Instruction Sequences
for the Production of Processes*

J.A. Bergstra and C.A. Middelburg

Programming Research Group, University of Amsterdam,
Kruislaan 403, 1098 SJ Amsterdam, the Netherlands
J.A.Bergstra@uva.nl, C.A.Middelburg@uva.nl

Abstract. Single-pass instruction sequences under execution are considered to produce behaviours to be controlled by some execution environment. Threads as considered in thread algebra model such behaviours: upon each action performed by a thread, a reply from its execution environment determines how the thread proceeds. Threads in turn can be looked upon as producing processes as considered in process algebra. We show that, by apposite choice of basic instructions, all processes that can only be in a finite number of states can be produced by single-pass instruction sequences.

Keywords: single-pass instruction sequence, process extraction, program algebra, thread algebra, process algebra.


1 Introduction

With the current paper, we carry on the line of research with which a start was made in [3]. The working hypothesis of this line of research is that single-pass instruction sequence is a central notion of computer science which merits investigation for its own sake. We take program algebra [3] for the basis of our investigation. Program algebra is a setting suited for investigating single-pass instruction sequences. It does not provide a notation for programs that is intended for actual programming.

The starting-point of program algebra is the perception of a program as a single-pass instruction sequence, i.e. a finite or infinite sequence of instructions of which each instruction is executed at most once and can be dropped after it has been executed or jumped over. This perception is simple, appealing, and links up with practice. Single-pass instruction sequences under execution are considered to produce behaviours to be controlled by some execution environment. Threads as considered in basic thread algebra [3] model such behaviours: upon each action performed by a thread, a reply from the execution environment determines how

* This research has been carried out as part of the project Thread Algebra for Strategic Interleaving, which is funded by the Netherlands Organisation for Scientific Research (NWO).
the thread proceeds. \footnote{In \cite{3}, basic thread algebra is introduced under the name basic polarized process algebra.} Threads in turn can be looked upon as producing processes as considered in process algebras such as ACP \cite{1,7} and CCS \cite{8}. This means that single-pass instruction sequences under execution can be considered to produce such processes.

Process algebra is considered relevant to computer science, as is witnessed by the extent of the work on process algebra in theoretical computer science. This means that there must be programmed systems whose behaviours are taken for processes as considered in process algebra. This has motivated us to investigate the connections between programs and the processes that they produce. In this paper, we investigate those connections starting from the perception of a program as a single-pass instruction sequence.

Regular threads are threads that can only be in a finite number of states. The behaviours of all single-pass instruction sequences considered in program algebra are regular threads and all regular threads can be produced by such single-pass instruction sequences. Regular processes are processes that can only be in a finite number of states. We show in this paper that, by apposite choice of basic instructions, all regular processes can be produced by such single-pass instruction sequences as well.

To obtain this result naturally, we use single-pass instruction sequences with multiple-reply test instructions, which are more general than the test instructions considered in program algebra, and threads with postconditional switching, which is more general than the behavioural counterpart of test instructions considered in basic thread algebra. We show that the result can also be obtained without introducing multiple-reply test instructions and postconditional switching if we assume that the cluster fair abstraction rule (see e.g. \cite{7}) is valid.

Single-pass instruction sequences under execution, and more generally threads, may make use of services such as counters, stacks and Turing tapes. The use operators introduced in \cite{4} are concerned with the effect of services on threads. An interesting aspect of making use of services is that it may turn a regular thread into a non-regular thread. Because non-regular threads produce non-regular processes, this means that single-pass instruction sequences under execution that make use of services may produce non-regular processes. On that account, we add the use operators to basic thread algebra with postconditional switching and make precise what processes are produced by threads that make use of services.

Programs written in an assembly language are finite instruction sequences for which single-pass execution is usually not possible. However, the instruction set of such a program notation may be such that all regular processes can as well be produced by programs written in the program notation. To illustrate this, we show that all regular processes can be produced by programs written in a program notation which is close to existing assembly languages.

This paper is organized as follows. First, we review program algebra and extend it with multiple-reply test instructions (Section 2). Next, we review basic
thread algebra, extend it with postconditional switching (Section 3), and use the result to make mathematically precise what threads are produced by the single-pass instruction sequences considered in program algebra with multiple-reply test instructions (Section 4). Then, we review process algebra (Section 5) and use it to make mathematically precise what processes are produced by the threads considered in basic thread algebra with postconditional switching (Section 6). After that, we show that all regular processes can be produced by the single-pass instruction sequences considered in program algebra with multiple-reply test instructions (Section 7). Following this, we extend basic thread algebra with postconditional switching further to threads that make use of services and make precise what processes are produced by such threads (Section 8). After that, we show that all regular processes can also be produced by programs written in a program notation which is close to existing assembly languages (Section 9). Finally, we make some concluding remarks (Section 10).

2 Program Algebra with Multiple-Reply Test Instructions

In this section, we first review PGA (ProGram Algebra) and then extend it with multiple-reply test instructions. All regular processes can be produced by single-pass instruction sequences as considered in PGA extended with multiple-reply test instructions provided use is made of basic instructions of a particular kind. Those basic instructions, which are called process construction instructions, are also introduced.

2.1 Program Algebra

The perception of a program as a single-pass instruction sequence is the starting-point of PGA.

In PGA, it is assumed that a fixed but arbitrary set $\mathcal{A}$ of basic instructions has been given. PGA has the following primitive instructions:

- for each $a \in \mathcal{A}$, a plain basic instruction $a$;
- for each $a \in \mathcal{A}$, a positive test instruction $+a$;
- for each $a \in \mathcal{A}$, a negative test instruction $-a$;
- for each $l \in \mathbb{N}$, a forward jump instruction $\#l$;
- a termination instruction !.

We write $\mathcal{I}$ for the set of all primitive instructions of PGA.

The intuition is that the execution of a basic instruction $a$ produces either $T$ or $F$ at its completion. In the case of a positive test instruction $+a$, $a$ is executed and execution proceeds with the next primitive instruction if $T$ is produced. Otherwise, the next primitive instruction is skipped and execution proceeds with the primitive instruction following the skipped one. If there is no next instruction to be executed, deadlock occurs. In the case of a negative test instruction $-a$, the role of the value produced is reversed. In the case of a plain basic instruction $a$, execution always proceeds as if $T$ is produced. The effect of a forward jump
Table 1. Axioms of PGA

<table>
<thead>
<tr>
<th>Equation</th>
<th>PGA</th>
</tr>
</thead>
<tbody>
<tr>
<td>((X; Y); Z = X; (Y; Z))</td>
<td>PGA1</td>
</tr>
<tr>
<td>((X^n)^\omega = X^\omega)</td>
<td>PGA2</td>
</tr>
<tr>
<td>(X^\omega; Y = X^\omega)</td>
<td>PGA3</td>
</tr>
<tr>
<td>((X; Y)^\omega = X; (Y; X)^\omega)</td>
<td>PGA4</td>
</tr>
</tbody>
</table>

instruction \#\(l\) is that execution proceeds with the \(l\)-th next instruction. If \(l\) equals 0 or the \(l\)-th next instruction does not exist, deadlock occurs. The effect of the termination instruction ! is that execution terminates.

PGA has the following constants and operators:

– for each \(u \in \mathcal{I}\), an instruction constant \(u\);
– the binary concatenation operator \(;\);
– the unary repetition operator \(\omega\).

We assume that there are infinitely many variables, including \(X, Y, Z\). Terms are built as usual. We use infix notation for the concatenation operator and postfix notation for the repetition operator.

A closed PGA term is considered to denote a non-empty, finite or periodic infinite sequence of primitive instructions.\(^2\) Closed PGA terms are considered equal if they denote the same instruction sequence. The axioms for instruction sequence equivalence are given in Table 1. In this table, \(n\) stands for an arbitrary natural number greater than 0. For each PGA term \(P\), the term \(P^n\) is defined by induction on \(n\) as follows: \(P^1 = P\) and \(P^{n+1} = P^n; P^n\). The unfolding equation \(X^\omega = X; X^\omega\) is derivable. Each closed PGA term is derivably equal to one of the form \(P\) or \(P; Q^\omega\), where \(P\) and \(Q\) are closed PGA terms in which the repetition operator does not occur.

