On the behaviours produced by instruction sequences under execution

Bergstra, J.A.; Middelburg, C.A.

Publication date
2011

Document Version
Final published version

Citation for published version (APA):

General rights
It is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s) and/or copyright holder(s), other than for strictly personal, individual use, unless the work is under an open content license (like Creative Commons).

Disclaimer/Complaints regulations
If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library: https://uba.uva.nl/en/contact, or a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.
On the Behaviours Produced by Instruction Sequences under Execution

J.A. Bergstra and C.A. Middelburg

Informatics Institute, Faculty of Science, University of Amsterdam, Science Park 904, 1098 XH Amsterdam, the Netherlands
J.A.Bergstra@uva.nl, C.A.Middelburg@uva.nl

Abstract. We study several aspects of the behaviours produced by instruction sequences under execution in the setting of the algebraic theory of processes known as ACP. We use ACP to describe the behaviours produced by instruction sequences under execution and to describe two protocols implementing these behaviours in the case where the processing of instructions takes place remotely. We also show that all finite-state behaviours considered in ACP can be produced by instruction sequences under execution.

Keywords: instruction sequence, remote instruction processing, instruction sequence producible process

1 Introduction

The concept of an instruction sequence is a very primitive concept in computing. It has always played a central role in computing because of the fact that execution of instruction sequences underlies virtually all past and current generations of computers. It happens that, given a precise definition of an appropriate notion of an instruction sequence, many issues in computer science can be clearly explained in terms of instruction sequences. A simple yet interesting example is that a program can simply be defined as a text that denotes an instruction sequence. Such a definition corresponds to an empirical perspective found among practitioners.

In theoretical computer science, the meaning of programs usually plays a prominent part in the explanation of many issues concerning programs. Moreover, what is taken for the meaning of programs is mathematical by nature. On the other hand, it is customary that practitioners do not fall back on the mathematical meaning of programs in case explanation of issues concerning programs is needed. They phrase their explanations from an empirical perspective. An empirical perspective that we consider appealing is the perspective that a program is in essence an instruction sequence and an instruction sequence under execution produces a behaviour that is controlled by its execution environment in the sense that each step performed actuates the processing of an instruction by
the execution environment and a reply returned at completion of the processing determines how the behaviour proceeds.

This paper concerns the behaviours produced by instruction sequences under execution as such and two issues relating to the behaviours produced by instruction sequences under execution, namely the issue of implementing these behaviours in the case where the processing of instructions takes place remotely and the issue of the extent to which the behaviours considered in process algebra can be produced by instruction sequences under execution.

Remote instruction processing means that a stream of instructions to be processed arises at one place and the processing of that stream of instructions is handled at another place. This phenomenon is increasingly encountered. It is found if loading the instruction sequence to be executed as a whole is impracticable. For instance, the storage capacity of the execution unit is too small or the execution unit is too far away. Remote instruction processing requires special attention because the transmission time of the messages involved in remote instruction processing makes it hard to keep the execution unit busy without intermission.

In the literature on computer architecture, hardly anything can be found that contributes to a sound understanding of the phenomenon of remote instruction processing. As a first step towards such an understanding, we give rigorous descriptions of two protocols for remote instruction processing at a level of abstraction that captures the underlying essence of the protocols. One protocol is very simple, but makes no effort keep the execution unit busy without intermission. The other protocol is more complex and is directed towards keeping the execution unit busy without intermission. It is reminiscent of an instruction pre-fetching mechanism as found in pipelined processors (see e.g. [26]), but its range of application is not restricted to pipelined instruction processing.

In the literature on computer architecture, hardly anything can be found that contributes to a sound understanding of the phenomenon of remote instruction processing. As a first step towards such an understanding, we give rigorous descriptions of two protocols for remote instruction processing at a level of abstraction that captures the underlying essence of the protocols. One protocol is very simple, but makes no effort keep the execution unit busy without intermission. The other protocol is more complex and is directed towards keeping the execution unit busy without intermission. It is reminiscent of an instruction pre-fetching mechanism as found in pipelined processors (see e.g. [26]), but its range of application is not restricted to pipelined instruction processing.

The work presented in this paper belongs to a line of research which started with an attempt to approach the semantics of programming languages from the perspective mentioned above. The first published paper on this approach is [7]. That paper is superseded by [8] with regard to the groundwork for the approach: program algebra, an algebraic theory of single-pass instruction sequences, and basic thread algebra, an algebraic theory of mathematical objects that represent in a direct way the behaviours produced by instruction sequences under execution.

The main advantages of the approach are that it does not require a lot of mathematical background and that it is more appealing to practitioners than the main approaches to programming language semantics: the operational approach, the denotational approach and the axiomatic approach. For an overview of these approaches, see e.g. [32].

The work presented in this paper is based on the instruction sequences considered in program algebra and the representation of the behaviours produced by instruction sequences under execution considered in basic thread algebra. It is rather awkward to describe and analyse the behaviours of this kind using al-

\[ \text{In [8], basic thread algebra is introduced under the name basic polarized process algebra.} \]
gebraic theories of processes such as ACP [30], CCS [27,31] and CSP [23,29]. However, the objects considered in basic thread algebra can be viewed as representations of processes as considered in process algebra. This allows for the protocols for remote instruction processing to be described using ACP or rather ACP\(\tau\), an extension of ACP which supports abstraction from internal actions.

Process algebra is an area of the study of concurrency which is considered relevant to computer science, as is witnessed by the extent of the work on algebraic theories of processes such as ACP, CCS and CSP in theoretical computer science. This strongly hints that there are programmed systems whose behaviours can be taken for processes as considered in process algebra. Therefore, it is interesting to know to which extent the behaviours considered in process algebra can be produced by programs under execution, starting from the perception of a program as an instruction sequence. In this paper, we will show that, by apposite choice of instructions, all finite-state processes can be produced by instruction sequences (provided that the cluster fair abstraction rule, see e.g. Section 5.6 of [24], is valid).

The instruction sequences considered in program algebra are single-pass instruction sequences, i.e. finite or infinite sequences of instructions of which each instruction is executed at most once and can be dropped after it has been executed or jumped over. Program algebra does not provide a notation for programs that is intended for actual programming: programs written in an assembly language are finite instruction sequences for which single-pass execution is usually not possible. We will also show that all finite-state processes can as well be produced by programs written in a program notation which is close to existing assembly languages.

Instruction sequences under execution may make use of services provided by their execution environment such as counters, stacks and Turing tapes. The use operators added to basic thread algebra in e.g. [12] can be used to describe the behaviours produced by instruction sequences under execution that make use of services. Interesting is that instruction sequences under execution that make use of services may produce infinite-state processes. On that account, we will make precise what processes are produced by instruction sequences under execution that make use of services provided by their execution environment.

As a continuation of the work on a new approach to programming language semantics mentioned above, the notion of an instruction sequence was subjected to systematic and precise analysis using the groundwork laid earlier. This led among other things to expressiveness results about the instruction sequences considered and variations of the instruction sequences considered (see e.g. [12,18,20,21,36]). Instruction sequences are under discussion for many years in diverse work on computer architecture, as witnessed by e.g. [4,22,23,30,33,34,35,39,41], but the notion of an instruction sequence has never been subjected to any precise analysis before. As another continuation of the work on a new approach to programming language semantics mentioned above, selected issues relating to well-known subjects from the theory of computation and the area of computer architecture were rigorously investigated thinking in terms of instruction sequences.
The subjects from the theory of computation, namely the halting problem and non-uniform computational complexity, are usually investigated thinking in terms of a common model of computation such as Turing machines and Boolean circuits (see e.g. [1,2,8,38]). The subjects from the area of computer architecture, namely instruction sequence performance, instruction set architectures and remote instruction processing, are usually not investigated in a rigorous way at all. The general aim of the work in both continuations mentioned is to bring instruction sequences as a theme in computer science better into the picture. The work presented in this paper forms a part of the last mentioned continuation.

This paper is organized as follows. The body of the paper consists of three parts. The first part (Sections 2–7) concerns the behaviours produced by instruction sequences under execution as such and includes surveys of program algebra, basic thread algebra and the algebraic theory of processes known as ACP. The second part (Sections 8–10) concerns the issue of implementing these behaviours in the case where the processing of instructions takes place remotely and includes rigorous descriptions of two protocols for remote instruction processing. The third part (Sections 11–14) concerns the issue of the extent to which the behaviours considered in process algebra can be produced by instruction sequences under execution and includes the result that, by apposite choice of instructions, all finite-state processes can be produced by instruction sequences.

This paper consolidates material from [11,13,14].

2 Program Algebra

In this section, we review PGA (ProGram Algebra). The starting-point of program algebra is the perception of a program as a single-pass instruction sequence. The concepts underlying the primitives of program algebra are common in programming, but the particular form of the primitives is not common. The predominant concern in the design of program algebra has been to achieve simple syntax and semantics, while maintaining the expressive power of arbitrary finite control.

In PGA, it is assumed that a fixed but arbitrary set $A$ of basic instructions has been given. The intuition is that the execution of a basic instruction may modify a state and produces a reply at its completion. The possible replies are the Boolean values $T$ and $F$.

PGA has the following primitive instructions:

- for each $a \in A$, a plain basic instruction $a$;
- for each $a \in A$, a positive test instruction $+a$;
- for each $a \in A$, a negative test instruction $-a$;
- for each $l \in \mathbb{N}$, a forward jump instruction $\#l$;
- a termination instruction $!$.

We write $I$ for the set of all primitive instructions of PGA. On execution of an instruction sequence, these primitive instructions have the following effects:
the effect of a positive test instruction $+a$ is that basic instruction $a$ is executed and execution proceeds with the next primitive instruction if $T$ is produced and otherwise the next primitive instruction is skipped and execution proceeds with the primitive instruction following the skipped one — if there is no primitive instructions to proceed with, inaction occurs;

– the effect of a negative test instruction $-a$ is the same as the effect of $+a$, but with the role of the value produced reversed;

– the effect of a plain basic instruction $a$ is the same as the effect of $+a$, but execution always proceeds as if $T$ is produced;

– the effect of a forward jump instruction $#l$ is that execution proceeds with the $l$-th next instruction of the program concerned — if $l$ equals 0 or there is no primitive instructions to proceed with, inaction occurs;

– the effect of the termination instruction $!$ is that execution terminates.

PGA has the following constants and operators:

– for each $u \in \mathcal{I}$, an instruction constant $u$;

– the binary concatenation operator $;$;

– the unary repetition operator $\omega$.

We assume that there is a countably infinite set of variables which includes $x, y, z$. Terms are built as usual. We use infix notation for concatenation and postfix notation for repetition.

A closed PGA term is considered to denote a non-empty, finite or eventually periodic infinite sequence of primitive instructions\(^2\). The instruction sequence denoted by a closed term of the form $t; t'$ is the instruction sequence denoted by $t$ concatenated with the instruction sequence denoted by $t'$. The instruction sequence denoted by a closed term of the form $t\omega$ is the instruction sequence denoted by $t$ concatenated infinitely many times with itself. Some simple examples of closed PGA terms are

$$a;b;c, \quad +a;#2;#3;b;!, \quad a;(b;c)\omega.$$ 

On execution of the instruction sequence denoted by the first term, the basic instructions $a$, $b$ and $c$ are executed in that order and after that inaction occurs. On execution of the instruction sequence denoted by the second term, the basic instruction $a$ is executed first, if the execution of $a$ produces the reply $T$, the basic instruction $b$ is executed next and after that execution terminates, and if the execution of $a$ produces the reply $F$, inaction occurs. On execution of the instruction sequence denoted by the third term, the basic instruction $a$ is executed first, and after that the basic instructions $b$ and $c$ are executed in that order repeatedly forever.

