The Computer Journal

The Computer Journal Advance Access originally published online on August 22, 2007
The Computer Journal 2008 51(2):181-191; doi:10.1093/comjnl/bxm031

This Article Abstract FREE Full Text (PDF) All Versions of this Article: 51/2/181    most recent bxm031v2 bxm031v1 Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Add to My Personal Archive Download to citation manager Request Permissions Google Scholar Articles by Martins, M. A. Search for Related Content Social Bookmarking          What's this?

© The Author 2007. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissions@oxfordjournals.org

On the Behavioral Equivalence Between k-data Structures

Manuel A. Martins^*

Department of Mathematics, University of Aveiro, 3810-193 Aveiro, Portugal

^* Corresponding author: martins{at}mat.ua.pt

Received 28 February 2006; revised 1 May 2007

Throughout this paper we consider data structures as sorted algebras endowed with a designated subset of their visible part, which represents the set of truth values. The originality of our approach is the application of the standard abstract algebraic logic theory of deductive systems to the hidden heterogeneous case. We generalize the well-known equivalence relation between finite automata, which relies on the Nerode equivalence relation between states, to k-data structures. This is obtained via the Leibniz congruence, which can be viewed as a generalization of the Nerode equivalence in automata theory.

Key Words: data structures • behavioral equivalence • Leibniz congruence • Nerode equivalence • hidden logic

	1. INTRODUCTION

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
In the traditional algebraic approach to the specification of programs, sorted algebras are used to model the programs that manipulate several sorts of data. However, object-oriented (OO) systems constitute a challenge for traditional algebraic methods. They, very often, provide mechanisms to encapsulate internal data in order to make the updating of programs easier and, the internal data protected; the latter can be required by security reasons. Consequently, the data should naturally be split into two categories: the ones to which the user has direct access to (visible data) and those that the user only has access to by the meaning (output) of programs with visible output (hidden data).

In this work, we are interested in the study of a special relation between hidden data elements, called behavioral equivalence relation; intuitively, two hidden data elements are said to be behaviorally equivalent if the output over each program of visible range is the same when we use either element as input (this relation was introduced by Reichel [1]).

Observational techniques are very important in formal methods for verification and specification of programs. Indeed, given a specification, in order to prove the correctness of an abstract machine, we should forget its internal characteristics, since the intrinsic behavior should be examined only via programs with visible output.

Our approach to behavioral equivalence differs substantially from that adopted in most of the previous works in this area in the sense that it is greatly influenced by abstract algebraic logic (AAL). This is, in fact, the main novelty of our work. The AAL is an area of algebraic logic that focuses on the study of the relationship between logical equivalence and logical truth (cf. [2]). The AAL is centered on the process of associating a class of algebras to a logical system. This feature contrasts with the usual treatment given in pure algebraic logic where the emphasis is on the study of the class of algebras obtained by this process.

In order to apply the results and tools of AAL to the theory of specification of abstract data types, we have to look at the specification logic as a deductive system, i.e. as a substitution-invariant closure relation on an appropriate set of formulas. The class of deductive systems has to be expanded in order to include multisorted, as well as one-sorted systems, and to provide for the dichotomy ‘visible versus hidden’. We also have to be able to formulate, in this context, the behavioral equivalence as some generalized notion of the Leibniz congruence.

The notion of deductive system is generalized by considering the data to be heterogeneous and split into two kinds: the visible and the hidden ones. By a k-data structure we mean a collection of data items of different sorts, like lists, Booleans, numbers, etc., and operations involving them, together with a set of k-tuples of elements, as a set of generalized truth values, called a filter. The universe, which is a sorted algebra, is split into two disjoint sets, namely: the hidden part, which corresponds to the states of the associated state transition system and the visible part. There are also two different kinds of interpretation of the operation symbols: the attributes and the methods. The former return visible data and are used for observing the state of the system while the latter may represents changes of state. The k-data structures play an important role in the algebraic specification of OO programs. Namely, they are the natural models of generalized hidden k-logics (cf. [3, 4]). Hidden k-logics are useful mainly because they encompass not only the two-dimensional hidden and standard equational logics, but also the Boolean logics; these are one-dimensional multisorted logics with Boolean as the only visible sort, and with equality-test operations for some of the hidden sorts in place of equality predicates. They also include all assertional logics of the standard AAL.