Notice that PGA2 is actually an axiom schema. Par abus de langage, axiom schemas will be called axioms throughout the paper, with the exception of Section 6.

2.2 Multiple-Reply Test Instructions

We introduce PGA\(_{mr}\), an extension of PGA with multiple-reply test instructions. These additional instructions are like the test instructions of PGA, but cover the case where a natural number greater than zero is produced at the completion of the execution of a basic instruction.

In PGA\(_{mr}\), like in PGA, it is assumed that a fixed but arbitrary set \(\mathcal{A}\) of basic instructions has been given. PGA\(_{mr}\) has the primitive instructions of PGA and in addition:

– for each \(n \in \mathbb{N}^+\) and \(a \in \mathcal{A}\), a positive multiple-reply test instruction \(++n:a;\)\(^3\)

\(^2\) A periodic infinite sequence is an infinite sequence with only finitely many subsequences.

\(^3\) We write \(\mathbb{N}^+\) for the set \(\{n \in \mathbb{N} \mid n > 0\}\).
for each \( n \in \mathbb{N}^+ \) and \( a \in \mathfrak{A} \), a \textit{negative multiple-reply test instruction} \(-n:a\).

We write \( \mathfrak{I}_{mr} \) for the set of all primitive instructions of \( \text{PGA}_{mr} \).

The intuition is that the execution of a basic instruction \( a \) produces a natural number greater than zero at its completion. In the case of a positive multiple-reply test instruction \( ++n:a \), \( a \) is executed and execution proceeds with the \( i \)-th next primitive instruction if a natural number \( i \leq n \) is produced. If there is no next instruction to be executed or \( i > n \), deadlock occurs. In the case of a negative multiple-reply test instruction \( --n:a \), execution proceeds with the \( n-i+1 \)-th next primitive instruction instead of the \( i \)-th one if a natural number \( i \leq n \) is produced.

For each \( a \in \mathfrak{A} \), the instructions \(+a\) and \(-a\) are considered essentially the same as the instructions \(+2:a\) and \(-2:a\), respectively. For that reason, the reply \( T \) is identified with the reply 1 and the reply \( F \) is identified with the reply 2.

\( \text{PGA}_{mr} \) has a constant \( u \) for each \( u \in \mathfrak{I}_{mr} \). The operators of \( \text{PGA}_{mr} \) are the same as the operators as \( \text{PGA} \). Likewise, the axioms of \( \text{PGA}_{mr} \) are the same as the axioms as \( \text{PGA} \).

The intuition concerning multiple-reply test instructions given above will be made fully precise in Section 4, using an extension of basic thread algebra introduced in Section 3.

2.3 Process Construction and Interaction with Services

Recall that, in \( \text{PGA}_{mr} \), it is assumed that a fixed but arbitrary set \( \mathfrak{A} \) of basic instructions has been given. In the sequel, we will make use a version of \( \text{PGA}_{mr} \) in which the following additional assumptions relating to \( \mathfrak{A} \) are made:

- a fixed but arbitrary set \( \mathcal{F} \) of foci has been given;
- a fixed but arbitrary set \( \mathcal{M} \) of methods has been given;
- a fixed but arbitrary set \( \mathcal{A}\mathcal{A} \) of atomic actions has been given;
- \( \mathfrak{A} \) consists of:
  - for each \( f \in \mathcal{F} \), \( m \in \mathcal{M} \), \( \text{a program-service interaction instruction} f.m \);
  - for each \( n \in \mathbb{N}^+ \), for each \( e_1, \ldots, e_n \in \mathcal{A}\mathcal{A} \), \( \text{a process construction instruction} \text{ac}(e_1, \ldots, e_n) \).

Each focus plays the role of a name of some service provided by an execution environment that can be requested to process a command. Each method plays the role of a command proper. Executing a basic instruction \( f.m \) is taken as making a request to the service named \( f \) to process command \( m \).

On execution of a basic instruction \( \text{ac}(e_1, \ldots, e_n) \), first a non-deterministic choice between the atomic actions \( e_1, \ldots, e_n \) is made and then the chosen atomic action is performed. The reply 1 is produced if \( e_1 \) is performed, \( \ldots \), the reply \( n \) is produced if \( e_n \) is performed. Basic instructions of this kind are material to produce all regular processes by single-pass instruction sequences.

We will write \( \text{PGA}_{mr}^{pc} \) for the version of \( \text{PGA}_{mr} \) in which the above-mentioned additional assumptions are made.
The intuition concerning program-service interaction instructions given above will be made fully precise in Section 8, using an extension of basic thread algebra. The intuition concerning process construction instructions given above will be made fully precise in Section 6, using the process algebra introduced in Section 5. It will not be made fully precise using an extension of basic thread algebra because it is considered a basic property of threads that they are deterministic behaviours.

3 Basic Thread Algebra with Postconditional Switching

In this section, we first review BTA (Basic Thread Algebra) and then extend it with postconditional switching. All regular processes can be produced by threads as considered in BTA extended with postconditional switching provided use is made of basic actions of a particular kind. Those basic actions, which are the counterparts of the process construction instructions from PGA$_{mr}^{pc}$, are also introduced.

3.1 Basic Thread Algebra

BTA is concerned with the behaviours that sequential programs exhibit on execution. These behaviours are called threads.

In BTA, it is assumed that a fixed but arbitrary set $\mathcal{A}$ of basic actions, with $\tau \notin \mathcal{A}$, has been given. Besides, $\tau$ is a special basic action. We write $\mathcal{A}_{\tau}$ for $\mathcal{A} \cup \{\tau\}$. A thread performs basic actions in a sequential fashion. Upon each basic action performed, a reply from the execution environment of the thread determines how it proceeds. The possible replies are $T$ and $F$. Performing $\tau$, which is considered performing an internal action, always leads to the reply $T$.

Although BTA is one-sorted, we make this sort explicit. The reason for this is that we will extend BTA with an additional sort in Section 8.

BTA has one sort: the sort $T$ of threads. To build terms of sort $T$, it has the following constants and operators:

- the deadlock constant $D : T$;
- the termination constant $S : T$;
- for each $a \in \mathcal{A}_{\tau}$, the binary postconditional composition operator $\preceq a \succeq : T \times T \rightarrow T$.

We assume that there are infinitely many variables of sort $T$, including $x, y, z$. Terms of sort $T$ are built as usual. We use infix notation for the postconditional composition operator. We introduce basic action prefixing as an abbreviation: $a \circ p$ abbreviates $p \preceq a \succeq p$.

The thread denoted by a closed term of the form $p \preceq a \succeq q$ will first perform $a$, and then proceed as the thread denoted by $p$ if the reply from the execution environment is $T$ and proceed as the thread denoted by $q$ if the reply from the execution environment is $F$. The threads denoted by $D$ and $S$ will become inactive and terminate, respectively.
Table 2. Axiom of BTA
\[ x \triangleright \tau \triangleright y = x \triangleright \tau \triangleright x \quad \text{T1} \]

Table 3. Axioms for guarded recursion
\[
\begin{align*}
\langle X \mid E \rangle &= \langle t_X \mid E \rangle & \text{if } X = t_X \in E & \quad \text{RDP} \\
E &\Rightarrow X = \langle X \mid E \rangle & \text{if } X \in V(E) & \quad \text{RSP}
\end{align*}
\]

Table 4. Approximation induction principle
\[
\begin{align*}
\bigwedge_{n \geq 0} \pi_n(x) &= \pi_n(y) \Rightarrow x = y & \quad \text{AIP} \\
\pi_0(x) &= D & \quad \text{P0} \\
\pi_{n+1}(S) &= S & \quad \text{P1} \\
\pi_{n+1}(D) &= D & \quad \text{P2} \\
\pi_{n+1}(x \triangleright a \triangleright y) &= \pi_n(x) \triangleright a \triangleright \pi_n(y) & \quad \text{P3}
\end{align*}
\]

BTA has only one axiom. This axiom is given in Table 2. Using the abbreviation introduced above, axiom T1 can be written as follows: \( x \triangleright \tau \triangleright y = \tau \triangleright x \).

Notice that each closed BTA term denotes a thread that will become inactive or terminate after it has performed finitely many actions. Infinite threads can be described by guarded recursion.