Closed PGA terms are considered equal if they represent the same instruction sequence. The axioms for instruction sequence equivalence are given in Table I. In this table, $n$ stands for an arbitrary positive natural number. The term $t^n$,\(^3\)

\(^2\) An eventually periodic infinite sequence is an infinite sequence with only finitely many distinct suffixes.
Table 1. Axioms of PGA

<table>
<thead>
<tr>
<th>Equation</th>
<th>PGA</th>
</tr>
</thead>
<tbody>
<tr>
<td>((x ; y) \cdot z = x \cdot (y ; z))</td>
<td>PGA1</td>
</tr>
<tr>
<td>((x^n)^\omega = x^\omega)</td>
<td>PGA2</td>
</tr>
<tr>
<td>(x^\omega ; y = x^\omega)</td>
<td>PGA3</td>
</tr>
<tr>
<td>((x ; y)^\omega = x \cdot (y ; x)^\omega)</td>
<td>PGA4</td>
</tr>
</tbody>
</table>

where \(t\) is a PGA term, is defined by induction on \(n\) as follows: \(t^1 = t\) and \(t^{n+1} = t \cdot t^n\). The unfolding equation \(x^\omega = x ; x^\omega\) is derived as follows:

\[
\begin{align*}
    x^\omega &= (x : x)^\omega \quad \text{by PGA2} \\
    &= x ; (x ; x)^\omega \quad \text{by PGA4} \\
    &= x ; x^\omega \quad \text{by PGA2}.
\end{align*}
\]

Each closed PGA term is derivably equal to a term in canonical form, i.e. a term of the form \(t \lor t'\), where \(t\) and \(t'\) are closed PGA terms in which the repetition operator does not occur. For example:

\[
\begin{align*}
    (a ; b)^\omega ; c ; ! &= a ; (b ; a)^\omega , \\
    +a ; (#4 ; b ; (-c ; #5 ; !)^\omega)^\omega &= +a ; #4 ; b ; (-c ; #5 ; !)^\omega .
\end{align*}
\]

The initial models of PGA are considered its standard models. Henceforth, we restrict ourselves to the initial model \(I_{PGA}\) of PGA in which:

- the domain is the set of all non-empty, finite and eventually periodic infinite sequences over the set \(I\) of primitive instructions;
- the operation associated with \(;\) is concatenation;
- the operation associated with \(\omega\) is the operation \(\omega\) defined as follows:
  - if \(F\) is a finite sequence over \(I\), then \(F^\omega\) is the unique eventually periodic infinite sequence \(F'\) such that \(F\) concatenated \(n\) times with itself is a proper prefix of \(F'\) for each \(n \in \mathbb{N}\);
  - if \(F\) is an eventually periodic infinite sequence over \(I\), then \(F^\omega\) is \(F\).

In the sequel, we use the term instruction sequence for the elements of the domain of \(I_{PGA}\), and we denote the interpretations of the constants and operators of PGA in \(I_{PGA}\) by the constants and operators themselves. \(I_{PGA}\) is loosely called the initial model of PGA because all initial models of PGA are isomorphic, i.e. there exist bijective homomorphism between them (see e.g. [37,40]).

3 Basic Thread Algebra

In this section, we review BTA (Basic Thread Algebra). BTA is an algebraic theory of mathematical objects that represent in a direct way the behaviours produced by instruction sequences under execution. The objects concerned are called threads.

In BTA, it is assumed that a fixed but arbitrary set \(\mathcal{A}\) of basic actions, with \(\text{tau} \notin \mathcal{A}\), has been given. Besides, \(\text{tau}\) is a special basic action. We write \(\mathcal{A}_{\text{tau}}\) for
A thread performs basic actions in a sequential fashion. Upon each basic action performed, a reply from an execution environment determines how it proceeds. The possible replies are the Boolean values $T$ and $F$. Performing $\text{tau}$, which is considered performing an internal action, always leads to the reply $T$.

Although BTA is one-sorted, we make this sort explicit. The reason for this is that we will extend BTA with an additional sort in Section 13.

BTA has one sort: the sort $T$ of threads. To build terms of sort $T$, it has the following constants and operators:

- the inaction constant $D : T$;
- the termination constant $S : T$;
- for each $a \in \mathcal{A}$, the binary postconditional composition operator $\preceq a \succeq : T \times T \to T$.

We assume that there are infinitely many variables of sort $T$, including $x, y, z$. Terms of sort $T$ are built as usual. We use infix notation for the postconditional composition operators. We introduce basic action prefixing as an abbreviation: $a \circ t$, where $a \in \mathcal{A}_{\text{tau}}$ and $t$ is a term of sort $T$, abbreviates $t \preceq a \succeq t$.

The thread denoted by a closed term of the form $t \preceq a \succeq t'$ will first perform $a$, and then proceed as the thread denoted by $t$ if the reply from the execution environment is $T$ and proceed as the thread denoted by $t'$ if the reply from the execution environment is $F$. The threads denoted by $D$ and $S$ will become inactive and terminate, respectively. Some simple examples of closed BTA terms are

$$a \circ (S \preceq b \succeq D), \quad (b \circ S) \preceq a \succeq D.$$  

The first term denotes the thread that first performs basic action $a$, next performs basic action $b$, if the reply from the execution environment on performing $b$ is $T$, after that terminates, and if the reply from the execution environment on performing $b$ is $F$, after that becomes inactive. The second term denotes the thread that first performs basic action $a$, if the reply from the execution environment on performing $a$ is $T$, next performs the basic action $b$ and after that terminates, and if the reply from the execution environment on performing $a$ is $F$, next becomes inactive.

BTA has only one axiom. This axiom is given in Table 2. Using the abbreviation introduced above, axiom $T_1$ can be written as follows: $x \preceq \text{tau} \succeq y = \text{tau} \circ x$.

Notice that each closed BTA term denotes a thread that will become inactive or terminate after it has performed finitely many actions. Infinite threads can be described by guarded recursion.

A guarded recursive specification over BTA is a set of recursion equations $E = \{ X = t_X \mid X \in V \}$, where $V$ is a set of variables of sort $T$ and each $t_X$ is a BTA term of the form $D, S$ or $t \preceq a \succeq t'$ with $t$ and $t'$ that contain only variables...
Table 3. RDP, RSP and AIP

<table>
<thead>
<tr>
<th>Equation</th>
<th>Description</th>
<th>Axiom</th>
</tr>
</thead>
<tbody>
<tr>
<td>( \langle X</td>
<td>E \rangle = \langle t X</td>
<td>E \rangle ) if ( X = t X \in E )</td>
</tr>
<tr>
<td>( E \Rightarrow X = \langle X</td>
<td>E \rangle ) if ( X \in V(E) )</td>
<td>RSP</td>
</tr>
<tr>
<td>( \pi_{n+1}(D) = D )</td>
<td></td>
<td>P2</td>
</tr>
<tr>
<td>( \bigwedge_{n \geq 0} \pi_{n}(x) = \pi_{n}(y) \Rightarrow x = y )</td>
<td>AIP</td>
<td>P3</td>
</tr>
</tbody>
</table>

from \( V \). We write \( V(E) \) for the set of all variables that occur in \( E \). We are only interested in models of BTA in which guarded recursive specifications have unique solutions, such as the projective limit model of BTA presented in [5].

A simple example of a guarded recursive specification is the one consisting of following two equations:

\[
\begin{align*}
  x &= x \preceq a \succeq y, \\
  y &= y \preceq b \succeq S.
\end{align*}
\]

The \( x \)-component of the solution of this guarded recursive specification is the thread that first performs basic action \( a \) repeatedly until the reply from the execution environment on performing \( a \) is \( F \), next performs basic action \( b \) repeatedly until the reply from the execution environment on performing \( b \) is \( F \), and after that terminates.

For each guarded recursive specification \( E \) and each \( X \in V(E) \), we introduce a constant \( \langle X | E \rangle \) of sort \( T \) standing for the \( X \)-component of the unique solution of \( E \). We write \( \langle t X | E \rangle \) for \( t X \) with, for all \( Y \in V(E) \), all occurrences of \( Y \) in \( t X \) replaced by \( \langle Y | E \rangle \). The axioms for the constants for the components of the solutions of guarded recursive specifications are RDP (Recursive Definition Principle) and RSP (Recursive Specification Principle), which are given in Table 3. RDP and RSP are actually axiom schemas in which \( X \) stands for an arbitrary variable, \( t X \) stands for an arbitrary BTA term, and \( E \) stands for an arbitrary guarded recursive specification over BTA. Side conditions are added to restrict what \( X \), \( t X \) and \( E \) stand for. The equations \( \langle X | E \rangle = \langle t X | E \rangle \) for a fixed \( E \) express that the constants \( \langle X | E \rangle \) make up a solution of \( E \). The conditional equations \( E \Rightarrow X = \langle X | E \rangle \) express that this solution is the only one.

RDP and RSP are means to prove closed terms that denote the same infinite thread equal. We introduce AIP (Approximation Induction Principle) as an additional means to prove closed terms that denote the same infinite thread equal. AIP is based on the view that two threads are identical if their approximations up to any finite depth are identical. The approximation up to depth \( n \) of a thread is obtained by cutting it off after it has performed \( n \) actions. AIP is also given in Table 3. Here, approximation up to depth \( n \) is phrased in terms of the unary projection operator \( \pi_{n} : T \to T \). The axioms for the projection operators are axioms P0–P3 in Table 3. P1–P3 are actually axiom schemas in which \( a \) stands for arbitrary basic action and \( n \) stands for an arbitrary natural number.

We write BTA+REC for BTA extended with the constants for the components of the solutions of guarded recursive specifications, the projection operators and the axioms RDP, RSP, AIP and P0–P3.
The minimal models of $BTA+REC$ are considered its standard models. Recall that a model of an algebraic theory is minimal iff all elements of the domains associated with the sorts of the theory can be denoted by closed terms. Henceforth, we restrict ourselves to the minimal models of $BTA+REC$. We assume that a minimal model $M_{BTA+REC}$ of $BTA+REC$ has been given.

In the sequel, we use the term *thread* for the elements of the domain of $M_{BTA+REC}$, and we denote the interpretations of constants and operators in $M_{BTA+REC}$ by the constants and operators themselves.

Let $T$ be a thread. Then the set of *states* or residual threads of $T$, written $\text{Res}(T)$, is inductively defined as follows:

- $T \in \text{Res}(T)$;
- if $T' \leq a \geq T'' \in \text{Res}(T)$, then $T' \in \text{Res}(T)$ and $T'' \in \text{Res}(T)$.

Let $T$ be a thread and let $\mathcal{A}' \subseteq \mathcal{A}_{\tau}$. Then $T$ is regular over $\mathcal{A}'$ if the following conditions are satisfied:

- $\text{Res}(T)$ is finite;
- for all $T', T'' \in \text{Res}(T)$ and $a \in \mathcal{A}_{\tau}$, $T' \leq a \geq T'' \in \text{Res}(T)$ implies $a \in \mathcal{A}'$.

We say that $T$ is regular if $T$ is regular over $\mathcal{A}_{\tau}$.

For example, the $x$-component of the solution of the guarded recursive specification consisting of the following two equations:

\[
x = a \circ y, \quad y = (c \circ y) \leq b \geq (x \leq d \geq S)
\]

has five states and is regular over any $\mathcal{A}' \subseteq \mathcal{A}_{\tau}$ for which $\{a, b, c, d\} \subseteq \mathcal{A}'$.

We will make use of the fact that being a regular thread coincides with being a component of the solution of a finite guarded recursive specification in which the right-hand sides of the recursion equations are of a restricted form.

A linear recursive specification over $BTA$ is a guarded recursive specification $E = \{X = t_X \mid X \in V\}$ over $BTA$, where each $t_X$ is a term of the form $D$, $S$ or $Y \leq a \geq Z$ with $Y, Z \in V$.

**Proposition 1.** Let $T$ be a thread and let $\mathcal{A}' \subseteq \mathcal{A}_{\tau}$. Then $T$ is regular over $\mathcal{A}'$ iff there exists a finite linear recursive specification $E$ over $BTA$ in which only basic actions from $\mathcal{A}'$ occur such that $T$ is a component of the solution of $E$.

**Proof.** The implication from left to right is proved as follows. Because $T$ is regular, $\text{Res}(T)$ is finite. Hence, there are finitely many threads $T_1, \ldots, T_n$, with $T = T_1$, such that $\text{Res}(T) = \{T_1, \ldots, T_n\}$. Now $T$ is the $x_1$-component of the solution of the linear recursive specification consisting of the following equations:

\[
x_i = \begin{cases} S & \text{if } T_i = S \\ D & \text{if } T_i = D \\ x_j \leq a \geq x_k & \text{if } T_i = T_j \leq a \geq T_k \end{cases}
\]

for all $i \in [1, n]$. 

\footnote{A minimal model of an algebraic theory is a model of which no proper subalgebra is a model as well.}
Table 4. Defining equations for thread extraction operation

| a = a ⚪ D       | #l = D       |
| a ; F = a ⚪ |F|       | #0 ; F = D       |
| +a = a ⚪ D       | #1 ; F = |F|       |
| +a ; F = |F| ≤a ⪰ |#2 ; F|       | #l + 2 ; u = D       |
| −a = a ⚪ D       | #l + 2 ; u ; F| = |#l + 1 ; F|       |
| −a ; F = |#2 ; F| ≤a ⪰ |F|       | | = S       |
| ! F = S       |

Because \( T \) is regular over \( \mathcal{A}' \), only basic actions from \( \mathcal{A}' \) occur in the linear recursive specification constructed in this way.