Concerning the notion of Leibniz congruence, it has to be generalized by considering the distinctive characteristics of the OO paradigm. In [4], the authors proposed a general notion of Leibniz congruence. They showed that the Leibniz congruence coincides with the behavioral equivalence relation; thus, it is worth to explore this notion within the OO paradigm. The Leibniz congruence on an algebra A over a designated filter F, denoted by (F), is defined as the largest congruence on A compatible with F. A congruence relation on A is compatible with F if for all V VIS and for all , ' A_V^k, a_i a'_i (_V) for all i k, implies that ( F_V iff ' F_V). A useful property is the fact that the Leibniz congruence is preserved under inverse images of surjective homomorphisms. This allows us to generalize to k-data structures the characterization of the global behavioral equivalence relation between finite automata based on the well-known Nerode equivalence relation on the states of the automaton. Namely, we show that two k-data structures are equivalent (i.e. they have the same behavior) if and only if their quotients, under the respective Leibniz congruences, are isomorphic (Theorem 4.1).

	2. PRELIMINARIES

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
Let SORT be a nonempty set (the elements in SORT are called sorts). A nonempty finite sequence S₀, ... , S_n of sorts in SORT is called a type over SORT. We will write a type as S₀, ... , S_n–1 S_n. The set of all types is denoted by TYPE. From the beginning, we distinguish visible and hidden data by splitting, in the definition of signature, the set of sorts in the visible and the hidden part. A hidden (sorted) signature is a triple = SORT,VIS,OP, where SORT is a nonempty set of sorts, VIS is a subset of SORT, which we call the set of visible sorts and OP = OP : TYPE, where OP is a countable set of operation symbols of type . We call the sorts in SORT\VIS hidden sorts. We assume X = X_S:S SORT to be a fixed countable sorted set of variables. We define the sorted set Te(X) of terms (or formulas) in the signature as usual. We say that a term t is a ground term (or a variable-free term) if it does not have variables. We say that a hidden signature is standard if there is a ground term of each sort.

2.1. Sorted algebra
By a -algebra (or simply an algebra, if is clear from the context), we mean a pair A = A_S : S SORT, OP^A : TYPE, where A_S is a nonempty set for each S SORT and, for each TYPE ( = S₀, ... , S_n–1 S_n), OP^A = O^A: O OP, where O^A is an operation on A of type , that is O^A : A_S0 x ··· x A_Sn–1 A_Sn. Throughout this paper, we assume that A_S , for all S SORT. With this assumption, we exclude some data structures of practical interest. However, the meta-mathematics is simpler in this case and most results of universal algebra hold in their usual form. More generally, the assumption holds automatically if is standard.

We define, in the usual way, the operations in Te(X) to obtain the term algebra over the signature , which we denote by Te(X). It is well known that Te(X) has the universal mapping property over X in the sense that, for every -algebra A and every sorted map h : X A, called an assignment, there is a unique sorted homomorphism h* : Te(X) A which extends h. In the sequel, we will not distinguish between these two maps. A map from X to the set of terms, and its unique extension to an endomorphism of Te(X), is called a substitution. Since X is assumed fixed throughout the paper, we normally write Te in place of Te(X); moreover, we may write simply Te when is clear from the context.

Example 2.1. (Flags)
The hidden signature of flags, _flags, is the signature used to specify the semaphore systems. These systems are used to schedule resources in the following way: we associate a flag to each resource. When a resource is being used by some process, its flag is set to position ‘up’ to indicate forbidden access. After being used, its flag is set to position ‘down’, which means that the resource is available to be used by another process. The user does not have access to the flag itself (i.e. flag is a hidden sort). The only access is through the operation up?, which is used to test the state of the semaphore and gives a boolean value. In case of the implementation, which has the boolean part the two-boolean algebra, the result of up? is true or false with the meaning that the resource is available or not, respectively. The hidden operations are up, dn and rev. The operations up and dn fix the position of the flag ‘up’ and ‘down’, respectively, and rev reverses the flag's position (cf. Figs. 1 and 2).

View larger version (15K): [in this window] [in a new window] [Download PowerPoint slide]   FIGURE 1. Hidden signature of flags.

 

View larger version (16K): [in this window] [in a new window] [Download PowerPoint slide]   FIGURE 2. Diagram of flags.