A guarded recursive specification over BTA is a set of recursion equations \( E = \{ X = t_X \mid X \in V \} \), where \( V \) is a set of variables of sort \( T \) and each \( t_X \) is a BTA term of the form \( D, S \) or \( t \triangleright a \triangleright t' \) with \( t \) and \( t' \) that contain only variables from \( V \). We write \( V(E) \) for the set of all variables that occur in \( E \). We are only interested in models of BTA in which guarded recursive specifications have unique solutions, such as the projective limit model of BTA presented in [2].

For each guarded recursive specification \( E \) and each \( X \in V(E) \), we introduce a constant \( \langle X \mid E \rangle \) of sort \( T \) standing for the unique solution of \( E \) for \( X \). The axioms for these constants are given in Table 3. In this table, we write \( \langle t_X \mid E \rangle \) for \( t_X \) with, for all \( Y \in V(E) \), all occurrences of \( Y \) in \( t_X \) replaced by \( \langle Y \mid E \rangle \). \( X, t_X \) and \( E \) stand for an arbitrary variable of sort \( T \), an arbitrary BTA term of sort \( T \) and an arbitrary guarded recursive specification over BTA, respectively. Side conditions are added to restrict what \( X, t_X \) and \( E \) stand for.

Closed terms that denote the same infinite thread cannot always be proved equal by means of the axioms given in Table 3. We introduce AIP (Approximation Induction Principle) to remedy this. AIP is based on the view that two threads are identical if their approximations up to any finite depth are identical. The approximation up to depth \( n \) of a thread is obtained by cutting it off after it has performed \( n \) actions. In AIP, the approximation up to depth \( n \) is phrased in terms of the unary projection operator \( \pi_n : T \rightarrow T \). AIP and the axioms for the projection operators are given in Table 4. In this table, \( a \) stands for an arbitrary basic action from \( A_{\tau} \).
3.2 Postconditional Switching

We introduce BTAPCS, an extension of BTA with postconditional switching. Post-
conditional switching is like postconditional composition, but covers the case
where the execution environment produces reply values from the set \( \mathbb{N}^+ \) instead
of the set \{T, F\}. Postconditional switching was first introduced in [6].

In BTAPCS, like in BTA, it is assumed that a fixed but arbitrary set \( \mathcal{A} \) of basic
actions, with \( \text{tau} \notin \mathcal{A} \), has been given. BTAPCS has the constants and operators
of BTA and in addition:

- for each \( a \in \mathcal{A}_{\text{tau}} \) and \( k \in \mathbb{N}^+ \), the \( k \)-ary postconditional switch
  operator
  \[
  a \uparrow_k : \underbrace{T \times \cdots \times T}_{k \text{ times}} \rightarrow T.
  \]

The thread denoted by a closed terms of the form \( a \uparrow_k (p_1, \ldots, p_k) \) will first
perform \( a \), and then proceed as the thread denoted by \( p_1 \) if the processing of \( a \)
leads to the reply 1, . . . , proceed as the thread denoted by \( p_k \) if the processing
of \( a \) leads to the reply \( k \).

For each \( a \in \mathcal{A}_{\text{tau}} \), the operator \( \uparrow a \uparrow \) is considered essentially the same as
the operator \( a \uparrow_2 \). For that reason, the reply T is identified with the reply 1 and
the reply F is identified with the reply 2.

Without additional assumptions about the set \( \mathcal{A} \) of basic actions, axioms S1
and T2 from Table 5 are the only axioms for postconditional switching. Axiom
S1 expresses that the operators \( \uparrow a \uparrow \) and \( a \uparrow_2 \) are essentially the same. Like
axiom T1, axiom T2 reflects that performing \( \text{tau} \) always leads to the reply 1.

Guarded recursion can be added to BTAPCS as it is added to BTA in Section 3.1.

3.3 Process Construction and Interaction with Services

Recall that, in BTAPCS, it is assumed that a fixed but arbitrary set \( \mathcal{A} \) of basic
actions has been given. Like in the case of PGA \(_{mr} \), we will make use in the sequel
of a version of BTAPCS in which the following additional assumptions relating to
\( \mathcal{A} \) are made:

- a fixed but arbitrary set \( \mathcal{F} \) of foci has been given;
- a fixed but arbitrary set \( \mathcal{M} \) of methods has been given;
- a fixed but arbitrary set \( \mathcal{AA} \) of atomic actions has been given;
- \( \mathcal{A} \) consists of:
  - for each \( f \in \mathcal{F} \) and \( m \in \mathcal{M} \), a thread-service interaction action \( f.m \);
  - for each \( n \in \mathbb{N}^+ \), for each \( e_1, \ldots, e_n \in \mathcal{AA} \), a process construction action
    \( \text{ac}(e_1, \ldots, e_n) \).

Like in the case of PGA \(_{mr} \), performing a basic instruction \( f.m \) is taken as
making a request to the service named \( f \) to process command \( m \).

Like in the case of PGA \(_{mr} \), on performing a basic action \( \text{ac}(e_1, \ldots, e_n) \), first
a non-deterministic choice between the atomic actions \( e_1, \ldots, e_n \) is made and
Table 5. Axioms for postconditional switching

| \( x \leq a \geq y = a \geq x, y \) | S1 |
| \( ac(e_1, \ldots, e_n) \geq_k (x_1, \ldots, x_k) = ac(e_1, \ldots, e_n) \geq_n (x_1, \ldots, x_n) \) | S2 |
| \( \text{if } n < k \) |
| \( ac(e_1, \ldots, e_n) \geq_k (x_1, \ldots, x_k) = ac(e_1, \ldots, e_n) \geq_n (x_1, \ldots, x_k, D, \ldots, D) \) | S3 |
| \( \text{if } n > k \) |
| \( \text{if } n = k \) |
| \( \tau \geq_k (x_1, \ldots, x_k) = \tau \geq_k (x_1, \ldots, x_k) \) | T2 |

Then the chosen atomic action is performed. The reply 1 is produced if \( e_1 \) is performed, \( \ldots \), the reply \( n \) is produced if \( e_n \) is performed.

In Table 5, axioms are given for the postconditional switching operators which cover the case where the above-mentioned additional assumptions about \( A \) are made. In this table, \( a \) stands for an arbitrary basic action from \( A_{\tau} \) and \( e_1, \ldots, e_n \) stand for arbitrary atomic actions from \( AA \).

Axioms S2 and S3 stipulate that a thread denoted by a term of the form \( ac(e_1, \ldots, e_n) \geq_k (p_1, \ldots, p_k) \) behaves as if it concerns a \( n \)-ary postconditional switch if \( n \neq k \). The \( n \)-ary postconditional switch in question is obtained by removing \( p_{n+1}, \ldots, p_k \) if \( n < k \), and is obtained by adding \( D \) sufficiently many times if \( n > k \).

We will write \( \text{BTA}_{\text{pcs}} \) for the version of \( \text{BTA}_{\text{pcs}} \) in which the above-mentioned additional assumptions are made.

4 Thread Extraction

In this short section, we use \( \text{BTA}_{\text{pcs}} \) with guarded recursion to make mathematically precise what threads are produced by the single-pass instruction sequences denoted by closed PGA\textsubscript{mr} terms.

The thread extraction operation \(|\cdot|\) determines, for each closed PGA\textsubscript{mr} term \( P \), a closed term of \( \text{BTA}_{\text{pcs}} \) with guarded recursion that denotes the thread produced by the single-pass instruction sequence denoted by \( P \). The thread extraction operation is defined by the equations given in Table 6 (for \( a \in \mathfrak{A} \), \( n \in \mathbb{N}^+ \), \( l \in \mathbb{N} \), and \( u \in \mathfrak{I}_{\text{mr}} \)) and the rule that \(|# l ; X| = D \) if \#l is the beginning of an infinite jump chain. This rule is formalized in e.g. [5].

The equations in Table 6 relating to the primitive instructions of PGA are the equations that have been used to define the thread extraction operation for PGA in most earlier work on PGA (see e.g. [5, 9]). The additional equations relating to multiple-reply test instructions are obvious generalizations of the equations relating to the test instructions of PGA.