The implication from right to left is proved as follows. Thread \( T \) is a component of the unique solution of a finite linear specification in which only basic actions from \( \mathcal{A}' \) occur. This means that there are finitely many threads \( T_1, \ldots, T_n, \) with \( T = T_1 \), such that for every \( i \in [1, n] \), \( T_i = S, T_i = D \) or \( T_i = T_j \leq a \geq T_k \) for some \( j, k \in [1, n] \) and \( a \in \mathcal{A}' \). Consequently, \( T' \in \text{Res}(T) \) iff \( T' = T_i \) for some \( i \in [1, n] \) and moreover \( T' \leq a \geq T'' \in \text{Res}(T) \) only if \( a \in \mathcal{A}' \). Hence, \( \text{Res}(T) \) is finite and \( T \) is regular over \( \mathcal{A}' \).

Remark 1. A structural operational semantics of BTA+REC and a bisimulation equivalence based on it can be found in e.g. [10]. The quotient algebra of the algebra of closed terms of BTA+REC by this bisimulation equivalence is one of the minimal models of BTA+REC.

4 Thread Extraction

In this short section, we use BTA+REC to make mathematically precise which threads are produced by instruction sequences under execution.

For that purpose, \( \mathcal{A} \) is taken such that \( \mathcal{A} \supseteq \mathfrak{A} \) is satisfied.

The thread extraction operation \( \lfloor \cdot \rceil \) assigns a thread to each instruction sequence. The thread extraction operation is defined by the equations given in Table 4 (for \( a \in \mathfrak{A}, l \in \mathbb{N}, \) and \( u \in \mathfrak{I} \)) and the rule that \( \lfloor \#l ; F \rfloor = D \) if \( \#l \) is the beginning of an infinite jump chain. This rule is formalized in e.g. [12].

Let \( F \) be an instruction sequence and \( T \) be a thread. Then we say that \( F \) produces \( T \) if \( \lfloor F \rfloor = T \). For example,

- \( a ; b ; c \) produces \( a \circ b \circ c \circ D \),
- \( +a ; \#2 ; \#3 ; b ; ! \) produces \( (b \circ S) \leq a \geq D \),
- \( +a ; -b ; c ; ! \) produces \( (S \leq b \geq (c \circ S)) \leq a \geq (c \circ S) \),
- \( +a ; \#2 ; (b ; \#2 ; c ; \#2) \) produces \( D \leq a \geq (b \circ D) \).

In the case of instruction sequences that are not finite, the produced threads can be described as components of the solution of a guarded recursive specification. For example, the infinite instruction sequence

\( (a ; +b)^{\omega} \)
produces the $x$-component of the solution of the guarded recursive specification consisting of following two equations:

$$x = a \circ y, \quad y = x \triangleleft b \triangleright y$$

and the infinite instruction sequence

$$a ; (+ b ; #2 ; #3 ; c ; #4 ; - d ; ! ; a) \omega$$

produces the $x$-component of the solution of the guarded recursive specification consisting of following two equations:

$$x = a \circ y, \quad y = (c \circ y) \triangleleft b \triangleright (x \triangleleft d \triangleright S).$$

## 5 Algebra of Communicating Processes

In this section, we review ACP$^\tau$ (Algebra of Communicating Processes with abstraction). This algebraic theory of processes will among other things be used to make precise what processes are produced by the threads denoted by closed terms of BTA+REC. For a comprehensive overview of ACP$^\tau$, the reader is referred to [3,24].

In ACP$^\tau$, it is assumed that a fixed but arbitrary set $A$ of atomic actions, with $\tau, \delta / \in A$, and a fixed but arbitrary commutative and associative function $|: A \cup \{\tau\} \times A \cup \{\tau\} \rightarrow A \cup \{\delta\}$, with $| e = \delta$ for all $e \in A \cup \{\tau\}$, have been given. The function $|$ is regarded to give the result of synchronously performing any two atomic actions for which this is possible, and to give $\delta$ otherwise. In ACP$^\tau$, $\tau$ is a special atomic action, called the silent step. The act of performing the silent step is considered unobservable. Because it would otherwise be observable, the silent step is considered an atomic action that cannot be performed synchronously with other atomic actions. We write $A_\tau$ for $A \cup \{\tau\}$.

ACP$^\tau$ has the following constants and operators:

- for each $e \in A$, the atomic action constant $e$;
- the silent step constant $\tau$;
- the inaction constant $\delta$;
- the binary alternative composition operator $+$;
- the binary sequential composition operator $\cdot$;
- the binary parallel composition operator $\parallel$;
- the binary left merge operator $\lfloor \lfloor$;
- the binary communication merge operator $|$;
- for each $H \subseteq A$, the unary encapsulation operator $\partial H$;
- for each $I \subseteq A$, the unary abstraction operator $\tau_I$.

We assume that there are infinitely many variables, including $x, y, z$. Terms are built as usual. We use infix notation for the binary operators. The precedence conventions used with respect to the operators of ACP$^\tau$ are as follows: $+$ binds weaker than all others, $\cdot$ binds stronger than all others, and the remaining operators bind equally strong.

Let $t$ and $t'$ be closed ACP$^\tau$ terms, $e \in A$, and $H, I \subseteq A$. Intuitively, the constants and operators to build ACP$^\tau$ terms can be explained as follows:
– the process denoted by $e$ first performs atomic action $e$ and next terminates successfully;
– the process denoted by $\tau$ performs an unobservable atomic action and next terminates successfully;
– the process denoted by $\delta$ can neither perform an atomic action nor terminate successfully;
– the process denoted by $t + t'$ behaves either as the process denoted by $t$ or as the process denoted by $t'$, but not both;
– the process denoted by $t \cdot t'$ first behaves as the process denoted by $t$ and on successful termination of that process it next behaves as the process denoted by $t'$;
– the process denoted by $t \parallel t'$ behaves as the process that proceeds with the processes denoted by $t$ and $t'$ in parallel;
– the process denoted by $t \lfloor t'$ behaves as the process denoted by $t$, except that atomic actions from $H$ are blocked;
– the process denoted by $t \rfloor t'$ behaves as the process denoted by $t$, except that atomic actions from $I$ are turned into unobservable atomic actions.

The operators $\parallel$ and $|$ are of an auxiliary nature. They are needed to axiomatize ACP$^\tau$.

The axioms of ACP$^\tau$ are given in Table 5. CM2–CM3, CM5–CM7, C1–C4, D1–D4 and TI1–TI4 are actually axiom schemas in which $a$, $b$ and $c$ stand for arbitrary constants of ACP$^\tau$, and $H$ and $I$ stand for arbitrary subsets of $A$. ACP$^\tau$ is extended with guarded recursion like BTA.

A recursive specification over ACP$^\tau$ is a set of recursion equations $E = \{X = t_X \mid X \in V\}$, where $V$ is a set of variables and each $t_X$ is an ACP$^\tau$ term containing only variables from $V$. We write $V(E)$ for the set of all variables that occur in $E$. Let $t$ be an ACP$^\tau$ term without occurrences of abstraction operators containing a variable $X$. Then an occurrence of $X$ in $t$ is guarded if $t$ has a subterm of the form $e \cdot t'$ where $e \in A$ and $t'$ is a term containing this occurrence of $X$. Let $E$ be a recursive specification over ACP$^\tau$. Then $E$ is a guarded recursive specification if, in each equation $X = t_X \in E$: (i) abstraction operators do not occur in $t_X$ and (ii) all occurrences of variables in $t_X$ are guarded or $t_X$ can be rewritten to such a term using the axioms of ACP$^\tau$ in either direction and/or the equations in $E$ except the equation $X = t_X$ from left to right. We are only interested models of ACP$^\tau$ in which guarded recursive specifications have unique solutions, such as the models of ACP$^\tau$ presented in [3].

For each guarded recursive specification $E$ and each $X \in V(E)$, we introduce a constant $\langle X \mid E \rangle$ standing for the $X$-component of the unique solution of $E$. We
Table 5. Axioms of ACP

<table>
<thead>
<tr>
<th>Term</th>
<th>Axiom</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>( x + y = y + x )</td>
<td>A1</td>
<td>( x \cdot \tau = x ) B1</td>
</tr>
<tr>
<td>((x + y) + z = x + (y + z))</td>
<td>A2</td>
<td>( x \cdot (\tau \cdot (y + z) + y) = x \cdot (y + z) ) B2</td>
</tr>
<tr>
<td>( x + x = x )</td>
<td>A3</td>
<td>( (x \cdot y) \cdot z = x \cdot (y \cdot z) ) A4</td>
</tr>
<tr>
<td>( \partial_H(a) = a ) if ( a \notin H )</td>
<td>D1</td>
<td></td>
</tr>
<tr>
<td>( \partial_H(a) = \delta ) if ( a \in H )</td>
<td>D2</td>
<td></td>
</tr>
<tr>
<td>( x + \delta = x )</td>
<td>A6</td>
<td>( \partial_H(x) = \partial_H(x) ) D3</td>
</tr>
<tr>
<td>( \delta \cdot x = \delta )</td>
<td>A7</td>
<td>( \partial_H(x) = \partial_H(x) \cdot \partial_H(y) ) D4</td>
</tr>
</tbody>
</table>

Table 6. RDP, RSP and AIP

<table>
<thead>
<tr>
<th>Term</th>
<th>Axiom</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>( \langle X \rangle E = \langle t_X \rangle E ) if ( X = t_X \in E )</td>
<td>RDP</td>
<td>( \pi_0(a) = \delta ) PR1</td>
</tr>
<tr>
<td>( E \Rightarrow X = \langle X \rangle E ) if ( X \in V(E) )</td>
<td>RSP</td>
<td>( \pi_{n+1}(a) = a ) PR2</td>
</tr>
<tr>
<td>( \wedge_{n \geq 0} \pi_n(x) = \pi_n(y) \Rightarrow x = y )</td>
<td>AIP</td>
<td>( \pi_0(a \cdot x) = \delta ) PR3</td>
</tr>
<tr>
<td>( \pi_{n+1}(a \cdot x) = a \cdot \pi_n(x) )</td>
<td>PR4</td>
<td></td>
</tr>
<tr>
<td>( \pi_n(x + y) = \pi_n(x) + \pi_n(y) )</td>
<td>PR5</td>
<td></td>
</tr>
<tr>
<td>( \pi_n(\tau) = \tau )</td>
<td>PR6</td>
<td></td>
</tr>
<tr>
<td>( \pi_n(\tau \cdot x) = \tau \cdot \pi_n(x) )</td>
<td>PR7</td>
<td></td>
</tr>
</tbody>
</table>

write \( \langle t_X \rangle E \) for \( t_X \) with, for all \( Y \in V(E) \), all occurrences of \( Y \) in \( t_X \) replaced by \( \langle Y \rangle E \). The axioms for the constants for the components of the solutions of guarded recursive specifications are RDP and RSP, which are given in Table 6. RDP and RSP are actually axiom schemas in which \( X \) stands for an arbitrary variable, \( t_X \) stands for an arbitrary ACP\(^*\) term, and \( E \) stands for an arbitrary guarded recursive specification over ACP\(^*\). Side conditions are added to restrict what \( X, t_X \) and \( E \) stand for.

Closed terms of ACP\(^*\) extended with constants for the components of the solutions of guarded recursive specifications that denote the same process cannot always be proved equal by means of the axioms of ACP\(^*\) together with RDP and RSP. We introduce AIP to remedy this. AIP is based on the view that two processes are identical if their approximations up to any finite depth are identical. The approximation up to depth \( n \) of a process behaves the same as that process, except that it cannot perform any further atomic action after \( n \) atomic actions have been performed. AIP is given in Table 6. Here, approximation up to depth
is phrased in terms of a unary projection operator $\pi_n$. The axioms for the projection operators are axioms PR1–PR7 in Table 6. PR1–PR7 are actually axiom schemas in which $a$ stands for arbitrary constants of $\text{ACP}_\tau$ different from $\tau$ and $n$ stands for an arbitrary natural number.

We write $\text{ACP}_\tau^{\text{+REC}}$ for $\text{ACP}_\tau$ extended with the constants for the components of the solutions of guarded recursive specifications, the projection operators, and the axioms RDP, RSP, AIP and PR1–PR7.

