id, and prove that it is a stochastic hyperbisimulation. We denote by P1 a process representing the first component of a pair in S4 , and by P2 the process corresponding to the second component. Applying SU M to P1 , P REF to P2 , and then using a property of the exponential distribution, we find that the condition required for S4 to be stochastic hyperbisimulation is verified, i.e., γα (P1 , C) = r1 + r2 = γα (P2 , C), where C represents an equivalence class from P/S4 . Scope: We prove only the soundness of axiom R4, i.e, R4 = {((x)(α, r).P, (α, r).(x)P )) | P is a process, x ∈ / fn(α)} ∪ Id is a stochastic hyperbisimulation. The only actions which both components of the pair ((x)(α, r).P, (α, r).(x)P )) can do are (α,r)

(α, r).P −−−→ P, x ∈ / fn(α) (α,r)

by PASS

(x)(α, r).P −−−→ (x)P and (α,r)

(α, r).(x)P −−−→ (x)P by PREF. Since ((x)P, (x)P ) ∈ Id, we have ((x)P, (x)P ) ∈ R4 , and it can be easily verified that γα ((x)(α, r).P, C) = r = γα ((α, r).(x)P, C), where C represents an equivalence class from P/R4 . Fusion: We prove that: F1 = {((ϕ, r).P, (ϕ, r).(xϕy?P : Q)) | P process, xϕy} ∪ Id F2 = {((z)(ϕ, r).P, (ϕ \ z, r).P ) | P process, z ∈ / fn(P)} ∪ Id

21

are stochastic hyperbisimulations. For F1 the only actions which the components of the pair ((ϕ, r).P, (ϕ, r).(xϕy?P : Q)) can do are (ϕ,r)

(ϕ, r).P −−−→1 P by PREF and (ϕ,r)

(ϕ, r).(xϕy?P : Q) −−−→1 xϕy?P : Q by PREF Since xϕy, it follows that xϕy?P : Q = P , and so we have (P, P ) ∈ Id ⊂ F1 . We have also that γϕ ((ϕ, r).P, C) = r = γϕ ((ϕ, r).(xϕy?P : Q), C), where C represents an equivalence class from P/F1 . For F2 we use SCOP E and P REF rules, and the fact that γϕ ((z)(ϕ, r).P, C) = r = γϕ ((ϕ \ z, r).P, C), where C represents an equivalence class from P/F2 . Expansion: We write R for the right hand side of axiom E, and we show that P | Q ∼SH R. We consider a relation E given by E = {(P | Q, R)} ∪ Id. There are three cases induced by the three terms of R denoted R1 , R2 , R3 , respectively. We refer here to the third term of R. By applying P ASS, IT E1 , and in the end SU M , we get for P | Q : (ue z ,ru )

(ue zk , ru ).Pk −−−k−−→ Pk

by P ASS

(ue z ,ru )

(e xk )(ue zk , ru ).Pk −−−k−−→ (e xk )Pk z ,ru ) (ue

xk )Pk (e xk )(ue zk , ru ).Pk −−−k−−→ (e (ue z ,ru )

by IT E1

xk )Pk Mk ?(e xk )(ue zk , ru ).Pk : 0 −−−k−−→ (e (uz ,ru )

Mk ?(e xk )(uzk , ru ).Pk : 0 −−−k−−→ (e xk )Pk (uz ,ru )

by SU M

(8)

P −−−k−−→ (e xk )Pk We have similar transitions for Q and by applying COM rule, we obtain: (uz ,ru )

(uw ,ru )

P −−−k−−→ (e xk )Pk , Q −−−l−−→ (e yl )Ql

, ϕ = [zk ] ∪ [wl ] (ϕ,rϕ ) P | Q −−−−→ (e xk )Pk | (e yl )Ql For R we apply P REF , and, since xei ∈ / fn(αi ), yej ∈ / fn(βj ), we apply P ASS twice, IT E1 twice, and in the end SU M : (ϕ,rϕ )

Mk Nl ?(e xk )(e yl )([zk ] ∪ [wl ], rϕ ).(Pk | Ql ) : 0 −−−−→ (e xk )(e yl )(Pk | Ql ) (ϕ,rϕ )

R3 −−−−→ (e xk )(e yl )(Pk | Ql ) where ϕ = [zk ] ∪ [wl ], and kl is the index of a term from the sum R3 . Therefore (ϕ,rϕ )