Let \( P \) be a closed PGA\textsubscript{mr} term. Then we say that \(|P|\) is the thread produced by \( P \).
Table 6. Defining equations for thread extraction operation

<table>
<thead>
<tr>
<th>a</th>
<th>a ◦ D</th>
</tr>
</thead>
<tbody>
<tr>
<td>a ; X</td>
<td>a ◦</td>
</tr>
<tr>
<td>+a</td>
<td>a ◦ D</td>
</tr>
<tr>
<td>+a ; X</td>
<td></td>
</tr>
<tr>
<td>−a</td>
<td>a ◦ D</td>
</tr>
<tr>
<td>−a ; X</td>
<td></td>
</tr>
<tr>
<td>++n:a</td>
<td>a ◦ D</td>
</tr>
<tr>
<td>++n:a ; X</td>
<td>a ≥n (</td>
</tr>
<tr>
<td>−n:a</td>
<td>a ◦ D</td>
</tr>
<tr>
<td>−n:a ; X</td>
<td>a ≥n (</td>
</tr>
</tbody>
</table>

<table>
<thead>
<tr>
<th>#l</th>
<th>D</th>
</tr>
</thead>
<tbody>
<tr>
<td>#0 ; X</td>
<td>D</td>
</tr>
<tr>
<td>#1 ; X</td>
<td></td>
</tr>
<tr>
<td>#l + 2 ; u</td>
<td>D</td>
</tr>
<tr>
<td>#l + 2 ; u ; X</td>
<td></td>
</tr>
</tbody>
</table>

5 Process Algebra

In this section, we review \( ACP^7 \) (Algebra of Communicating Processes with abstraction). This is the process algebra that will be used in Section 6 to make precise what processes are produced by the single-pass instruction sequences denoted by closed PGA\(_{\text{for}}\) terms.

In \( ACP^7 \), it is assumed that a fixed but arbitrary set \( A \) of atomic actions, with \( τ, δ / \notin A \), and a fixed but arbitrary commutative and associative function \( | : A \cup \{ τ \} \times A \cup \{ τ \} \rightarrow A \cup \{ δ \} \), with \( τ | e = δ \) for all \( e \in A \cup \{ τ \} \), have been given. The function \( | \) is regarded to give the result of synchronously performing any two atomic actions for which this is possible, and to give \( δ \) otherwise. In \( ACP^7 \), \( τ \) is a special atomic action, called the silent step. The act of performing the silent step is considered unobservable. Because it would otherwise be observable, the silent step is considered an atomic action that cannot be performed synchronously with other atomic actions. We write \( A_τ \) for \( A \cup \{ τ \} \).

\( ACP^7 \) has the following constants and operators:

- for each \( e \in A \), the atomic action constant \( e \);
- the silent step constant \( τ \);
- the deadlock constant \( δ \);
- the binary alternative composition operator \( + \);
- the binary sequential composition operator \( \cdot \);
- the binary parallel composition operator \( \parallel \);
- the binary left merge operator \( \lfloor \lfloor \);
- the binary communication merge operator \( | \);
- for each \( H \subseteq A \), the unary encapsulation operator \( \partial_H \);
- for each \( I \subseteq A \), the unary abstraction operator \( τ_I \).

We assume that there are infinitely many variables. Terms are built as usual. We use infix notation for the binary operators.

Let \( p \) and \( q \) be closed \( ACP^7 \) terms, \( e \in A \), and \( H, I \subseteq A \). Intuitively, the constants and operators to build \( ACP^7 \) terms can be explained as follows:
– $e$ first performs atomic action $e$ and next terminates successfully;
– $\tau$ performs an unobservable atomic action and next terminates successfully;
– $\delta$ can neither perform an atomic action nor terminate successfully;
– $p + q$ behaves either as $p$ or as $q$, but not both;
– $p \cdot q$ first behaves as $p$ and on successful termination of $p$ it next behaves as $q$;
– $p \parallel q$ behaves as the process that proceeds with $p$ and $q$ in parallel;
– $p \mid q$ behaves as $p$, except that atomic actions from $I$ are turned into unobservable atomic actions.

The operators $\parallel$ and $\mid$ are of an auxiliary nature. They are needed to axiomatize ACP$^\tau$. The axioms of ACP$^\tau$ are given in e.g. [7].

We write $\sum_{i \in S} p_i$, where $S = \{i_1, \ldots, i_n\}$ and $p_{i_1}, \ldots, p_{i_n}$ are ACP$^\tau$ terms, for $p_{i_1} + \ldots + p_{i_n}$. The convention is that $\sum_{i \in S} p_i$ stands for $\delta$ if $S = \emptyset$.

A recursive specification over ACP$^\tau$ is a set of recursion equations $E = \{X = t_X \mid X \in V\}$, where $V$ is a set of variables and each $t_X$ is an ACP$^\tau$ term containing only variables from $V$. Let $t$ be an ACP$^\tau$ term without occurrences of abstraction operators containing a variable $X$. Then an occurrence of $X$ in $t$ is guarded if $t$ has a subterm of the form $e \cdot t'$ where $e \in A$ and $t'$ is a term containing this occurrence of $X$. Let $E$ be a recursive specification over ACP$^\tau$. Then $E$ is a guarded recursive specification if, in each equation $X = t_X \in E$:
(i) abstraction operators do not occur in $t_X$ and (ii) all occurrences of variables in $t_X$ are guarded or $t_X$ can be rewritten to such a term using the axioms of ACP$^\tau$ in either direction and/or the equations in $E$ except the equation $X = t_X$ from left to right. We only consider models of ACP$^\tau$ in which guarded recursive specifications have unique solutions, such as the models of ACP$^\tau$ presented in [1].

For each guarded recursive specification $E$ and each variable $X$ that occurs in $E$, we introduce a constant $\langle X | E \rangle$ standing for the unique solution of $E$ for $X$. The axioms for these constants are given in [7].

6 Process Extraction

In this section, we use ACP$^\tau$ with guarded recursion to make mathematically precise what processes are produced by the single-pass instruction sequences denoted by closed PGA$^\text{pcmr}$ terms.

For that purpose, $A$ and $|$ are taken such that:

$$A \subseteq A,$$

$$A \setminus A = \{s_f(d) \mid f \in F, d \in M \cup N\} \cup \{r_f(d) \mid f \in F, d \in M \cup N\}$$

$$\cup \{s_{\text{serv}}(r) \mid r \in N\} \cup \{r_{\text{serv}}(m) \mid m \in M\} \cup \{\text{stop, stop, stop}^*, i\}$$
Table 7. Defining equations for process extraction operation

| \( |X|' = X \) | \( |S|' = \text{stop} \) | \( |D|' = i \cdot \delta \) |
| \( |t_1 \preceq \text{tau} \preceq t_2|' = i \cdot i \cdot |t_1|' \) | \( |t_1 \preceq f.m \preceq t_2|' = s_f(m) \cdot (r_f(1) \cdot |t_1|' + r_f(2) \cdot |t_2|') \) | \( |t_1 \preceq \text{ac}(e_1, \ldots, e_n) \preceq t_2|' = e_1 \cdot |t_1|' + e_2 \cdot |t_2|' + \ldots + e_n \cdot |t_2|' \) |
| \( |\text{tau} \succeq_k (t_1, \ldots, t_k)|' = i \cdot i \cdot |t_1|' \) | \( |f.m \succeq_k (t_1, \ldots, t_k)|' = s_f(m) \cdot (r_f(1) \cdot |t_1|' + \ldots + r_f(k) \cdot |t_k|') \) | \( |\text{ac}(e_1, \ldots, e_n) \succeq_k (t_1, \ldots, t_k)|' = e_1 \cdot |t_1|' + \ldots + e_k \cdot |t_k|' + e_{k+1} \cdot i \cdot \delta + \ldots + e_n \cdot i \cdot \delta \) |

\( |\langle X|E \rangle|' = \langle X | \{X |' = |t_{X'}|' \mid X' = t_{X'}, \in E\rangle \) 

and for all \( e, e' \in \mathbb{A}, f \in \mathbb{F}, d \in \mathbb{M} \cup \mathbb{N}, m \in \mathbb{M} \), and \( r \in \mathbb{N} \):

\[
\begin{align*}
  s_f(d) | r_f(d) = i, & \quad \text{stop} | \text{stop} = \text{stop}^*, \\
  s_f(d) | e = \delta & \quad \text{if } e \neq r_f(d), \quad \text{stop} | e = \delta & \quad \text{if } e \neq \text{stop}, \\
  e | r_f(d) = \delta & \quad \text{if } e \neq s_f(d), \quad e | \text{stop} = \delta & \quad \text{if } e \neq \text{stop}, \\
  s_{\text{serv}}(r) | e = \delta, & \quad e | e = \delta, \quad \text{if } e' \in \mathbb{AA}, \\
  e | r_{\text{serv}}(m) = \delta, & \quad e' | e = \delta, \quad \text{if } e' \in \mathbb{AA}.
\end{align*}
\]

The process extraction operation \( |. | \) determines, for each closed BTAPcs term \( p \), a closed term of ACP' with guarded recursion that denotes the process produced by the thread denoted by \( p \). The process extraction operation \( |. | \) is defined by \( |p| = \tau(\text{stop}) \left( |p'| \right) \), where \( |p'| \) is defined by the equations given in Table 7 (for \( f \in \mathbb{F}, m \in \mathbb{M}, \) and \( e_1, \ldots, e_n \in \mathbb{AA} \)).