The minimal models of $\text{ACP}_\tau^{\text{+REC}}$ are considered its standard models. Henceforth, we restrict ourselves to the minimal models of $\text{ACP}_\tau^{\text{+REC}}$. We assume that a fixed but arbitrary minimal model $\mathcal{M}_{\text{ACP}_\tau^{\text{+REC}}}$ has been given.

From Section 12, we will sometimes assume that CFAR (Cluster Fair Abstraction Rule) is valid in $\mathcal{M}_{\text{ACP}_\tau^{\text{+REC}}}$. CFAR says that a cluster of silent steps that has exits can be eliminated if all exits are reachable from everywhere in the cluster. A precise formulation of CFAR can be found in [24].

We use the term process for the elements from the domain of $\mathcal{M}_{\text{ACP}_\tau^{\text{+REC}}}$, and we denote the interpretations of constants and operators in $\mathcal{M}_{\text{ACP}_\tau^{\text{+REC}}}$ by the constants and operators themselves.

Let $P$ be a process. Then the set of states or subprocesses of $P$, written $\text{Sub}(P)$, is inductively defined as follows:

- $P \in \text{Sub}(P)$;
- if $e \cdot P' \in \text{Sub}(P)$, then $P' \in \text{Sub}(P)$;
- if $e \cdot P' + P'' \in \text{Sub}(P)$, then $P' \in \text{Sub}(P)$.

Let $P$ be a process and let $A' \subseteq A_\tau$. Then $P$ is regular over $A'$ if the following conditions are satisfied:

- $\text{Sub}(P)$ is finite;
- for all $P' \in \text{Sub}(P)$ and $e \in A_\tau$, $e \cdot P' \in \text{Sub}(P)$ implies $e \in A'$;
- for all $P', P'' \in \text{Sub}(P)$ and $e \in A_\tau$, $e \cdot P' + P'' \in \text{Sub}(P)$ implies $e \in A'$.

We say that $P$ is regular if $P$ is regular over $A_\tau$.

We will make use of the fact that being a regular process over $A$ coincides with being a component of the solution of a finite guarded recursive specification in which the right-hand sides of the recursion equations are linear terms. Linearity of terms is inductively defined as follows:

- $\delta$ is linear;
- if $e \in A_\tau$, then $e$ is linear;
- if $e \in A_\tau$ and $X$ is a variable, then $e \cdot X$ is linear;
- if $t$ and $t'$ are linear, then $t + t'$ is linear.

A linear recursive specification over $\text{ACP}_\tau$ is a guarded recursive specification $E = \{X = t_X \mid X \in V\}$ over $\text{ACP}_\tau$, where each $t_X$ is linear.

**Proposition 2.** Let $P$ be a process and let $A' \subseteq A$. Then $P$ is regular over $A'$ iff there exists a finite linear recursive specification $E$ over $\text{ACP}_\tau$ in which only atomic actions from $A'$ occur such that $P$ is a component of the solution of $E$. 
Proof. The proof follows the same line as the proof of Proposition 1.

Remark 2. Proposition 2 is concerned with processes that are regular over $A$. We can also prove that being a regular process over $A$ coincides with being a component of the solution of a finite linear recursive specification over $ACP^\tau$ if we assume that the cluster fair abstraction rule [23] holds in the model $\mathcal{M}_{ACP^\tau+REC}$. However, we do not need this more general result.

We will write $\sum_{i \in S} t_i$, where $S = \{i_1, \ldots, i_n\}$ and $t_{i_1}, \ldots, t_{i_n}$ are $ACP^\tau$ terms, for $t_{i_1} + \ldots + t_{i_n}$. The convention is that $\sum_{i \in S} t_i$ stands for $\delta$ if $S = \emptyset$. We will often write $X$ for $\langle X | E \rangle$ if $E$ is clear from the context. It should be borne in mind that, in such cases, we use $X$ as a constant.

6 Program-Service Interaction Instructions

Recall that, in PGA, it is assumed that a fixed but arbitrary set $A$ of basic instructions has been given. In the sequel, we will make use a version of PGA in which the following additional assumptions relating to $A$ are made:

- a fixed but arbitrary finite set $F$ of foci has been given;
- a fixed but arbitrary finite set $M$ of methods has been given;
- $A = \{f.m \mid f \in F, m \in M\}$.

Each focus plays the role of a name of some service provided by an execution environment that can be requested to process a command. Each method plays the role of a command proper. Executing a basic instruction of the form $f.m$ is taken as making a request to the service named $f$ to process command $m$.

A basic instruction of the form $f.m$ is called a program-service interaction instruction. Recall that, in BTA, it is assumed that a fixed but arbitrary set $A$ of basic actions has been given. In the sequel, we will make use of a version of BTA in which $A = A$. A basic action of the form $f.m$ is called a thread-service interaction action.

The intuition concerning program-service interaction instructions given above will be made fully precise in Section 7 using ACP.

7 Process Extraction

In this section, we use $ACP^\tau+REC$ to make mathematically precise which processes are produced by threads.

For that purpose, $A$ and $|$ are taken such that the following conditions are satisfied:

$$A \supseteq \{sf(d) \mid f \in F, d \in M \cup B\} \cup \{rf(d) \mid f \in F, d \in M \cup B\} \cup \{\text{stop}, i\}$$

$^4$ As usual, we will write $B$ for the set $\{T, F\}$. 

15
Table 7. Defining equations for process extraction operation

<table>
<thead>
<tr>
<th>$S$</th>
<th>$\tau$</th>
<th>$D$</th>
<th>$\delta$</th>
</tr>
</thead>
<tbody>
<tr>
<td>stop</td>
<td>$T \leq \tau \geq T'$</td>
<td>$T \leq f.m \geq T'$</td>
<td></td>
</tr>
</tbody>
</table>

and for all $f \in F$, $d \in M \cup B$, and $e \in A$:

- $s_f(d) \mid r_f(d) = i$
- $s_f(d) \mid e = \delta$ if $e \neq r_f(d)$, stop $\mid e = \delta$ if $e \neq \text{stop}$,
- $e \mid r_f(d) = \delta$ if $e \neq s_f(d)$, i $\mid e = \delta$.

Actions of the forms $s_f(d)$ and $r_f(d)$ are send and receive actions, respectively, stop is an explicit termination action, and $i$ is a concrete internal action.

The process extraction operation $\llbracket \cdot \rrbracket$ assigns a process to each thread. The process extraction operation $\llbracket T \rrbracket$ is defined by $\llbracket T \rrbracket = \tau_{(\text{stop})}(\llbracket T \rrbracket)$, where $\llbracket \cdot \rrbracket$ is defined by the equations given in Table 7 (for $f \in F$ and $m \in M$).

Let $P$ be a process, $T$ be a thread, and $F$ be an instruction sequence. Then we say that $T$ produces $P$ if $\tau \cdot \tau_{1}(\llbracket T \rrbracket) = \tau \cdot P$ for some $I \subseteq A$, and we say that $F$ produces $P$ if $\llbracket F \rrbracket$ produces $P$.

Notice that two atomic actions are involved in performing a basic action of the form $f.m$: one for sending a request to process command $m$ to the service named $f$ and another for receiving a reply from that service upon completion of the processing. Notice also that, for each thread $T$, $\llbracket T \rrbracket$ is a process that in the event of termination performs a special termination action just before termination. Abstraction from this termination action yields the process denoted by $\llbracket T \rrbracket$.

The process extraction operation preserves the axioms of BTA+REC. Before we make this fully precise, we have a closer look at the axioms of BTA+REC.

A proper axiom is an equation or a conditional equation. In Table 8, we do not find proper axioms. Instead of proper axioms, we find axiom schemas without side conditions and axiom schemas with side conditions. The axioms of BTA+REC are obtained by replacing each axiom schema by all its instances.

Henceforth, we write $\alpha^*$, where $\alpha$ is a valuation of variables in $M_{\text{BTA+REC}}$, for the unique homomorphic extension of $\alpha$ to terms of BTA+REC. Moreover, we identify $t_1 = t_2$ and $\emptyset \Rightarrow t_1 = t_2$.

Proposition 3. Let $E \Rightarrow t_1 = t_2$ be an axiom of BTA+REC, and let $\alpha$ be a valuation of variables in $M_{\text{BTA+REC}}$. Then $|\alpha^*(t_1)| = |\alpha^*(t_2)|$ if $|\alpha^*(t'_1)| = |\alpha^*(t'_2)|$ for all $t'_1, t'_2 \in E$.

Proof. The proof is trivial for the axiom of BTA and the axioms RDP and RSP. Using the equation $|\pi_n(T)| = \pi_n(\llbracket T \rrbracket)$, the proof is also trivial for the axioms AIP and P0–P3. This equation is easily proved by induction on $n$ and case distinction on the structure of $T$ in both the basis step and the inductive step. □
Remark 3. Proposition 3 would go through if no abstraction of the above-men-
tioned special termination action was made. Notice further that ACP$^T$ without
the silent step constant and the abstraction operator, better known as ACP, 
would suffice if no abstraction of the special termination action was made.

8 A Simple Protocol for Remote Instruction Processing

In this section and the next section, we consider two protocols for remote in-
struction processing. The simple protocol described in this section is presumably
the most straightforward protocol for remote instruction processing that can be
achieved. Therefore, we consider it a suitable starting-point for the design of
more advanced protocols for remote instruction processing – such as the one de-
scribed in the next section. Before this simple protocol is described, an extension
of ACP is introduced to simplify the description of the protocols.

The following extension of ACP from [2] will be used: the non-branching
conditional operator $\rightarrow$ over $\mathfrak{B}$. The expression $b \rightarrow p$, is to be read as if $b$
then $p$ else $\delta$. The additional axioms for the non-branching conditional operator
are

$$
\begin{align*}
T &: x = x \quad \text{and} \quad F : x = \delta .
\end{align*}
$$

In the sequel, we will use expressions whose evaluation yields Boolean values
instead of the constants $T$ and $F$. Because the evaluation of the expressions
concerned are not dependent on the processes denoted by the terms in which they
occur, we will identify each such expression with the constant for the Boolean
value that its evaluation yields. Further justification of this can be found in [9,
Section 9].

The protocols concern systems whose main components are an instruction
stream generator and an instruction stream execution unit. The instruction
stream generator generates different instruction streams for different threads.
This is accomplished by starting it in different states. The general idea of the
protocols is that:

– the instruction stream generator generating an instruction stream for a
  thread $T \subseteq a \supseteq T'$ sends $a$ to the instruction stream execution unit;
– on receipt of $a$, the instruction stream execution unit gets the execution of
  $a$ done and sends the reply produced to the instruction stream generator;
– on receipt of the reply, the instruction stream generator proceeds with gen-
  erating an instruction stream for $T$ if the reply is $T$ and for $T'$ otherwise.

In the case where the thread is $S$ or $D$, the instruction stream generator sends a
special instruction (stop or dead) and the instruction stream execution unit does
not send back a reply.

In this section, we consider a very simple protocol for remote instruction
processing that makes no effort to keep the execution unit busy without inter-
mission.
In the protocols, the generation of an instruction stream start from the thread produced by an instruction sequence under execution instead of the instruction sequence itself. It follows immediately from the definition of the thread extraction operation that the threads produced by instruction sequences under execution are regular threads. Therefore, we restrict ourselves to regular threads.

We write \( I \) for the set \( A \cup \{ \text{stop}, \text{dead} \} \). Elements from \( I \) will loosely be called instructions. The restriction of the domain of \( \mathcal{M}_{\text{HTA+REC}} \) to the regular threads will be denoted by \( \mathcal{RT} \).