 

Example 2.2. (Sets)
The hidden signature _sets has three sorts: set, elt and bool, with elt and bool as the visible sorts. The visible operations are the operations for the booleans: true, false, ¬, and . The hidden operations are the constant empty to represent the empty set; and union, & and neg to represent the set theoretical union, intersection and complement, respectively. The action of adding an element to a set is represented by add and, in is the operation symbol used to test whether an element belongs to a set; i.e., in (e, X) expresses that ‘e is in X’ (cf. Figs. 3 and 4).

View larger version (15K): [in this window] [in a new window] [Download PowerPoint slide]   FIGURE 3. Hidden signature of sets.

 

View larger version (24K): [in this window] [in a new window] [Download PowerPoint slide]   FIGURE 4. Diagram of sets.

 

Example 2.3. (Stacks)
The signature of the stacks of natural numbers, _stacks, may be described in the following way. There are two sorts: stack and nat, with nat the only visible sort. The visible operations s and zero are the usual successor and the zero of the natural numbers. The hidden operations are top, pop and push, which compute the first element of a stack, take the top element off the stack and add a natural to the stack, respectively (cf. Figs. 5 and 6).

View larger version (12K): [in this window] [in a new window] [Download PowerPoint slide]   FIGURE 5. Hidden signature of stacks.

 

View larger version (17K): [in this window] [in a new window] [Download PowerPoint slide]   FIGURE 6. Diagram of stacks.

 
To provide a context that allows us to deal simultaneously with specification logics that are sentential (for example, logics with a Boolean sort) and equational, we introduce the notion of a k-term for any non-zero natural number k (cf. [3]). A k-term of sort S over is just a sequence of k -terms, all of the same sort S. We indicate k-terms by overlining, : S = ₀ : S, ... , _k–1 : S. When we do not want to make the common sort of each term of explicit, we simply write it as . Te^k is the sorted set of all k-terms over ; i.e. Te^k = Te_S^k : S SORT. The set of all visible k-terms (Te^k)_VIS is the set (Te^k)_V : V VIS. A k-variable is the special k-term consisting of k distinct variables x₀ : S, ... , x_k–1 : S all of them of the same sort.

Recall that for every algebra A over and every assignment h : X A, there is a unique homomorphism h* : Te A which extends h. We also define a map * : Te^k A^k by *() : =*(₀, ... , _k–1) : =h*(₀), ... , h*(_k–1). In the sequel, if it is clear from the context, we will denote all these maps by the same symbol h.

2.2. Data structures
By a k-data structure we mean a collection of data items of different sorts, like lists, booleans, numbers, etc., and operations involving them. Some of the data items are considered hidden in the sense that we do not have direct access to them. In our approach, a k-data structure is endowed with a set of generalized truth values, called a filter (the term filter comes from the one sorted case in the AAL field).

Definition 2.1
A visible k-data structure (or simply a k-data structure) over is a pair = A, F, where A is a -algebra and F A_VIS^k : = A_V^k : V VIS. A is called the underlying algebra of and F is called the designated filter of .

An example of a two-data structure is any model of the free hidden equational logic over (HEL) (cf. [4]). The standard model of HEL is of the form A, id_AVIS, where A is a -algebra and id_AVIS is the identity relation on the visible part of A. One gets more general two-data structures as models by taking any congruence relation on the visible part of A in place of id_AVIS. We can also consider the free Boolean logic over if, it has a Boolean sort and it is the only visible sort. Here the standard models are the one-data structures A, {true}, where A is a -algebra such that A_VIS is the two-element Boolean algebra. In a general model, A_VIS is an arbitrary Boolean algebra and {true} is replaced by an arbitrary filter on A_VIS.

Example 2.4. (Flags—revisited I)
A two-data structure over _flags is a pair consisting of a _flags-algebra and a subset of pairs of the boolean domain. An example is = A, F, where A is defined having carrier set the sorted set A = A_bool, A_flag, with A_bool = B₂ : ={true, false} and A_flag = {U, U', D} and the operations are defined by:

up^A(U) = up^A(U') = up^A(D) = U;

dn^A(U) = dn^A(U') = dn^A(D) = D;

rev^A(U) = rev^A(U') = D; rev^A(D) = U;

up^A?(U) = up^A?(U') = true and up^A?(D) = false.

We take the usual Boolean operations of the two-element Boolean algebra B₂ and the filter the set F = {true, true, false, false}A_bool².