Two atomic actions are involved in performing a basic action of the form \( f.m \): one for sending a request to process command \( m \) to the service named \( f \) and another for receiving a reply from that service upon completion of the processing. Performing a basic action of the form \( \text{ac}(e_1, \ldots, e_n) \) always gives rise to a non-deterministic choice between \( n \) alternatives, where \( e_i \) is the first atomic action of the \( i \)-th alternatives.

For each closed BTAPcs term \( p \), \( |p|' \) denotes a process that will perform a special termination action just before successful termination. Abstracting from this termination action yields the process denoted by \( |p| \). In Section 8, BTAPcs is extended with use operators, which are concerned with threads making use of services. The process extraction operation \( |. | \) for BTAPcs is defined here in terms of \( |. |' \) to allow for the process extraction operation for the extension of BTAPcs with use operators to be defined easily.
Some actions introduced above are not used in the definition of the process extraction operation for BTAP_{pcs}. Those actions are used in the definition of the process extraction operation for the extension of BTAP_{pcs} with use operators.

Let $p$ be a closed BTAP_{pcs} term and $P$ be a closed PGA_{mr} term. Then we say that $|p|$ is the process produced by $p$ and $||P||$ is the process produced by $P$.

The process extraction operation preserves the axioms of BTAP_{pcs} with guarded recursion. Roughly speaking, this means that the translations of these axioms are derivable from the axioms of ACP$^\tau$ with guarded recursion. Before we make this fully precise, we have a closer look at the axioms of BTAP_{pcs} with guarded recursion.

A proper axiom is an equation or a conditional equation. In Tables 3 and 5, we do not find proper axioms. Instead of proper axioms, we find axiom schemas without side conditions and axiom schemas with syntactic side conditions. The axioms of BTAP_{pcs} with guarded recursion are obtained by replacing each axiom schema by all its instances.

We define a function $|$ from the set of all equations and conditional equations of BTAP_{pcs} with guarded recursion to the set of all equations of ACP$^\tau$ with guarded recursion as follows:

\[
|t_1 = t_2| = |t_1| = |t_2|,
\]

\[
|E \Rightarrow t_1 = t_2| = \{|t_1'| = |t_2'| \mid t_1' = t_2' \in E\} \Rightarrow |t_1| = |t_2|.
\]

**Proposition 1.** Let $\phi$ be an axiom of BTAP_{pcs} with guarded recursion. Then $|\phi|$ is derivable from the axioms of ACP$^\tau$ with guarded recursion.

**Proof.** The proof is trivial. \qed

Proposition 1 would go through if no abstraction of the above-mentioned special termination action was made. However, the expressiveness results for PGA_{mr} relating to processes that are presented in Section 7 would not go through. Notice further that ACP$^\tau$ without the silent step constant and the abstraction operator, better known as ACP, would suffice if no abstraction of the special termination action was made.

### 7 Expressiveness of PGA_{mr}

In this section, we show that all regular processes can be produced by the single-pass instruction sequences considered in program algebra with multiple-reply test instructions.

We begin by making precise what it means that a thread can only be in a finite number of states. We assume that a fixed but arbitrary model $M$ of BTAP_{pcs} extended with guarded recursion has been given, we use the term thread only for the elements from the domain of $M$, and we denote the interpretations of constants and operators in $M$ by the constants and operators themselves.

Let $p$ be a thread. Then the set of states or residual threads of $p$, written $\text{Res}(p)$, is inductively defined as follows:
Let $p$ be a thread and let $A' \subseteq A_{\tau}$. Then $p$ is \textit{regular} over $A'$ if the following conditions are satisfied:

- $\text{Res}(p)$ is finite;
- for all $q, r \in \text{Res}(p)$ and $a \in A_{\tau}$, $q \trianglelefteq a \trianglerighteq r \in \text{Res}(p)$ implies $a \in A'$;
- for all $p_1, \ldots, p_k \in \text{Res}(p)$ and $a \in A_{\tau}$, $a \trianglerighteq_k (p_1, \ldots, p_k) \in \text{Res}(p)$ implies $a \in A'$.

We say that $p$ is \textit{regular} if $p$ is regular over $A_{\tau}$.

We will make use of the fact that being a regular thread coincides with being the solution of a finite guarded recursive specification in which the right-hand sides of the recursion equations are of a restricted form.

A \textit{linear recursive specification} over $\text{BTA}_{\text{pcs}}$ is a guarded recursive specification $E = \{X = t_X \mid X \in V\}$ over $\text{BTA}_{\text{pcs}}$, where each $t_X$ is a term of the form $D, S, Y \trianglelefteq a \trianglerighteq Z$ with $Y, Z \in V$ or $a \trianglerighteq_k (X_1, \ldots, X_k)$ with $X_1, \ldots, X_k \in V$.

**Proposition 2.** Let $p$ be a thread and let $A' \subseteq A_{\tau}$. Then $p$ is regular over $A'$ iff there exists a finite linear recursive specification $E$ over $\text{BTA}_{\text{pcs}}$ in which only basic actions from $A'$ occur such that $p$ is the solution of $E$ for some $X \in V(E)$.

**Proof.** This proposition generalizes Theorem 1 from [9] from BTA to $\text{BTA}_{\text{pcs}}$ and from the projective limit model of BTA to an arbitrary model of $\text{BTA}_{\text{pcs}}$. However, the proof of that theorem is applicable to any model of BTA and the adaptations needed to take postconditional switching operators and their interpretations into account are trivial. \hfill $\Box$

All regular threads over $A$ can be produced by the single-pass instruction sequences considered in program algebra with multiple-rep ly test instructions.

**Proposition 3.** For each thread $p$ that is regular over $A$, there exists a closed PGA$_{\text{mr}}$ term $P$ such that $p$ is the thread denoted by $\langle P \rangle$.

**Proof.** This proposition generalizes one direction of Proposition 2 from [9] from PGA to PGA$_{\text{mr}}$ and from the projective limit model of BTA to an arbitrary model of $\text{BTA}_{\text{pcs}}$. However, the proof of that proposition is applicable to any model of BTA and the adaptations needed to take multiple-rep ly test instructions and the interpretations of postconditional switching operators into account are trivial. \hfill $\Box$

We proceed by making precise what it means that a process can only be in a finite number of states. We assume that a fixed but arbitrary model $\mathfrak{M}$ of $\text{ACP}$ with guarded recursion has been given, we use the term process only for the elements from the domain of $\mathfrak{M}$, and we denote the interpretations of constants and operators in $\mathfrak{M}$ by the constants and operators themselves.

Let $p$ be a process. Then the set of \textit{states} or \textit{subprocesses} of $p$, written $\text{Sub}(p)$, is inductively defined as follows:
– \( p \in \text{Sub}(p) \);
– if \( e \cdot q \in \text{Sub}(p) \), then \( q \in \text{Sub}(p) \);
– if \( e \cdot q + r \in \text{Sub}(p) \), then \( q \in \text{Sub}(p) \).