The functions \( \text{act}, \text{thrt}, \text{thrf} \) defined below give, for each thread \( T \) different from \( S \) and \( D \), the basic action that \( T \) will perform first, the thread with which it will proceed if the reply from the execution environment is \( T \), and the thread with which it will proceed if the reply from the execution environment is \( F \), respectively. The functions \( \text{act}: \mathcal{RT} \to I \), \( \text{thrt}: \mathcal{RT} \to \mathcal{RT} \), and \( \text{thrf}: \mathcal{RT} \to \mathcal{RT} \) are defined as follows:

\[
\text{act}(S) = \text{stop}, \quad \text{thrt}(S) = D, \quad \text{thrf}(S) = D, \\
\text{act}(D) = \text{dead}, \quad \text{thrt}(D) = D, \quad \text{thrf}(D) = D, \\
\text{act}(T \leq a \geq T') = a, \quad \text{thrt}(T \leq a \geq T') = T, \quad \text{thrf}(T \leq a \geq T') = T'.
\]

The function \( \text{nxt}^0 \) defined below is used by the instruction stream generator to distinguish when it starts with handling the instruction to be executed next between the different instructions that it may be. The function \( \text{nxt}^0: I \times \mathcal{RT} \to B \) is defined as follows:

\[
\text{nxt}^0(a, T) = \begin{cases} 
T & \text{if } \text{act}(T) = a \\
F & \text{if } \text{act}(T) \neq a.
\end{cases}
\]

For the purpose of describing the simple protocol outlined above in \( \text{ACP}^r \), \( A \) and \( | \) are taken such that, in addition to the conditions mentioned at the beginning of Section 7, the following conditions are satisfied:

\[
A \supseteq \{ s_i(d) \mid i \in \{1, 2\}, d \in I \} \cup \{ r_i(d) \mid i \in \{1, 2\}, d \in I \} \\
\cup \{ s_i(r) \mid i \in \{3, 4\}, r \in B \} \cup \{ r_i(r) \mid i \in \{3, 4\}, r \in B \} \cup \{ j \}
\]

and for all \( i \in \{1, 2\}, j \in \{3, 4\}, d \in I, r \in B, \) and \( e \in A \):

\[
\begin{align*}
\text{s}_i(d) \mid r_i(d) &= j, & \text{s}_j(r) \mid r_j(r) &= j, \\
\text{s}_i(d) \mid e = \delta & \quad \text{if } e \neq r_i(d), & \text{s}_j(r) \mid e = \delta & \quad \text{if } e \neq r_j(r), \\
\text{e} \mid r_i(d) &= \delta & \quad \text{if } e \neq s_i(d), & \text{e} \mid r_j(r) &= \delta & \quad \text{if } e \neq s_j(r), \\
\text{j} \mid e &= \delta.
\end{align*}
\]

Notice that the set \( B \) is the set of replies.

Let \( T \in \mathcal{RT} \). Then the process representing the simple protocol for remote instruction processing with regard to thread \( T \) is described by

\[
\partial_H(\text{ISG}^0_T \parallel \text{IMTC}^0 \parallel \text{RTC}^0 \parallel \text{ISEU}^0),
\]

18
where the process $\text{ISG}^0_T$ is recursively specified by the following equation:

\[
\text{ISG}^0_T = \sum_{f,m \in A} \text{nxt}^0(f,m,T) \mapsto \text{s}_1(f,m) \cdot (\text{r}_4(T) \cdot \text{ISG}^0_{\text{thrt}(T)} + \text{r}_4(F) \cdot \text{ISG}^0_{\text{thr}(T)}) + \text{nxt}^0(\text{stop},T) \mapsto \text{s}_1(\text{stop}) + \text{nxt}^0(\text{dead},T) \mapsto \text{s}_1(\text{dead}),
\]

the process $\text{IMTC}^0$ is recursively specified by the following equation:

\[
\text{IMTC}^0 = \sum_{d \in \mathcal{I}} \text{r}_1(d) \cdot \text{s}_2(d) \cdot \text{IMTC}^0,
\]

the process $\text{RTC}^0$ is recursively specified by the following equation:

\[
\text{RTC}^0 = \sum_{r \in \mathbb{B}} \text{r}_3(r) \cdot \text{s}_4(r) \cdot \text{RTC}^0,
\]

the process $\text{ISEU}^0$ is recursively specified by the following equation:

\[
\text{ISEU}^0 = \sum_{f,m \in A} \text{r}_2(f,m) \cdot \text{s}_f(m) \cdot (\text{r}_f(T) \cdot \text{s}_3(T) + \text{r}_f(F) \cdot \text{s}_3(F)) \cdot \text{ISEU}^0 + \text{r}_2(\text{stop}) + \text{r}_2(\text{dead}) \cdot \delta
\]

and

\[
H = \{\text{s}_i(d) \mid i \in \{1,2\}, d \in \mathcal{I}\} \cup \{\text{r}_i(d) \mid i \in \{1,2\}, d \in \mathcal{I}\} \\
\cup \{\text{s}_i(r) \mid i \in \{3,4\}, r \in \mathbb{B}\} \cup \{\text{r}_i(r) \mid i \in \{3,4\}, r \in \mathbb{B}\}.
\]

$\text{ISG}^0_T$ is the instruction stream generator for thread $T$, $\text{IMTC}^0$ is the transmission channel for messages containing instructions, $\text{RTC}^0$ is the transmission channel for replies, and $\text{ISEU}^0$ is the instruction stream execution unit.

If we abstract from all communications via the transmission channels, then the process denoted by $\partial_H(\text{ISG}^0_T \parallel \text{IMTC}^0 \parallel \text{RTC}^0 \parallel \text{ISEU}^0)$ and the process $[T]$ are equal modulo an initial silent step.

**Theorem 1.** For each $T \in \mathcal{RT}$, $\tau \cdot \tau_{(i)}(\partial_H(\text{ISG}^0_T \parallel \text{IMTC}^0 \parallel \text{RTC}^0 \parallel \text{ISEU}^0))$ denotes the process $\tau \cdot [T]$.

**Proof.** Let $T \in \mathcal{RT}$. Moreover, let $E$ be a finite linear recursive specification over ACP$^\tau$ with $X \in V(E)$ such that $[T]$ is the $X$-component of the solution of $E$ in $\mathcal{M}_{\text{ACP}^\tau + \text{REC}}$. By Proposition 2 and the definition of the process extraction operation, it is sufficient to prove that

\[
\tau \cdot \tau_{(i)}(\partial_H(\text{ISG}^0_T \parallel \text{IMTC}^0 \parallel \text{RTC}^0 \parallel \text{ISEU}^0)) = \tau \cdot \langle X | E \rangle.
\]

By AIP, it is sufficient to prove that for all $n \geq 0$:

\[
\pi_n(\tau \cdot \tau_{(i)}(\partial_H(\text{ISG}^0_T \parallel \text{IMTC}^0 \parallel \text{RTC}^0 \parallel \text{ISEU}^0))) = \pi_n(\tau \cdot \langle X | E \rangle).
\]

This is easily proved by induction on $n$ and in the inductive step by case distinction on the structure of $T$, using the axioms of ACP$^\tau$ and RDP and in addition the fact that $|T'| \in \text{Sub}(|T|)$ for all $T' \in \text{Res}(T)$ and the fact that there exists an bijection between $\text{Sub}(|T|)$ and $V(E)$.  

\[\square\]
9 A More Complex Protocol

In this section, we consider a more complex protocol for remote instruction processing that makes an effort to keep the execution unit busy without intermission.

The specifics of the more complex protocol considered here are that:

– the instruction stream generator may run ahead of the instruction stream execution unit by not waiting for the receipt of the replies resulting from the execution of instructions that it has sent earlier;
– to ensure that the instruction stream execution unit can handle the run-ahead, each instruction sent by the instruction stream generator is accompanied with the sequence of replies after which the instruction must be executed;
– to correct for replies that have not yet reached the instruction stream generator, each instruction sent is also accompanied with the number of replies received since the last sending of an instruction.

This protocol is reminiscent of an instruction pre-fetching mechanism as found in pipelined processors (see e.g. [26]), but its range of application is not restricted to pipelined instruction processing.

We write $B^\leq n$, where $n \in \mathbb{N}$, for the set $\{u \in B^* \mid \text{len}(u) \leq n\}\] .

It is assumed that a natural number $\ell$ has been given. The number $\ell$ is taken for the maximal number of steps that the instruction stream generator may run ahead of the instruction stream execution unit. Whether the execution unit can be kept busy without intermission with the given $\ell$ depends on the actual execution times of instructions and the actual transmission times over the transmission channels involved. If the execution unit can be kept busy without intermission with the given $\ell$, then it is useless to increase $\ell$.

The set $\mathcal{I}M$ of instruction messages is defined as follows:

$$\mathcal{I}M = [0, \ell] \times B^{\leq \ell} \times I .$$

In an instruction message $(n, u, a) \in \mathcal{I}M$:

– $n$ is the number of replies that are acknowledged by the message;
– $u$ is the sequence of replies after which the instruction that is part of the message must be executed;
– $a$ is the instruction that is part of the message.

The instruction stream generator sends instruction messages via an instruction message transmission channel to the instruction stream execution unit. We refer to a succession of transmitted instruction messages as an instruction stream. An instruction stream is dynamic by nature, in contradistinction with an instruction sequence.

As usual, we write $D^*$ for the set of all finite sequences with elements from set $D$ and $\text{len}(\sigma)$ for the length of finite sequence $\sigma$. Moreover, we write $\epsilon$ for the empty sequence, $d$ for the sequence having $d$ as sole element, $\sigma\sigma'$ for the concatenation of finite sequences $\sigma$ and $\sigma'$, and $\text{tl}(\sigma)$ for the tail of finite sequence $\sigma$.

20
The set $S_{ISG}$ of instruction stream generator states is defined as follows:

$$S_{ISG} = [0, \ell] \times \mathcal{P}(\mathbb{B}^{\leq \ell + 1} \times \mathcal{RT}) .$$

In an instruction stream generator state $(n, R) \in S_{ISG}$:

- $n$ is the number of replies that has been received by the instruction stream generator since the last acknowledgement of received replies;
- in each $(u, T) \in R$, $u$ is the sequence of replies after which the thread $T$ must be performed.

The functions $updpm$ and $updcr$ defined below are used to model the updates of the instruction stream generator state on producing a message and consuming a reply, respectively. The function $updpm : (\mathbb{B}^{\leq \ell} \times \mathcal{RT}) \times S_{ISG} \to S_{ISG}$ is defined as follows:

$$ updpm((u, T), (n, R)) = \begin{cases} (0, (R \setminus \{(u, T)\}) \cup \{(uT, thr(T)), (uF, thrf(T))\}) & \text{if } act(T) \in A \\ (0, (R \setminus \{(u, T)\})) & \text{if } act(T) \notin A . \end{cases} $$

The function $updcr : \mathbb{B} \times S_{ISG} \to S_{ISG}$ is defined as follows:

$$updcr(r, (n, R)) = (n + 1, \{(u, T) | (ru, T) \in R\}) .$$

The function $sel$ defined below is used to model the selection of the sequence of replies and the instruction that will be part of the next message produced by the instruction stream generator. The function $sel : \mathcal{P}(\mathbb{B}^{\leq \ell} \times \mathcal{RT}) \to \mathcal{P}(\mathbb{B}^{\leq \ell} \times \mathcal{RT})$ is defined as follows:

$$sel(R) = \{(u, T) \in R | \forall (v, T') \in R \cdot len(u) \leq len(v) \} .$$

Notice that $(u, T) \in sel(R)$ and $(v, T') \in R$ only if $len(u) \leq len(v)$. By that breadth-first run-ahead is enforced. The performance of the protocol would change considerably if breadth-first run-ahead was not enforced.

The set $S_{ISEU}$ of instruction stream execution unit states is defined as follows:

$$S_{ISEU} = [0, \ell] \times \mathcal{P}(\mathbb{B}^{\leq \ell} \times I) .$$

In an instruction stream execution unit state $(n, S) \in S_{ISEU}$:

- $n$ is the number of replies for which the instruction stream execution unit still has to receive an acknowledgement;
- in each $(u, a) \in S$, $u$ is the sequence of replies after which the instruction $a$ must be executed.

The functions $updcm$ and $updpr$ defined below are used to model the updates of the instruction stream execution unit state on consuming a message and producing a reply, respectively. The function $updcm : \mathcal{LM} \times S_{ISEU} \to S_{ISEU}$ is defined as follows:

$$ updcm((k, u, a), (n, S)) = (n - k, S \cup \{(l^{n-k}(u), a)\}) .$$
The function $\text{updpr} : \mathbb{B} \times S_{\text{ISEU}} \to S_{\text{ISEU}}$ is defined as follows:

$$\text{updpr}(r, (n, S)) = (n + 1, \{(u, a) \mid (ru, a) \in S\}) .$$

The function $\text{nxt}$ defined below is used by the instruction stream execution unit to distinguish when it starts with handling the instruction to be executed next between the different instructions that it may be. The function $\text{nxt} : \mathcal{I} \times \mathcal{P}(\mathbb{B}^{\leq \ell} \times \mathcal{I}) \to \mathbb{B}$ is defined as follows:

$$\text{nxt}(a, S) = \begin{cases} T & \text{if } (\epsilon, a) \in S \\ F & \text{if } (\epsilon, a) \notin S . \end{cases}$$

The instruction stream execution unit sends replies via a reply transmission channel to the instruction stream generator. We refer to a succession of transmitted replies as a reply stream.