R −−−−→ (e xk )(e yl )(Pk | Ql ) by SU M Finally, by applying the scope extension twice, we get: (e xk )Pk | (e yl )Ql = (e xk )(e yl )(Pk | Ql ) f is complete on a finite subset of names N 0 ⊂ N if for A sequence of conditions M f, an equivalence relation R on N 0 called the equivalence relation corresponding to M f ⇒ [x = y] iff xRy, and M f ⇒ [x 6= y] iff ¬(xRy). we have M process P is in head normal form on a finite set of names N 0 , if P is on the form P A f fi is complete on N 0 , and x xi )(αi , ri ).P , where x ei are objects of αi , M ei ∩ N 0 = ∅ i Mi (e for all i. Theorem 5 (Completeness). P ∼SH Q implies ASHE ` P = Q.

22

Proof (Sketch). We assume that both P and Q are in head normal form on fn(P, Q). The proof is by induction on depth of P + Q, showing that each summand of P is provably equal to a summand of Q. If the depth is 0 then P ≡ 0 and Q ≡ 0, and the result is immediate. f(e Suppose the depth is strictly greater than 0. We consider M x)(α, rα ).P 0 is a sumf mand of P , σ a substitution agreeing with M , and σ(w) = w for all w ∈ / fn(P, Q). We (α0 ,r 0 )

denote ((e x)(α, rα )σ by ((e x)ασ, r(ex)ασ ) and α0 = (e x)ασ. We have P σ −−−−α−→ P 0 σ. By P ∼SH Q, then for all equivalence classes C ∈ P/ ∼SH we have γα0 (P, C) = γα0 (Q, C), P P (α0 ,r 0 ) where γα0 (P, C) = {rα0 | P σ −−−−α−→ P 0 σ, P 0 σ ∈ C}, and γα0 (Q, C) = {rα0 | (α0 ,r 0 )

P σ −−−−α−→ Q00 , Q00 ∈ C} with: P 0 σ = Q00 , by induction, if α is a communication action (1) P 0 σρ = Q00 ρ, by induction, if α is a fusion action (2) where ρ agrees with (α, rα )σ. By alpha-conversion, we can write the summand of Q used to simulate the action e (e e agrees with σ, and of P σ as N x)(β, rβ ).Q0 . N (β 0 ,rβ 0 )

e (e (N x)(β, rβ ).Q0 )σ −−−−−→ Q0 σ, with β 0 = (e x)βσ so Q00 = Q0 σ and (α0 , rα0 ) = (β 0 , rβ 0 ), i.e., ((e x)(α, rα ))σ = ((e x)(β, rβ ))σ, which implies (α, rα )σ = (β, rβ )σ (3) since σ is an identity for names which are not free in P, Q. f According to Lemma 13 presented in [20] saying that if two match sequences M e are complete on a set of names such that M f and N e both agree with the same and N f⇔N e . Using this result and axiom DM2, we get substitution σ, then M f(e f((e M x)(α, rα ).P 0 = M x)(α, rα ).P 0 )σ If α is a communication action, then (3) (1) f((e f(e f(e M x)(α, rα ).P 0 )σ = M x)((α, rα )σ).(P 0 σ) = M x)((β, rβ )σ).(P 0 σ) = (1) M DM f(e e (e e ((e = M x)((β, rβ )σ).(Q0 σ) =1 N x)((β, rβ )σ).(Q0 σ) = N x)(β, rβ ).Q0 )σ = 2 DM2

e (e N x)(β, rβ ).Q0 If α is a fusion action, then (2) DF DF f((e f(e f(e M x)(α, rα ).P 0 )σ =1 M x)((α, rα )σ).(P 0 σρ) = M x)((α, rα )σ).(Q0 σρ) =1 (3) M DF1 f(e f(e e (e = M x)((α, rα )σ).(Q0 σ) = M x)((β, rβ )σ).(Q0 σ) =1 N x)((β, rβ )σ).(Q0 σ) = =

DM e ((e e (e =N x)(β, rβ ).Q0 )σ = 2 N x)(β, rβ ).Q0 . Thus each summand of P is provably equal to a summand of Q, and then it suffices to use the rules S1-S4 to infer that P and Q are provably equal, i.e ` P = Q.

23