Example 2.5. (Sets—revisited)
This is a more interesting example since there are two visible sorts involved. Let B_elt be a nonempty set of elements. Then we define B_set (B_elt), the set of all subsets of B_elt, and B_bool : ={true, false}.

Let B be the sorted set B_set, B_elt, B_bool. We endow B with the structure of a _sets-algebra by interpreting the operation symbols in _sets, in a natural way.

empty^B =

union^B(C₁, C₂) = C₁ C₂; add^B(e, C) = {e} C;

neg^B(C) = B_elt\C; &^B(C₁, C₂) = C₁ C₂;

true^B = true; false^B = false;

¬^B = ¬; ^B = ; ^B =

Let F = {true, true, false, false}, E, where E is a fixed equivalence relation on B_elt. Thus, = B, F is a two-data structure over _sets.

2.3. Leibniz congruence
Let A, F be a k-data structure over a hidden signature . A congruence relation on A is VIS-compatible (or simply compatible) with F if for all V VIS and for all , 'A_V^k a_i a'_i (_V) for all i k, implies that, F_V iff ' F_V. Equivalently, we have that is compatible with F if and only if for every V VIS, F_V is the union of a cartesian product of _V-classes. If a congruence is compatible with F, then any congruence that is contained in is also compatible with F. But being compatible with F does not imply that is compatible with any G contained in F. However, if is compatible with each member of a set U of filters then it is compatible with its intersection U. The fact that a congruence is compatible with F also does not imply that it is compatible with any G that contains F. It is not difficult to see that the largest congruence compatible with F always exists (cf. [3]).

Definition 2.2. (Leibniz congruence)
Let = A, F be a k-data structure over a hidden signature . Then the Leibniz congruence on A over F is the largest congruence relation on A compatible with F. We denote it by _A(F), or simply (F) when A is clear from the context.

We use the term ‘Leibniz congruence’ since this notion generalizes the analogous concept from the one-sorted case. The Leibniz congruence plays a central role in our research. The term was introduced in [5], but the concept appeared much earlier in the context of AAL. In the one-sorted case it has extensively been investigated (cf. [2, 5]).

Bidoit et al. in [6] consider the algebras as being endowed with a congruence that can be viewed as the Leibniz congruence on the equality models over the identity filter. Goguen and Malcolm in [7] also study this congruence for equality models.

We say that a k-data structure = A, F is reduced if (F) is the identity congruence on A.

Example 2.6. (Nerode Equivalence)
It is well known that any finite automaton can naturally be presented as a multi-algebra. However, Blok and Pigozzi pointed out that they are even more naturally viewed as one-data structures (cf. [8]). Let = {s}, where is a finite set of operations symbols and s is a constant. Let A be an one-sorted algebra over . An one-data structure = A, F is called a -automaton. The elements of A are called states of , s^A is the start state and F is the set of final states. The symbols in are called input symbols and their interpretations on A are the state transition functions of the automaton. It is not difficult to see that the Nerode equivalence relation coincides with the Leibniz congruence on A over F. Note that the related notions of language accepted and minimal automaton may be naturally formulated in this context.

Example 2.7. (Flags—revisited II)
Let = A, {true, true, false, false} be the two-data structure given in Example 2.4. The Leibniz congruence on A over F = {true, true, false, false} is the relation R, with R_flag = {U, U, U, U', U', U, D, D}, and R_bool = {true, true, false, false}. It is easy to see that R is a congruence compatible with F, so we only need to prove that it is the largest one. This can be done by noting that if we add any other pair to R the obtained generated congruence is no longer compatible with F.

Let A be an algebra, (x₀ : T₀, ... , x_n–1 : T_n–1) a k-term and a₀ A_T0, ... , a_n–1 A_Tn–1. Then, we denote by ^A(a₀, ... , a_n–1) the value that takes in A, when the variables x₀, ... , x_n–1 are interpreted, respectively, by a₀, ... , a_n–1. More algebraically, ^A(a₀, ... , a_n–1) = h(), where h : X A is any assignment such that h(x_i) = a_i for all i < n.

A (visible) k-context over is a (visible) k-term (z : S, x₀ : T₀, ... , x_m–1 : T_m–1) : V Te^k(X), with a distinguished variable z of sort S and parametric variables x₀, ... , x_m–1.

A systematic study of the properties of the Leibniz congruence in hidden k-logics can be found in [3]; in particular a proof of the following characterization of the Leibniz congruence can be found there.