For the purpose of describing the transmission protocol in ACP$^r$, $A$ and $| \cdot |$ are taken such that, in addition to the conditions mentioned at the beginning of Section 7, the following conditions are satisfied:

$$A \supseteq \{ s_i(d) \mid i \in \{1, 2\}, d \in \mathcal{IM}) \cup \{ r_i(d) \mid i \in \{1, 2\}, d \in \mathcal{IM}\}$$

$$\cup \{ s_i(r) \mid i \in \{3, 4\}, r \in \mathbb{B}\} \cup \{ r_i(r) \mid i \in \{3, 4\}, r \in \mathbb{B}\} \cup \{ j\}$$

and for all $i \in \{1, 2\}$, $j \in \{3, 4\}$, $d \in \mathcal{IM}$, $r \in \mathbb{B}$, and $e \in A$:

$$s_i(d) \mid r_i(d) = j , \quad s_j(r) \mid r_j(r) = j ,$$

$$s_i(d) \mid e = \delta \quad \text{if } e \neq r_i(d) , \quad s_j(r) \mid e = \delta \quad \text{if } e \neq r_j(r) ,$$

$$e \mid r_i(d) = \delta \quad \text{if } e \neq s_i(d) , \quad e \mid r_j(r) = \delta \quad \text{if } e \neq s_j(r) ,$$

$$j \mid e = \delta .$$

Let $T \in RT$. Then the process representing the more complex protocol for remote instruction processing with regard to thread $T$ is described by

$$\partial_H (\text{ISG}_T \parallel \text{IMTC} \parallel \text{RTC} \parallel \text{ISEU}) ,$$

where the process $\text{ISG}_T$ is recursively specified by the following equations:

$$\text{ISG}_T = \text{ISG}'_{\emptyset, \{(\epsilon, T)\}} ,$$

$$\text{ISG}'_{(n, R)} = \sum_{(u, T) \in \text{sel}(R)} s_1((n, u, \text{act}(T))) \cdot \text{ISG}'_{\text{updpm}((u, T), (n, R))}$$

$$+ \sum_{r \in \mathbb{B}} r_4(r) \cdot \text{ISG}'_{\text{updcr}(r, (n, R))}$$

(for every $(n, R) \in S_{\text{ISG}}$ with $R \neq \emptyset$),

$$\text{ISG}'_{(n, \emptyset)} = j$$

(for every $(n, \emptyset) \in S_{\text{ISG}}$),

---

6 As usual, we write $i \sim j$ for the monus of $i$ and $j$, i.e. $i \sim j = i - j$ if $i \geq j$ and $i \sim j = 0$ otherwise. As usual, $tl^n(u)$ is defined by induction on $n$ as follows: $tl^0(u) = u$ and $tl^{n+1}(u) = tl(tl^n(u))$. 

22
the process $IMTC$ is recursively specified by the following equation:

$$IMTC = \sum_{d \in IM} r_1(d) \cdot s_2(d) \cdot IMTC ,$$

the process $RTC$ is recursively specified by the following equation:

$$RTC = \sum_{r \in B} r_3(r) \cdot s_4(r) \cdot RTC ,$$

the process $ISEU$ is recursively specified by the following equations:

$$ISEU = ISEU^{\prime}(0, \emptyset) ,$$

$$ISEU^{\prime}_{(n,S)} = \sum_{d \in IM} r_2(d) \cdot ISEU_{updcm(d,(n,S))}^{\prime} + \sum_{f,m \in A} \text{nxt}(f,m,S) :\rightarrow s_f(m) \cdot ISEU^{\prime\prime}_{(f,(n,S))} + \text{nxt}(\text{stop},S) :\rightarrow j + \text{nxt}(\text{dead},S) :\rightarrow \delta$$

(for every $(n,S) \in S_{ISEU}) ,$$

$$ISEU^{\prime\prime}_{(f,(n,S))} = \sum_{r \in B} r_f(r) \cdot s_3(r) \cdot ISEU^{\prime\prime}_{updpr(r,(n,S))} + \sum_{d \in IM} r_2(d) \cdot ISEU^{\prime\prime}_{(f,updcm(d,(n,S)))}$$

(for every $(f,(n,S)) \in F \times S_{ISEU}) ,$$

and

$$H = \{s_i(d) \mid i \in \{1, 2\}, d \in IM\} \cup \{r_i(d) \mid i \in \{1, 2\}, d \in IM\}$$

$$\cup \{s_i(r) \mid i \in \{3, 4\}, r \in B\} \cup \{r_i(r) \mid i \in \{3, 4\}, r \in B\} .$$

$ISG_T$ is the instruction stream generator for thread $T$, $IMTC$ is the transmission channel for instruction messages, $RTC$ is the transmission channel for replies, and $ISEU$ is the instruction stream execution unit.

The protocol described above has been designed such that, for each $T \in RT$, $\tau \cdot \tau_{(j)}(\partial_H(ISG_T \parallel IMTC \parallel RTC \parallel ISEU))$ denotes the process $\tau \cdot |T|$. We refrain from presenting a proof of the claim that the protocol satisfies this because this paper is first and foremost a conceptual paper and the proof is straightforward but tedious.

The transmission channels $IMTC$ and $RTC$ can keep one instruction message and one reply, respectively. The protocol has been designed in such a way that the protocol will also work properly if these channels are replaced by channels with larger capacity and even by channels with unbounded capacity.

Suppose that the transmission times over the transmission channels are small compared with the execution times of instructions. Even then the protocol described in Section 8 will always have to idle for a short time after the execution of an instruction, whereas after an initial phase the protocol described above will never have to idle after the execution of an instruction if the instruction stream generator may run a few steps ahead of the instruction stream execution unit.
10 Adaptations of the Protocol

In this section, we discuss some conceivable adaptations of the protocol described in Section 9. While we were thinking through the details of that protocol, various variations suggested themselves. The variations discussed below are among the most salient ones. We think they deserve mention. However, their discussion is not in depth. The reason for this is that these variations have not yet been investigated thoroughly.

Consider the case where, for each instruction, it is known what the probability is with which its execution leads to the reply $T$. This might give reason to adapt the protocol described in Section 9. Suppose that the instruction stream generator states do not only keep the sequences of replies after which threads must be performed, but also the sequences of instructions involved in producing those sequences of replies. Then the probability with which the sequences of replies will happen can be calculated and several conceivable adaptations of the protocol to this probabilistic knowledge are possible by mere changes in the selection of the sequence of replies and the instruction that will be part of the next instruction message produced by the instruction stream generator. Among those adaptations are:

- restricting the instruction messages that are produced ahead to the ones where the sequence of replies after which the instruction must be executed will happen with a probability $\geq 0.50$, but sticking to breadth-first run-ahead;
- restricting the instruction messages that are produced ahead to the ones where the sequence of replies after which the instruction must be executed will happen with a probability $\geq 0.95$, but not sticking to breadth-first run-ahead.

At first sight, these adaptations are reminiscent of combinations of an instruction pre-fetching mechanism and a branch prediction mechanism as found in pipelined processors (see e.g. [23]). However, usually branch prediction mechanisms make use of statistics based on recently processed instructions instead of probabilistic knowledge of the kind used in the protocols sketched above.

Regular threads can be represented in such a way that it is effectively decidable whether the two threads with which a thread may proceed after performing its first action are identical. Consider the case where threads are represented in the instruction stream generator states in such a way. Then the protocol can be adapted such that no duplication of instruction messages takes place in the cases where the two threads with which a thread possibly proceeds after performing its first action are identical. This can be accomplished by using sequences of elements from $\mathbb{B} \cup \{\ast\}$, instead of sequences of elements from $\mathbb{B}$, in instruction messages, instruction stream generator states, and instruction stream execution unit states. The occurrence of $\ast$ at position $i$ in a sequence indicates that the $i$th reply may be either $T$ or $F$. The impact of this change on the updates of instruction stream generator states and instruction stream execution unit states is minor. This adaptation is reminiscent of an instruction pre-fetch mechanism.
as found in pipelined processors that prevents instruction pre-fetches that are superfluous due to identity of branches.

11 Alternative Choice Instructions

Process algebra is an area of the study of concurrency which is considered relevant to computer science, as is witnessed by the extent of the work on algebraic theories of processes such as ACP, CCS and CSP in theoretical computer science. This strongly hints that there are programmed systems whose behaviours can be taken for processes as considered in process algebra. Therefore, it is interesting to know to which extent the behaviours considered in process algebra can be produced by programs under execution, starting from the perception of a program as an instruction sequence. In coming sections, we will establish results concerning the processes as considered in ACP that can be produced by instruction sequences under execution.

For the purpose of producing processes as considered in ACP, we need a version of PGA with special basic instructions to deal with the non-deterministic choice between alternatives that stems from the alternative composition of processes. Recall that, in PGA, it is assumed that a fixed but arbitrary set $\mathfrak{A}$ of basic instructions has been given. In the coming sections, we will make use a version of PGA in which the following additional assumptions relating to $\mathfrak{A}$ are made:

- a fixed but arbitrary finite set $\mathcal{F}$ of foci has been given;
- a fixed but arbitrary finite set $\mathcal{M}$ of methods has been given;
- a fixed but arbitrary set $\mathcal{A}$ of atomic actions, with $t \notin \mathcal{A}$, has been given;
- $\mathfrak{A} = \{ f.m | f \in \mathcal{F}, m \in \mathcal{M} \} \cup \{ \text{ac}(e_1, e_2) | e_1, e_2 \in \mathcal{A} \cup \{ t \} \}$.

On execution of a basic instruction $\text{ac}(e_1, e_2)$, first a non-deterministic choice between the atomic actions $e_1$ and $e_2$ is made and then the chosen atomic action is performed. The reply $T$ is produced if $e_1$ is performed and the reply $F$ is produced if $e_2$ is performed. Basic instructions of this kind are material to produce all regular processes by means of instruction sequences. A basic instruction of the form $\text{ac}(e_1, e_2)$ is called an alternative choice instruction. Henceforth, we will write PGA$^{ac}$ for the version of PGA with alternative choice instructions.

The intuition concerning alternative choice instructions given above will be made fully precise at the end of this section, using ACP$^\tau$. It will not be made fully precise using an extension of BTA because it is considered a basic property of threads that they are deterministic behaviours.

Recall that we make use of a version of BTA in which $\mathcal{A} = \mathfrak{A}$. A basic action of the form $\text{ac}(e_1, e_2)$ is called an alternative choice action. Henceforth, we will write BTA$^{ac}$ for the version of BTA with alternative choice actions.

For the purpose of making precise what processes are produced by the threads denoted by closed terms of BTA$^{ac} + \text{REC}$, $\mathcal{A}$ and $|$ are taken such that, in addition to the conditions mentioned at the beginning of Section $\mathfrak{A}$ the following conditions are satisfied:

$$\mathcal{A} \supseteq \mathcal{A} \cup \{ t \}$$
Table 8. Additional defining equation for process extraction operation

\[ T \triangleq \text{ac}(e, e') \triangleright T'|^\omega = e \cdot |T|^\omega + e' \cdot |T'^\omega | \]

and for all \( e, e' \in A \):

\[ e' \mid e = \delta \text{ if } e' \in AA \cup \{ t \} . \]

The process extraction operation for BTA\textsuperscript{ac} has as defining equations the equations given in Table 7 and in addition the equation given in Table 8. Proposition 3 goes through for BTA\textsuperscript{ac}.

12 Instruction Sequence Producible Processes

It follows immediately from the definitions of the thread extraction and process extraction operations that the instruction sequences considered in PGA produce regular processes. The question is whether all regular processes are producible by these instruction sequences. In this section, we show that all regular processes can be produced by the instruction sequences with alternative choice instructions.

We will make use of the fact that all regular threads over \( A \) can be produced by the single-pass instruction sequences considered in PGA.

Proposition 4. For each thread \( T \) that is regular over \( A \), there exists a PGA instruction sequence \( F \) such that \( F \) produces \( T \), i.e. \( |F| = T \).