Let \( p \) be a process and let \( \mathcal{A}' \subseteq \mathcal{A} \). Then \( p \) is regular over \( \mathcal{A}' \) if the following conditions are satisfied:

– \( \text{Sub}(p) \) is finite;
– for all \( q \in \text{Sub}(p) \) and \( e \in \mathcal{A} \), \( e \cdot q \in \text{Sub}(p) \) implies \( e \in \mathcal{A}' \);
– for all \( q, r \in \text{Sub}(p) \) and \( e \in \mathcal{A} \), \( e \cdot q + r \in \text{Sub}(p) \) implies \( e \in \mathcal{A}' \).

We say that \( p \) is regular if \( p \) is regular over \( \mathcal{A} \).

We will make use of the fact that being a regular process over \( \mathcal{A} \) coincides with being the solution of a finite guarded recursive specification in which the right-hand sides of the recursion equations are linear terms. Linearity of terms is inductively defined as follows:

– \( \delta \) is linear;
– if \( e \in \mathcal{A} \), then \( e \) is linear;
– if \( e \in \mathcal{A} \) and \( X \) is a variable, then \( e \cdot X \) is linear;
– if \( t \) and \( t' \) are linear, then \( t + t' \) is linear.

A linear recursive specification over \( \text{ACP}^\gamma \) is a guarded recursive specification \( E = \{ X = t_X \mid X \in V \} \) over \( \text{ACP}^\gamma \), where each \( t_X \) is linear.

**Proposition 4.** Let \( p \) be a process and let \( \mathcal{A}' \subseteq \mathcal{A} \). Then \( p \) is regular over \( \mathcal{A}' \) iff there exists a finite linear recursive specification \( E \) over \( \text{ACP}^\gamma \) in which only atomic actions from \( \mathcal{A}' \) occur such that \( p \) is the solution of \( E \) for some \( X \in V(E) \).

*Proof.* The proof follows the same line as the proof of Proposition 2. \( \square \)

**Remark.** Proposition 4 is concerned with processes that are regular over \( \mathcal{A} \). We can also prove that being a regular process over \( \mathcal{A} \) coincides with being the solution of a finite linear recursive specification over \( \text{ACP}^\gamma \) if we assume that the cluster fair abstraction rule [7] holds in the model \( \mathcal{M}' \). However, we do not need this more general result.

All regular processes over \( \mathcal{A} \) can be produced by the single-pass instruction sequences considered in program algebra with multiple-reply test instructions.

**Theorem 1.** For each process \( p \) that is regular over \( \mathcal{A} \), there exists a closed PGA\(_{\text{mr}} \) term \( P \) such that \( p \) is the process denoted by \( \|P\| \).

*Proof.* By Propositions 2, 3 and 4, it is sufficient to show that, for each finite linear recursive specification \( E \) over \( \text{ACP}^\gamma \) in which only atomic actions from \( \mathcal{A} \) occur, there exists a finite linear recursive specification \( E' \) over \( \text{BTA}_{\text{pcs}} \) such that \( \langle X|E \rangle = |\langle X|E' \rangle| \) for all \( X \in V(E) \).

Take the finite linear recursive specification \( E \) over \( \text{ACP}^\gamma \) that consists of the recursion equations

\[
X_i = e_{i1} \cdot X_{i1} + \ldots + e_{ik_i} \cdot X_{ik_i} + e'_{i1} + \ldots + e'_{il_i},
\]
where \( e_{i1}, \ldots, e_{ik}, e'_{i1}, \ldots, e'_{il} \in \mathcal{AA} \), for \( i \in \{1, \ldots, n\} \). Then construct the finite linear recursive specification \( E' \) over \( \text{BTAP}_{\text{pcs}}^{\text{ag}} \) that consists of the recursion equations

\[
X_i = \text{ac}(e_{i1}, \ldots, e_{ik}, e'_{i1}, \ldots, e'_{il}) \models_{k_i+l_i} (X_{i1}, \ldots, X_{ik}, S, \ldots, S)
\]

for \( i \in \{1, \ldots, n\} \). It follows immediately from the definition of the process extraction operation that \( \langle X | E \rangle = |\langle X | E' \rangle| \) for all \( X \in V(E) \).

Multiple-reply test instructions and postconditional switching have been introduced because process construction instructions of the form \( \text{ac}(e_1, \ldots, e_n) \) with \( n > 2 \) look to be necessary to obtain this result. However, a similar result can also be obtained for closed \( \text{PGA}_{\text{mr}}^{\text{ag}} \) terms in which only basic instructions of the form \( \text{ac}(e_1, e_2) \) occur if we assume that the cluster fair abstraction rule [7] holds in the model \( \mathcal{M} \).

**Theorem 2.** Assume that CFAR (Cluster Fair Abstraction Rule) holds in \( \mathcal{M} \). Let \( t \in \mathcal{AA} \). Then, for each process \( p \) that is regular over \( \mathcal{AA} \setminus \{t\} \), there exists a closed \( \text{PGA}_{\text{mr}}^{\text{ag}} \) term \( P \) in which only basic instructions of the form \( \text{ac}(e, t) \) occur such that \( \tau \cdot P \) is the process denoted by \( \tau \cdot \tau_{\{t\}}(\langle \langle |P| \rangle \rangle) \).

**Proof.** By Propositions 2, 3 and 4 and the definition of the thread extraction operation, it is sufficient to show that, for each finite linear recursive specification \( E \) over \( \text{ACP} \) in which only atomic actions from \( \mathcal{AA} \setminus \{t\} \) occur, there exists a finite linear recursive specification \( E' \) over \( \text{BTAP}_{\text{pcs}}^{\text{ag}} \) in which only basic actions of the form \( \text{ac}(e, t) \) occur such that \( \tau \cdot \langle X | E \rangle = \tau \cdot \tau_{\{t\}}(|\langle X | E' \rangle|) \) for all \( X \in V(E) \).

Take the finite linear recursive specification \( E \) over \( \text{ACP} \) that consists of the recursion equations

\[
X_i = e_{i1} \cdot X_{i1} + \ldots + e_{ik} \cdot X_{ik} + e'_{i1} + \ldots + e'_{il},
\]

where \( e_{i1}, \ldots, e_{ik}, e'_{i1}, \ldots, e'_{il} \in \mathcal{AA} \setminus \{t\} \), for \( i \in \{1, \ldots, n\} \). Then construct the finite linear recursive specification \( E' \) over \( \text{BTAP}_{\text{pcs}}^{\text{ag}} \) that consists of the recursion equations

\[
X_i = X_{i1} \models \text{ac}(e_{i1}, t) \models (\ldots (X_{ik} \models \text{ac}(e_{ik}, t) \models (S \models \text{ac}(e'_{i1}, t) \models (\ldots (S \models \text{ac}(e'_{il}, t) \models X_i) \ldots)) \ldots)
\]

for \( i \in \{1, \ldots, n\} \); and the finite linear recursive specification \( E'' \) over \( \text{ACP} \) that consists of the recursion equations

\[
X_i = e_{i1} \cdot X_{i1} + t \cdot Y_{i2}, \quad Z_{i1} = e'_{i1} + t \cdot Z_{i2}, \\
Y_{i2} = e_{i2} \cdot X_{i2} + t \cdot Y_{i3}, \quad Z_{i2} = e'_{i2} + t \cdot Z_{i3}, \\
\vdots \quad \vdots \quad \vdots \\
Y_{ik_i} = e_{ik_i} \cdot X_{ik_i} + t \cdot Z_{i1}, \quad Z_{il_i} = e'_{il_i} + t \cdot X_i,
\]

where \( Y_{i2}, \ldots, Y_{ik_i}, Z_{i1}, \ldots, Z_{il_i} \) are fresh variables, for \( i \in \{1, \ldots, n\} \). It follows immediately from the definition of the process extraction operation that
\(|\langle X|E'\rangle| = \langle X|E''\rangle|\) for all \(X \in V(E)\). Moreover, it follows from CFAR that \(\tau \cdot \langle X|E'\rangle = \tau \cdot \tau(t) \langle \langle X|E''\rangle|\) for all \(X \in V(E)\). \(\Box\)

8 Services

An instruction sequence under execution may make use of services. That is, certain instructions may be executed for the purpose of having the behaviour produced by the instruction sequence affected by a service that takes those instructions as commands to be processed. Likewise, a thread may perform certain actions for the purpose of having itself affected by a service that takes those actions as commands to be processed. The processing of an action may involve a change of state of the service and at completion of the processing of the action the service returns a reply value to the thread. The reply value determines how the thread proceeds. In this section, we first review the use operators, which are concerned with threads making such use of services, and then extend the process extraction operation to the use operators. The use operators can be used in combination with the thread extraction operation from Section 4 to describe the behaviour produced by instruction sequences that make use of services.