Theorem 2.1. [4]
Let be a hidden signature and let = A, F be a k-data structure over . Then, for every S SORT and for all a, a' A_S, a a'((F)_S) iff, for every visible k-context (z : S, u₀ : T₀, ... , u_m–1 : T_m–1) : V and for all b₀ A_T0, ... , b_m–1 A_Tm–1, ^A(a, b₀, ... , b_m–1) F_V iff ^A(a', b₀, ... , b_m–1) F_V.

In two-data structures, the filters are themselves sets of pairs, so a strict relationship between them and their Leibniz congruence can be established (cf. [3]). As an example we have the following proposition.

Proposition 2.1
Let = A, F be a two-data structure and let be a congruence on A. Then,

1. is compatible with F iff _VIS F _VISF;
   
2. If F is reflexive (on A_VIS) and transitive then is compatible with F iff _VIS F.
   

Let A be an algebra and C A². The congruence generated by C in A is the smallest congruence on A that contains C; it will be denoted by (C).

Given a two-data structure = A, F with F reflexive (on A_VIS) and transitive, if (F {a, a'})_VIS = F, then, from (2) of Proposition 2.1, (F {a, a'}) is compatible with F. Hence, (F {a, a'}) (F). Therefore, a a' ((F)).

	3. HOMOMORPHISMS AND PRODUCTS

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
Let be a hidden signature and, = A, F and = B, G be k-data structures over . We say that is a k-data substructure of , in symbols , if A is a subalgebra of B and G A_VIS^k = F. Let h be a sorted homomorphism from the algebra A into the algebra B; we say that h is a data structure homomorphism from to if h(F)G, or equivalently, if Fh^–1(G), and we denote it by h : . If F = h^–1(G), then h is said to be strict. We say that h is surjective if it is surjective as a sorted map and we write h : ; h is said to be injective if it is injective as a sorted map and h(F) = G h(A^k), i.e. h^–1(G) = F, and we write h : . We say that h is a data structure isomorphism if it is injective and surjective, i.e. h is an algebra isomorphism and h(F) = G. In this case, we write .

We define the direct product of the family (_i)_iI of k-data structures to be the k-data structure _{iI i} = _iI A_i,_iIF_i, where _iIA_i is the direct product of the family of algebras (A_i)_iI and _iIF_i = _iI (F_i)_V : V VIS. The index set I may be empty; in this case _iIA_i is the trivial one-element algebra. A k-data substructure of _iIi is called a subdirect product of the family (_i)_iI, in symbols _{SD iIi}, if the homomorphism projection _i : B A_i is surjective for every i I.

One of the main properties of the Leibniz congruence is its preservation under inverse images of surjective homomorphisms.

Lemma 3.1. [4]
Let = A, F be a k-data structure over , B a algebra and h : B A a surjective homomorphism. Then h^–1(_A(F)) = _B(h^–1(F))).

If = A, F is a k-data structure over and is a congruence on A compatible with F, then we can consider the quotient of by , / : =A/, F_V/_V : V VIS, where F_V/_V = {a₀/_V, ... , a_k–1/_V : a₀, ... , a_k–1 F_V}. We should note that the compatibility condition means that a₀/_V, ... , a_k–1/_V F_V/_V if and only if a₀, ... , a_k–1 F_V. If = (G) for some filter GA_VIS^k, then we can simply write /G = A/(G), F/(G). The special case when is (F), the quotient /F is called the reduction of and it is denoted by *. Bidoit et al. call the reduction of the black box view of (cf. [6]). It was proved in [4] that the quotient of any k-data structure by the Leibniz congruence is always reduced. It is also easy to see that the natural homomorphism h : A A/(F) is a data structure homomorphism. In fact, it is a strict homomorphism. Hence, if is itself reduced then *.

The following theorem states that the natural generalization of the homomorphism theorem holds for k-data structures.

Theorem 3.1. (Homomorphism theorem)
Let = A, F and = B, G be k-data structures in the same signature and let h : be a strict surjective data structure homomorphism. If is reduced, then * .

Proof
Since h is strict, F = h^–1(G). Thus /F = A/(h^–1(G)), h^–1(G)/(h^–1(G)). We know that (F) = (h^–1(G)) = h^–1((G)) = h^–1(_B) = ker(h); the third equality holds because is reduced.