Proof. By Proposition 1, \( T \) is a component of the solution of some finite linear recursive specification \( E \) over BTA. There occur finitely many variables \( X_0, \ldots, X_n \) in \( E \). Assume that \( T \) is the \( X_0 \)-component of the solution of \( E \). Let \( F \) be the PGA instruction sequence \((F_0; \ldots; F_n')^\omega\), where \( F_i \) is defined as follows \((0 \leq i \leq n)\):

\[
F_i = \begin{cases} 
!1! & \text{if } X_i = S \in E \\
\#0; \#0 & \text{if } X_i = D \in E \\
\#a; \#3(n+1-(i-j)) - 1; \#3(n+1-(i-k)) - 2 & \text{if } X_i = X_j \not\subseteq a \supseteq X_k \in E \land i < j \land i < k \\
\#a; \#3(n+1-(i-j)) - 1; \#3(n+1-(i-k)) - 2 & \text{if } X_i = X_j \not\subseteq a \supseteq X_k \in E \land i < j \land i \geq k \\
\text{otherwise} & \text{if } X_i \not\subseteq a \supseteq X_k \in E \land i \geq j \land i \geq k.
\end{cases}
\]

Then \( F \) is a PGA instruction sequence such that the interpretation of \( |F| = T \).

All regular processes over \( AA \) can be produced by the instruction sequences considered in PGA\textsuperscript{ac}.

Theorem 2. Assume that CFAR is valid in \( \mathcal{M}_{\text{ACP}^\tau + \text{REC}} \). Then, for each process \( P \) that is regular over \( AA \), there exists an instruction sequence \( F \) in which only basic instructions of the form \( \text{ac}(c, t) \) occur such that \( F \) produces \( P \), i.e. \( \tau \cdot \tau_{\{1\}}(|F|) = \tau \cdot P \).
Proof. By Propositions \[1\] \[12\] and \[13\] it is sufficient to show that, for each finite linear recursive specification \(E\) over ACP\(\tau\) in which only atomic actions from \(\mathcal{A}\mathcal{A}\) occur, there exists a finite linear recursive specification \(E'\) over BTA\(ac\) in which only basic actions of the form \(ac(e, t)\) occur such that \(\tau \cdot \langle X \rvert E \rangle = \tau \cdot \tau\{t\}(\langle X \rvert E'\rangle)\) for all \(X \in V(E)\).

Take the finite linear recursive specification \(E\) over ACP\(\tau\) that consists of the recursion equations

\[
X_i = e_{i1} \cdot X_{i1} + \ldots + e_{ik_i} \cdot X_{ik_i} + e'_{i1} + \ldots + e'_{il_i},
\]

where \(e_{i1}, \ldots, e_{ik_i}, e'_{i1}, \ldots, e'_{il_i} \in \mathcal{A}\mathcal{A}\), for \(i \in \{1, \ldots, n\}\). Then construct the finite linear recursive specification \(E'\) over BTA\(ac\) that consists of the recursion equations

\[
X_i = X_{i1} \leq ac(e_{i1}, t) \geq (\ldots (X_{ik_i} \leq ac(e_{ik_i}, t) \geq (S \leq ac(e'_{i1}, t) \geq (\ldots (S \leq ac(e'_{il_i}, t) \geq X_i) \ldots)) \ldots)
\]

for \(i \in \{1, \ldots, n\}\); and the finite linear recursive specification \(E''\) over ACP\(\tau\) that consists of the recursion equations

\[
X_i = e_{i1} \cdot X_{i1} + t \cdot Y_{i2}, \quad Z_{i1} = e'_{i1} + t \cdot Z_{i2},
\]

\[
Y_{i2} = e_{i2} \cdot X_{i2} + t \cdot Y_{i3}, \quad Z_{i2} = e'_{i2} + t \cdot Z_{i3},
\]

\[
\vdots
\]

\[
Y_{ik_i} = e_{ik_i} \cdot X_{ik_i} + t \cdot Z_{i1}, \quad Z_{dl_i} = e'_{dl_i} + t \cdot X_i,
\]

where \(Y_{i2}, \ldots, Y_{ik_i}, Z_{i1}, \ldots, Z_{dl_i}\) are fresh variables, for \(i \in \{1, \ldots, n\}\). It follows immediately from the definition of the process extraction operation that \(|\langle X \rvert E'\rangle| = \langle X \rvert E''\rangle\) for all \(X \in V(E)\). Moreover, it follows from CFAR that \(\tau \cdot \langle X \rvert E \rangle = \tau \cdot \tau\{t\}(\langle X \rvert E'\rangle)\) for all \(X \in V(E)\). Hence, \(\tau \cdot \langle X \rvert E \rangle = \tau \cdot \tau\{t\}(\langle X \rvert E'\rangle)\) for all \(X \in V(E)\).

\(\Box\)

For example, assuming that CFAR is valid, the instruction sequence

\[
(+ac(r_3(T), t); \#4; +ac(r_3(F), t); \#5; \#7;
+ac(s_4(T), t); \#5; \#9; +ac(s_4(F), t); \#2; \#9)^
\]

produces the reply transmission channel process RTC of which a guarded recursive specification is given in Section \[9\].

Remark 4. Theorem\[2\] with “\(\tau \cdot \tau\{t\}(\langle F \rangle) = \tau \cdot P^n\) replaced by “\(\langle F \rangle = P^n\)” can be established if PGA is extended with multiple-reply test instructions, see [11]. In that case, the assumption that CFAR is valid is superfluous.

13 Services and Use Operators

An instruction sequence under execution may make use of services. That is, certain instructions may be executed for the purpose of having the behaviour
produced by the instruction sequence affected by a service that takes those instructions as commands to be processed. Likewise, a thread may perform certain actions for the purpose of having itself affected by a service that takes those actions as commands to be processed. The processing of an action may involve a change of state of the service and at completion of the processing of the action the service returns a reply value to the thread. The reply value determines how the thread proceeds. The use operators can be used in combination with the thread extraction operation from Section 4 to describe the behaviour produced by instruction sequences that make use of services. In this section, we first review the use operators, which are concerned with threads making such use of services, and then extend the process extraction operation to the use operators.

A service $H$ consists of
- a set $S$ of states;
- an effect function $\text{eff} : \mathcal{M} \times S \rightarrow S$;
- a yield function $\text{yld} : \mathcal{M} \times S \rightarrow \mathbb{B} \cup \{\bot\}$;
- an initial state $s_0 \in S$;

satisfying the following condition:

$\forall m \in \mathcal{M}, s \in S \cdot (\text{yld}(m, s) = \bot \Rightarrow \forall m' \in \mathcal{M} \cdot \text{yld}(m', \text{eff}(m, s)) = \bot)$.

The set $S$ contains the states in which the service may be, and the functions $\text{eff}$ and $\text{yld}$ give, for each method $m$ and state $s$, the state and reply, respectively, that result from processing $m$ in state $s$. By the condition imposed on services, once the service has returned $\bot$ as reply, it keeps returning $\bot$ as reply.

Let $H = (S, \text{eff}, \text{yld}, s_0)$ be a service and let $m \in \mathcal{M}$. Then the derived service of $H$ after processing $m$, written $\partial_m H$, is the service $(S, \text{eff}, \text{yld}, \text{eff}(m, s_0))$; and the reply of $H$ after processing $m$, written $H(m)$, is $\text{yld}(m, s_0)$.

When a thread makes a request to the service to process $m$:

- if $H(m) \neq \bot$, then the request is accepted, the reply is $H(m)$, and the service proceeds as $\partial_m H$;
- if $H(m) = \bot$, then the request is rejected and the service proceeds as a service that rejects any request.

We introduce the sort $S$ of services. However, we will not introduce constants and operators to build terms of this sort. The sort $S$, standing for the set of all services, is considered a parameter of the extension of BTA being presented. Moreover, we introduce, for each $f \in \mathcal{F}$, the binary use operator $/ f : T \times S \rightarrow T$.

The axioms for these operators are given in Table 9. Intuitively, $T / f H$ is the thread that results from processing all actions performed by thread $T$ that are of the form $f.m$ by service $H$. When a basic action of the form $f.m$ performed by thread $T$ is processed by service $H$, it is turned into the basic action $\tau$ and postconditional composition is removed in favour of basic action prefixing on the basis of the reply value produced.

We add the use operators to PGA$_{ac}$ as well. We will only use the extension in combination with the thread extraction operation $|$ and define $|F / f H| = $
For the purpose of extending the process extraction operation to the use operators, we need an extension of $\text{ACP}^*$ with action renaming operators $\rho_h$, where $h : A_\tau \rightarrow A_\tau$ such that $h(\tau) = \tau$. The axioms for action renaming are given in \cite{Harel1992}. Intuitively, $\rho_h(P)$ behaves as $P$ with each atomic action replaced according to $h$. We write $\rho_{e' \mapsto e''}$ for the renaming operator $\rho_h$ with $h$ defined by $h(e') = e''$ and $h(e) = e$ if $e \neq e'$.

For the purpose of extending the process extraction operation to the use operators, $A$ and $|$ are taken such that, in addition to the conditions mentioned at the beginning of Section \ref{sec:use_op}, with everywhere $B$ replaced by $B \cup \{B\}$, and the conditions mentioned at the end of Section \ref{sec:use_op}, the following conditions are satisfied:

$$A \supseteq \{s_{\text{serv}}(r) \mid r \in B \cup \{B\}\} \cup \{r_{\text{serv}}(m) \mid m \in M\} \cup \{\text{stop}^*\}$$

and for all $e \in A$, $m \in M$, and $r \in B \cup \{B\}$:

$$s_{\text{serv}}(r) \mid e = \delta, \quad \text{stop} \mid \text{stop} = \text{stop}^*, \quad e \mid r_{\text{serv}}(m) = \delta, \quad \text{stop}^* \mid e = \delta.$$

We also need to define a set $A_f \subseteq A$ and a function $h_f : A_\tau \rightarrow A_\tau$ for each $f \in F$:

$$A_f = \{s_f(d) \mid d \in M \cup B \cup \{B\}\} \cup \{r_f(d) \mid d \in M \cup B \cup \{B\}\}$$

for all $e \in A_\tau$, $m \in M$ and $r \in B \cup \{B\}$:

$$h_f(s_{\text{serv}}(r)) = s_f(r), \quad h_f(r_{\text{serv}}(m)) = r_f(m), \quad h_f(e) = e$$

if $\bigwedge_{e' \in H} e \neq s_{\text{serv}}(r') \land \bigwedge_{m' \in M} e \neq r_{\text{serv}}(m')$.

To extend the process extraction operation to the use operators, the defining equation concerning the postconditional composition operators has to be adapted and a new defining equation concerning the use operators has to be
where \( \Delta( \cdot ) \) is the process produced by \( \rho \parallel \cdot \). Instruction sequences that make use of services such as unbounded counters, unbounded stacks or Turing tapes are interesting because they may produce non-regular processes.

**Proposition 5.**

1. Let \( t_1 = t_2 \) be a proper axiom for the use operators, and let \( \alpha \) be a valuation of variables in \( \mathcal{M}_{\text{BTA+REC}} \). Then \( |\alpha^*(t_1)| = |\alpha^*(t_2)| \).
2. Let \( t_1 = t_2 \) if \( H(m) = r \) be an axiom with semantic side condition for the use operators, and let \( \alpha \) be a valuation of variables in \( \mathcal{M}_{\text{BTA+REC}} \). Then \( |\alpha^*(t_1)| = |\alpha^*(t_2)| \) if \( H(m) = r \).

**Proof.** The proof is straightforward. We sketch the proof for axiom U5. By the definition of the process extraction operation, it is sufficient to show that \( |(T \preceq f.m \triangleright T') / f H|\) is the process produced by \( \tau \circ (T / f (H) / H) \) if \( H(m) = T \). In outline, this goes as follows:

\[
\begin{align*}
|(T \preceq f.m \triangleright T') / f H| & = \rho_{\text{stop}^* \circ \text{stop}} \\
& \quad \left( \partial_{\text{stop}} \right) (\partial_{\text{stop}} (s_f(m) \cdot (r_f(T) \cdot |T| + r_f(F) \cdot |T'| + r_f(B) \cdot \delta) \parallel \rho_f(|H|))) \\
& = i \cdot i \cdot \rho_{\text{stop}^* \circ \text{stop}} (\partial_{\text{stop}} (\partial_{\text{stop}} (|T| \parallel \rho_f(|H|)))) \\
& = |\tau \circ (T / f (H) / H)|.
\end{align*}
\]

In the first and third step, we apply defining equations of \( |\cdot| \). In the second step, we apply axioms of ACP+REC with action renaming, and use that \( H(m) = T \).