8.1 Use Operators

A service \(H\) consists of

- a set \(S\) of states;
- an effect function \(\text{eff} : \mathcal{M} \times S \rightarrow S\);
- a yield function \(\text{yld} : \mathcal{M} \times S \rightarrow \mathbb{N}\);
- an initial state \(s_0 \in S\);

satisfying the following condition:

\[
\forall m \in \mathcal{M}, s \in S \cdot (\text{yld}(m, s) = 0 \Rightarrow \forall m' \in \mathcal{M} \cdot \text{yld}(m', \text{eff}(m, s)) = 0).
\]

The set \(S\) contains the states in which the service may be, and the functions \(\text{eff}\) and \(\text{yld}\) give, for each method \(m\) and state \(s\), the state and reply, respectively, that result from processing \(m\) in state \(s\). By the condition imposed on services, once the service has returned 0 as reply, it keeps returning 0 as reply.

Let \(H = (S, \text{eff}, \text{yld}, s_0)\) be a service and let \(m \in \mathcal{M}\). Then the derived service of \(H\) after processing \(m\), written \(\partial_m H\), is the service \((S, \text{eff}, \text{yld}, \text{eff}(m, s_0))\); and the reply of \(H\) after processing \(m\), written \(H(m)\), is \(\text{yld}(m, s_0)\).

When a thread makes a request to the service to process \(m\):

- if \(H(m) \neq 0\), then the request is accepted, the reply is \(H(m)\), and the service proceeds as \(\partial_m H\);
- if \(H(m) = 0\), then the request is rejected and the service proceeds as a service that rejects any request.
is removed in favour of basic action prefixing on the basis of the reply value in combination with the thread extraction operation the basic action \( \tau \) operator \( \in F \) by thread \( p \). Axioms for action renaming are given in [7]. We write \( \rho \) follows: \( \tau \) In order to extend the process extraction operation to the use operators, we

\[ \begin{align*}
S / / H & = S & \text{U1} \\
D / / H & = D & \text{U2} \\
(x \preceq \text{tau} \succeq y) / / H & = (x / / H) \preceq \text{tau} \succeq (y / / H) & \text{U3} \\
(x \preceq g.m \succeq y) / / H & = (x / / H) \preceq g.m \succeq (y / / H) & \text{if } f \neq g & \text{U4} \\
(x \preceq f.m \succeq y) / / H & = \text{tau} \circ (x / / f \frac{\partial m}{\partial m} H) & \text{if } H(m) = 1 & \text{U5} \\
(x \preceq f.m \succeq y) / / H & = \text{tau} \circ (y / / f \frac{\partial m}{\partial m} H) & \text{if } H(m) = 2 & \text{U6} \\
(x \preceq f.m \succeq y) / / H & = D & \text{if } H(m) = 0 & \text{U7} \\
(x \preceq \text{ac}(e_1, \ldots, e_n) \succeq y) / / H & = (x / / H) \preceq \text{ac}(e_1, \ldots, e_n) \succeq (y / / H) & \text{U8} \\
\text{tau} \succeq_k (x_1, \ldots, x_k) / / H & = \text{tau} \succeq_k (x_1 / / H, \ldots, x_k / / H) & \text{U9} \\
g.m \succeq_k (x_1, \ldots, x_k) / / H & = g.m \succeq_k (x_1 / / H, \ldots, x_k / / H) & \text{if } f \neq g & \text{U10} \\
f.m \succeq_k (x_1, \ldots, x_k) / / H & = \text{tau} \circ (x_i / / f \frac{\partial m}{\partial m} H) & \text{if } H(\langle m \rangle) = i \land i \in [1, k] & \text{U11} \\
f.m \succeq_k (x_1, \ldots, x_k) / / H & = D & \text{if } H(\langle m \rangle) \notin [1, k] & \text{U12} \\
\text{ac}(e_1, \ldots, e_n) \succeq_k (x_1, \ldots, x_k) / / H & = \text{ac}(e_1, \ldots, e_n) \succeq_k (x_1 / / H, \ldots, x_k / / H) & \text{U13} \\
\pi_n(x / / H) & = \pi_n(\pi_n(x) / / H) & \text{U14}
\end{align*} \]

We introduce the sort \( S \) of services and, for each \( f \in F \), the binary use operator \(- / / - : T \times S \to T\). The axioms for these operators are given in Table 8. Intuitively, \( p / / H \) is the thread that results from processing all actions performed by thread \( p \) that are of the form \( f.m \) by service \( H \). When a basic action of the form \( f.m \) performed by thread \( p \) is processed by service \( H \), it is turned into the basic action \( \tau \) and postconditional composition or postconditional switch is removed in favour of basic action prefixing on the basis of the reply value produced.

We add the use operators to PGA\_\text{PAC}^\tau \_m as well. We will only use the extension in combination with the thread extraction operation \( |_| \) and define \( |P / / H| = |P| / / H\). Hence, \( |P / / H| \) denotes the thread produced by \( P \) if \( P \) makes use of \( H \). If \( H \) is a service such as an unbounded counter, an unbounded stack or a Turing tape, then a non-regular thread may be produced.

### 8.2 Extending Process Extraction to the Use Operators

In order to extend the process extraction operation to the use operators, we need an extension of ACP\^\tau with action renaming operators. The unary action renaming operator \( \rho_R \), for \( R : A_\tau \to A_\tau \), such that \( R(\tau) = \tau \), can be explained as follows: \( \rho_R(p) \) behaves as \( p \) with each atomic action replaced according to \( R \). The axioms for action renaming are given in [7]. We write \( \rho_{e'\mapsto e''} \) for the renaming operator \( \rho_E \) with \( R \) defined by \( R(e') = e'' \) and \( R(e) = e \) if \( e \neq e' \).

We also need to define a set \( A_f \subseteq A \) and a function \( R_f : A_\tau \to A_\tau \) for each \( f \in F \):

\[ A_f = \{ s_f(d) \mid d \in \mathcal{M} \cup \mathbb{N} \} \cup \{ r_f(d) \mid d \in \mathcal{M} \cup \mathbb{N} \} ; \]
Proof. The proof is straightforward. We sketch the proof for axiom U4, writing $E_H$ for \( \{X_{H'} = \sum_{m \in M} r_{serv}(m) \cdot s_{serv}(H'(m)) \cdot X_{\Delta = H'} + \overline{\text{stop}} \mid H' \in \Delta(H)\} \).

By the definition of the process extraction operation, it is sufficient to show that \(|(x \leq f.m \geq y) / f H'| = |\tau \circ (x / f \overline{\Delta m} H)|'\) is derivable under the assumption that \(H(m) = 1\) holds. In outline, this goes as follows:

\[
| (x \leq f.m \geq y) / f H'| = \rho_{\text{stop}^* \ast \text{stop}}(\partial_{\text{stop}, \text{stop}^*}(\partial_{A_f}(s_f(m) \cdot r_f(m) \cdot y) \parallel \rho_{R_f}((X_{(X H | E_H)})))) = \tau \circ (x / f \overline{\Delta m} H)' \text{.}
\]

In the first and third step, we apply defining equations of \(|\_|'\). In the second step, we apply axioms of $ACP^\tau$ with action renaming and guarded recursion, and use the assumption that $H(m) = 1$. \qed
Let $P$ be a closed PGA\textsubscript{mr} term and $H$ be a service. Then $\langle P / f \rangle H$ denotes the process produced by $P$ if $P$ makes use of $H$. Instruction sequences that make use of services such as unbounded counters, unbounded stacks or Turing tapes are interesting because they may produce non-regular processes.

9 PGLD\textsubscript{mr} Programs and the Use of Boolean Registers

In this section, we show that all regular processes can also be produced by programs written in a program notation which is close to existing assembly languages, and even by programs in which no atomic action occurs more than once. The latter result requires programs that make use of Boolean registers.

9.1 The Program Notation PGLD\textsubscript{mr}

A hierarchy of program notations rooted in program algebra is introduced in [3]. One program notation that belongs to this hierarchy is PGLD, a very simple program notation which is close to existing assembly languages. It has absolute jump instructions and no explicit termination instruction. Here, we introduce PGLD\textsubscript{mr}, an extension of PGLD with multiple-reply test instructions.

In PGLD\textsubscript{mr}, like in PGA\textsubscript{mr}, it is assumed that there is a fixed but arbitrary finite set of \textit{basic instructions} $\mathcal{A}$. The primitive instructions of PGLD\textsubscript{mr} differ from the primitive instructions of PGA\textsubscript{mr} as follows: for each $l \in \mathbb{N}$, there is an \textit{absolute jump instruction} $##l$ instead of a forward jump instruction $#l$.

PGLD\textsubscript{mr} programs have the form $u_1; \ldots; u_k$, where $u_1, \ldots, u_k$ are primitive instructions of PGLD\textsubscript{mr}.

The effects of all instructions in common with PGA\textsubscript{mr} are as in PGA\textsubscript{mr} with one difference: if there is no next instruction to be executed, termination occurs. The effect of an absolute jump instruction $##l$ is that execution proceeds with the $l$-th instruction of the program concerned. If $##l$ is itself the $l$-th instruction, then deadlock occurs. If $l$ equals 0 or $l$ is greater than the length of the program, then termination occurs.

We define the meaning of PGLD\textsubscript{mr} programs by means of a function $\text{pgldmr2pga}$ from the set of all PGLD\textsubscript{mr} programs to the set of all closed PGA\textsubscript{mr} terms. This function is defined by

$$\text{pgldmr2pga}(u_1; \ldots; u_k) = (\phi_1(u_1); \ldots; \phi_k(u_k); !; !)^\omega,$$

where the auxiliary functions $\phi_j$ from the set of all primitive instructions of PGLD\textsubscript{mr} to the set of all primitive instructions of PGA\textsubscript{mr} are defined as follows ($1 \leq j \leq k$):

$$\begin{align*}
\phi_j(##l) &= #l - j & \text{if } j \leq l \leq k, \\
\phi_j(##l) &= #k + 2 - (j - l) & \text{if } 0 < l < j, \\
\phi_j(##l) &= ! & \text{if } l = 0 \lor l > k, \\
\phi_j(u) &= u & \text{if } u \text{ is not a jump instruction}.
\end{align*}$$

PGLD\textsubscript{mr} is as expressive as PGA\textsubscript{mr}.
Proposition 6. For each closed PGA\textsubscript{mr} term $P$, there exists a PGLD\textsubscript{mr} program $P'$ such that $|P| = |\text{pgldmr2pga}(P')|$.

Proof. In [3], a number of functions (called embeddings in that paper) are defined, whose composition gives, for each closed PGA term $P$, a PGLD program $P'$ such that $|P| = |\text{pgld2pga}(P')|$, where $\text{pgld2pga}$ is the restriction of $\text{pgldmr2pga}$ to PGLD programs. The extensions of the above-mentioned embeddings to cover multiple-reply test instructions are trivial because the embeddings change only jump and termination instructions. \hfill \Box

Below, we will write $\text{PGLD}\text{pc}_{\text{mr}}$ for the version of PGLD\textsubscript{mr} in which the additional assumptions relating to $\mathfrak{A}$ mentioned in Section 2.3 are made. As a corollary of Theorem 1 and Proposition 6, we have that all regular processes over $\mathcal{A}A$ can be produced by $\text{PGLD}\text{pc}_{\text{mr}}$ programs.

Corollary 1. For each process $p$ that is regular over $\mathcal{A}A$, there exists a PGLD\textsubscript{pc\textsubscript{mr}} program $P$ such that $p$ is the process denoted by $||\text{pgldmr2pga}(P)||$.

9.2 PGLD\textsubscript{mr} Programs Acting on Boolean Registers

First, we describe services that make up Boolean registers.

A Boolean register service accepts the following methods:

- a set to true method $\text{set:T}$;
- a set to false method $\text{set:F}$;
- a get method $\text{get}$.

We write $\mathcal{M}_{\text{BR}}$ for the set $\{\text{set:T}, \text{set:F}, \text{get}\}$. It is assumed that $\mathcal{M}_{\text{BR}} \subseteq \mathcal{M}$.

The methods accepted by Boolean register services can be explained as follows:

- $\text{set:T}$: the contents of the Boolean register becomes $T$ and the reply is $T$;
- $\text{set:F}$: the contents of the Boolean register becomes $F$ and the reply is $F$;
- $\text{get}$: nothing changes and the reply is the contents of the Boolean register.

Let $s \in \{T, F, B\}$. Then the Boolean register service with initial state $s$, written $BR_s$, is the service $\{\{T, F, B\}, \text{eff}, \text{eff}, s\}$, where the function $\text{eff}$ is defined as follows ($b \in \{T, F\}$):

\[
\begin{align*}
\text{eff}(\text{set:T}, b) &= T, & \text{eff} (m, b) &= B \quad \text{if } m \notin \mathcal{M}_{\text{BR}}, \\
\text{eff}(\text{set:F}, b) &= F, & \text{eff} (m, B) &= B. \\
\text{eff}(\text{get}, b) &= b.
\end{align*}
\]

Notice that the effect and yield functions of a Boolean register service are the same.

We have that, by making use of Boolean registers, PGLD\textsubscript{pc\textsubscript{mr}} programs in which no atomic action from $\mathcal{A}A$ occurs more than once can produce all regular processes over $\mathcal{A}A$. 21
Theorem 3. For each process \( p \) that is regular over \( \mathcal{A} \), there exists a PGLD\(_{\mathit{mr}}\) program \( P \) in which each atomic action from \( \mathcal{A} \) occurs no more than once such that \( p \) is the process denoted by \( |(\ldots(|\mathit{pgldmr2pga}(P)|/\mathit{br}:1 \mathit{BR}_F)\ldots)/\mathit{br}:k \mathit{BR}_F)| \), where \( k \) is the length of \( P \).

Proof. By the proof of Theorem 2 given in Section 7, it is sufficient to show that, for each thread \( p \) that is regular over \( A \), there exist a PGLD\(_{\mathit{mr}}\) program \( P \) in which each atomic action from \( A \) occurs no more than once and a \( k \in \mathbb{N}^+ \) such that \( p \) is the thread denoted by \((\ldots(|\mathit{pgldmr2pga}(P)|/\mathit{br}:1 \mathit{BR}_F)\ldots)/\mathit{br}:k \mathit{BR}_F)\).

Let \( p \) be a thread that is regular over \( A \). We may assume that \( p \) is produced by a PGLD\(_{\mathit{mr}}\) program \( P' \) of the following form:

\[
+a_1: \#\#(3 \cdot k_1 + 1): \#\#(3 \cdot k_1' + 1);
+
\vdots
+a_n: \#\#(3 \cdot k_n + 1): \#\#(3 \cdot k_n' + 1);
\#\#0: \#\#0: \#\#0: \#\#(3 \cdot n + 4),
\]

where, for each \( i \in [1, n] \), \( k_i, k_i' \in [0, n - 1] \) (cf. the proof of Proposition 2 from [9]). It is easy to see that the PGLD\(_{\mathit{mr}}\) program \( P \) that we are looking for can be obtained by transforming \( P' \); by making use of \( n \) Boolean registers, \( P \) can distinguish between different occurrences of the same basic instruction in \( P' \), and in that way simulate \( P' \). \( \square \)

10 Conclusions

Because process algebra is considered relevant to computer science, there must be programmed systems whose behaviours are taken for processes as considered in process algebra. In that light, we have investigated the connections between programs and the processes that they produce, starting from the perception of a program as a single-pass instruction sequence. We have shown that, by apposite choice of basic instructions, all regular processes can be produced by single-pass instruction sequences as considered in program algebra.

We have also made precise what processes are produced by threads that make use of services. The reason for this is that single-pass instruction sequences under execution are regular threads and regular threads that make use of services such as unbounded counters, unbounded stacks or Turing tapes may produce non-regular processes. An option for future work is to characterize the classes of processes that can be produced by single-pass instruction sequences that make use of such services.

References