**Remark 5.** Let \( F \) be a PGA_ac instruction sequence and \( H \) be a service. Then \( |F / f H| \) is the process produced by \( F \) if \( F \) makes use of \( H \). Instruction sequences that make use of services such as unbounded counters, unbounded stacks or Turing tapes are interesting because they may produce non-regular processes.

---

**Table 10.** Adapted and additional defining equations for process extraction operation

<table>
<thead>
<tr>
<th>Equation</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>(</td>
<td>T \preceq f.m \triangleright T'</td>
</tr>
</tbody>
</table>

### Added Equations

- \( T / f H = \rho_{\text{stop}^* \circ \text{stop}} (\partial_{\text{stop}} (\partial_{\text{stop}} (s_f(m) \cdot (r_f(T) \cdot |T| + r_f(F) \cdot |T'| + r_f(B) \cdot \delta) \parallel \rho_f(|H|)))) \)

These two equations are given in Table 10 where \( |H| \) is the process extracted component of the solution of

\[
X_{H'} = \sum_{m \in \mathcal{M}} r_{\text{serv}}(m) \cdot s_{\text{serv}}(H'(m)) \cdot X_{\Delta(H')} + \text{stop} \mid H' \in \Delta(H) ,
\]

where \( \Delta(H) \) is inductively defined as follows:

- \( H \in \Delta(H) \);
- if \( m \in \mathcal{M} \) and \( H' \in \Delta(H) \), then \( \partial_m H' \in \Delta(H) \).

The extended process extraction operation preserves the axioms for the use operators. Owing to the presence of axiom schemas with side constraints in Table 9, the axioms for the use operators include proper axioms, which are all of the form \( t_1 = t_2 \), and axioms that have a semantic side condition, which are all of the form \( t_1 = t_2 \) if \( H(m) = r \). By that, the precise formulation of the preservation result is somewhat complicated.

---

30
In this section, we show that all regular processes can also be produced by programs written in a program notation which is close to existing assembly languages, and even by programs in which no atomic action occurs more than once in an alternative choice instruction. The latter result requires programs that make use of Boolean registers.

A hierarchy of program notations rooted in PGA is introduced in [8]. One program notation that belongs to this hierarchy is PGLD, a very simple program notation which is close to existing assembly languages. It has absolute jump instructions and no explicit termination instruction.

In PGLD, like in PGA, it is assumed that there is a fixed but arbitrary finite set of basic instructions $A$. The primitive instructions of PGLD differ from the primitive instructions of PGA as follows: for each $l \in \mathbb{N}$, there is an absolute jump instruction $##l$ instead of a forward jump instruction $#l$. PGLD programs have the form $u_1; \ldots; u_k$, where $u_1, \ldots, u_k$ are primitive instructions of PGLD.

The effects of all instructions in common with PGA are as in PGA with one difference: if there is no next instruction to be executed, termination occurs. The effect of an absolute jump instruction $##l$ is that execution proceeds with the $l$-th instruction of the program concerned. If $##l$ is itself the $l$-th instruction, then inaction occurs. If $l$ equals 0 or $l$ is greater than the length of the program, then termination occurs.

We define the meaning of PGLD programs by means of a function $\text{pgld2pga}$ from the set of all PGLD programs to the set of all closed PGA terms. This function is defined by

$$\text{pgld2pga}(u_1; \ldots; u_k) = (\phi_1(u_1); \ldots; \phi_k(u_k):!;!^\omega),$$

where the auxiliary functions $\phi_j$ from the set of all primitive instructions of PGLD to the set of all primitive instructions of PGA are defined as follows ($1 \leq j \leq k$):

- $\phi_j(##l) = #l - j$ if $j \leq l \leq k$,
- $\phi_j(##l) = #k + 2 - (j - l)$ if $0 < l < j$,
- $\phi_j(##l) = !$ if $l = 0 \lor l > k$,
- $\phi_j(u) = u$ if $u$ is not a jump instruction.

PGLD is as expressive as PGA. Before we make this fully precise, we introduce a useful notation.

Let $\alpha$ be a valuation of variables in $I_{\text{PGA}}$, and let $\alpha^*$ be the unique homomorphic extension of $\alpha$ to terms of PGA. Then $\alpha^*(t)$ is independent of $\alpha$ if $t$ is a closed term, i.e. $\alpha^*(t)$ is uniquely determined by $I_{\text{PGA}}$. Therefore, we write $t^{I_{\text{PGA}}}$ for $\alpha^*(t)$ if $t$ is a closed term.

**Proposition 6.** For each closed PGA term $t$, there exists a PGLD program $p$ such that $|t^{I_{\text{PGA}}}| = |\text{pgld2pga}(p)|^{I_{\text{PGA}}}|$. 
Proof. In [8], a number of functions (called embeddings in that paper) are defined, whose composition gives, for each closed PGA term \( t \), a PGLD program \( p \) such that \( |t_{PGA}| = |p_{PGA}|^{\mathcal{I}} \).

Let \( p \) be a PGLD program and \( P \) be a process. Then we say that \( p \) produces \( P \) if \( |p_{PGA}|^{\mathcal{I}} \) produces \( P \).

Below, we will write PGLD\(_{ac}\) for the version of PGLD in which the additional assumptions relating to \( \mathcal{A} \) mentioned in Section 11 are made. As a corollary of Theorem 2 and Proposition 6, we have that all regular processes over \( \mathcal{A} \mathcal{A} \) can be produced by PGLD\(_{ac}\) programs.

**Corollary 1.** Assume that CFAR is valid in \( \mathcal{M}_{\mathcal{ACP}^{+}, \mathcal{REC}} \). Then, for each process \( P \) that is regular over \( \mathcal{A} \mathcal{A} \), there exists a PGLD\(_{ac}\) program \( p \) such that \( p \) produces \( P \).

We switch to the use of Boolean registers now. First, we describe services that make up Boolean registers.

A Boolean register service accepts the following methods:

- a set to true method \( \text{set}:T \);
- a set to false method \( \text{set}:F \);
- a get method \( \text{get} \).

We write \( \mathcal{M}_{\mathcal{BR}} \) for the set \{\( \text{set}:T \), \( \text{set}:F \), \( \text{get} \)\}. It is assumed that \( \mathcal{M}_{\mathcal{BR}} \subseteq \mathcal{M} \).

The methods accepted by Boolean register services can be explained as follows:

- \( \text{set}:T \): the contents of the Boolean register becomes \( T \) and the reply is \( T \);
- \( \text{set}:F \): the contents of the Boolean register becomes \( F \) and the reply is \( F \);
- \( \text{get} \): nothing changes and the reply is the contents of the Boolean register.

Let \( s \in \mathbb{B} \cup \{\mathbb{B}\} \). Then the **Boolean register service** with initial state \( s \), written \( BR_s \), is the service \( (\mathbb{B} \cup \{\mathbb{B}\}, \text{eff}, \text{eff}, s) \), where the function \( \text{eff} \) is defined as follows (\( b \in \mathbb{B} \)):

\[
\begin{align*}
\text{eff}(\text{set}:T, b) &= T, & \text{eff}(m, b) &= B & \text{if} & m \notin \mathcal{M}_{\mathcal{BR}}, \\
\text{eff}(\text{set}:F, b) &= F, & \text{eff}(m, \mathbb{B}) &= \mathbb{B}.
\end{align*}
\]

Notice that the effect and yield functions of a Boolean register service are the same.

Let \( p \) be a PGLD program and \( P \) be a process. Then we say that \( p \) produces \( P \) using **Boolean registers** if \( \ldots(\text{pgld2pga}(p)^{I_{PGA}}/\text{br}_1 \text{BR_F}) \ldots/\text{br}_k \text{BR_F}) \) produces \( P \) for some \( k \in \mathbb{N}^+ \).

We have that PGLD\(_{ac}\) programs in which no atomic action from \( \mathcal{A} \mathcal{A} \) occurs more than once in an alternative choice instruction can produce all regular processes over \( \mathcal{A} \mathcal{A} \) using Boolean registers.
Theorem 3. Assume that CFAR is valid in \( \mathcal{M}_{\text{ACP}^r + \text{REC}} \). Then, for each process \( P \) that is regular over \( \mathcal{A} \), there exists a PGLD\text{ac} program \( p \) in which each atomic action from \( \mathcal{A} \) occurs no more than once in an alternative choice instruction such that \( p \) produces \( P \) using Boolean registers.

Proof. By the proof of Theorem 2 given in Section 12, it is sufficient to show that, for each thread \( T \) that is regular over \( \mathcal{A} \), there exist a PGLD program \( p \) in which each basic action from \( \mathcal{A} \) occurs no more than once and a \( k \in \mathbb{N}^+ \) such that \( \ldots (\text{p}\text{gl}d2\text{p}ga(p)^{\text{p}ga} | /\text{br}k \text{ BR}_F) \ldots /\text{br}k \text{ BR}_F) = T \).

Let \( T \) be a thread that is regular over \( \mathcal{A} \). We may assume that \( T \) is produced by a PGLD program \( p' \) of the following form:

\[
\begin{align*}
+a_1 ; &\#(3 \cdot k_1 + 1) ; \#(3 \cdot k'_1 + 1) ; \\
& \vdots \\
+a_n ; &\#(3 \cdot k_n + 1) ; \#(3 \cdot k'_n + 1) ; \\
&\#0 ; \#0 ; \#0 ; \#(3 \cdot n + 4),
\end{align*}
\]

where, for each \( i \in [1, n] \), \( k_i, k'_i \in [0, n - 1] \) (cf. the proof of Proposition 2 from [36]). It is easy to see that the PGLD program \( p \) that we are looking for can be obtained by transforming \( p' \): by making use of \( n \) Boolean registers, \( p \) can distinguish between different occurrences of the same basic instruction in \( p' \), and in that way simulate \( p' \).

\( \square \)

15 Conclusions

Using the algebraic theory of processes known as ACP, we have described two protocols to deal with the phenomenon that, on execution of an instruction sequence, a stream of instructions to be processed arises at one place and the processing of that stream of instructions is handled at another place. The more complex protocol is directed towards keeping the execution unit busy. In this way, we have brought the phenomenon better into the picture and have ascribed a sense to the term instruction stream which makes clear that an instruction stream is dynamic by nature, in contradistinction with an instruction sequence. We have also discussed some conceivable adaptations of the more complex protocol.

The description of the protocols start from the behaviours produced by instruction sequences under execution. By that we abstract from the instruction sequences which produce those behaviours. How instruction streams can be generated efficiently from instruction sequences is a matter that obviously requires investigations at a less abstract level. The investigations in question are an option for future work.

We believe that the more complex protocol described in this paper provides a setting in which basic techniques aimed at increasing processor performance, such as pre-fetching and branch prediction, can be studied at a more abstract level than usual (cf. [26]). In particular, we think that the protocol can serve
as a starting-point for the development of a model with which trade-offs encountered in the design of processor architectures can be clarified. We consider investigations into this matter an interesting option for future work.

The fact that process algebra is an area of the study of concurrency which is considered relevant to computer science, strongly hints that there are programmed systems whose behaviours are taken for processes as considered in process algebra. In that light, we have investigated the connections between programs and the processes that they produce, starting from the perception of a program as an instruction sequence. We have shown that, by apposite choice of basic instructions, all regular processes can be produced by means of instruction sequences as considered in PGA.

We have also made precise what processes are produced by instruction sequences under execution that make use of services. The reason for this is that instruction sequences under execution are regular threads and regular threads that make use of services such as unbounded counters, unbounded stacks or Turing tapes may produce non-regular processes. An option for future work is to characterize the classes of processes that can be produced by single-pass instruction sequences that make use of such services.

References

   In: Leucker, M., Morgan, C. (eds.) ICTAC 2009. Lecture Notes in Computer Science, 
   theory. \texttt{arXiv:0809.0352v3 [cs.CC]} (July 2010)
   Informatica 49(3), 139–172 (2012)
22. Brock, C., Hunt, W.A.: Formally specifying and mechanically verifying programs for 
25. Hennessy, J., Jouppi, N., Przybylski, S., Rowen, C., Gross, T., Baskett, F., Gill, 
   (1965)
   Cliffs (1985)
30. Lunde, A.: Empirical evaluation of some features of instruction set processor archi- 
   (1989)
33. Nair, R., Hopkins, M.E.: Exploiting instruction level parallelism in processors by 
   caching scheduled groups. SIGARCH Computer Architecture News 25(2), 13–25 
   (1997)
34. Ofelt, D., Hennessy, J.L.: Efficient performance prediction for modern micropro- 
35. Patterson, D.A., Ditzel, D.R.: The case for the reduced instruction set computer. 