Then by the homomorphism theorem for sorted algebras h* : A/(h^–1(G)) B, defined by h*(a/(h^–1(G))) : =h(a) is an algebra isomorphism. It remains to prove that it is a data structure isomorphism between /(h^–1(G)) and ; that is, h*(h^–1(G)/(h^–1(G))) = G. By definition of h*, h*(h^–1(G)/(h^–1(G))) = h(h^–1(G)). Since h is onto, h(h^–1(G)) = G.

A more general version of this theorem can be formulated. It applies to arbitrary k-data structures: if and are possibly non reduced k-data structures and h : is a surjective data structure morphism, then /h^–1(G) *. This result can be shown as a corollary of Theorem 3.1 and it points out the importance of being reduced in the hypothesis of the theorem.

The Birkhoff's subdirect representation also holds when restricted to the class of reduced k-data structures. The proof is similar to that of the one sorted case (cf. [8]).

Theorem 3.2
A reduced k-data structure = A, F is isomorphic to a subdirect product of a family of reduced k-data structures _i = B_i, G_i, i I iff there are F_iA_VIS^k, i I, such that

1. _iI F_i = F
   
2. /F_{i i},i I.
   

Proof
Suppose that _SDiIi. Define, for each i I, F_i = _i^–1(G_i), where _i : A B_i is the projection homomorphism. By definition of k-data substructure, F = _iIG_i A^k. This implies that F = _iIF_i.

Since the projection homomorphisms are surjective and each _i is reduced, from the Homomorphism theorem (2) holds.

To prove the reciprocal, suppose that there are F_i, i I, F_iA_VIS^k such that (1) and (2) hold. Define the map h : A _iI/(F_i) by h(a) = a/(F_i) : i I. We have that _iI(F_i) is compatible with _iIF_i = F. Since is reduced, (F) = _A and, thus _iI(F_i) = _A.

Then h is a subdirect embedding of A in _iIA/(F_i), as algebras. Moreover, h(F) = (_iIF/(F_i)) h(A). That is, h(A), h(F) is a subdirect product of the family (_i)_iI.  

	4. GLOBAL BEHAVIORAL EQUIVALENCE

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
In this section, we consider a relation on the class of k-data structures upon which lies the general idea of behavioral equivalence between k-data structures described in Section 1. We will call such a relation global behavioral equivalence. Actually, this relation generalizes the notion of automata equivalence in automata theory (cf. [9, 10]). We show that two k-data structures are behaviorally equivalent if and only if their reductions (the quotients by their Leibniz congruence relations) are isomorphic (cf. Theorem 4.1).

Definition 4.1. [11]
Let = A, F and = B, G be two k-data structures over a hidden signature . We say that is globally behaviorally equivalent to , in symbols _beh, if there is a sorted set of variables Y and there are surjective assignments : Y A and : Y B (here Y may be uncountable to guarantee that and are surjections) such that for every visible k-term (Te(Y)^k)_VIS

It is straightforward to show that the global behavioral equivalence between k-data structures is an equivalence relation on the class of all k-data structures over . If _beh, we sometimes say that and have the same ‘behavior’.

Given two globally behaviorally equivalent k-data structures = A, F and = B, G, we can define a relation between their universes (which is usually called bisimulation) in the following way. Let :Y A and : Y B be the mappings that witness the equivalence between and . Then the bisimulation relation between and is the relation R A x B defined by R_S = {(y),(y) : y Y_S}.

Just as the Leibniz congruence can be viewed as a generalization of the relation of Nerode equivalence in automata theory (Example 2.6), the global behavioral equivalence of k-data structures may be seen as a generalization of the equivalence of finite-state machines.

The following theorem generalizes the characterization of equivalence between finite automata. It states that two k-data structures have the same behavior if and only if their quotients, under the respective Leibniz congruences, are isomorphic.

Similar results have been established in the context of hidden equational logics and observational logics (cf. Hennicker [12] and, Hofmann and Sannella [11]). Our result is more general since it applies to any hidden k-logic.

Theorem 4.1
Two k-data structures and are globally behaviorally equivalent if and only if * *.

Proof
Assume _beh . Let :Y A and :Y B be the witness assignments.

We claim that:

Claim
There is an algebra epimorphism from A onto B/G.

In fact, let us define h : A B/G by

where t is such that a = (t). Such t always exists since is surjective.

First we prove that the map h is well defined. That is, if t and t' are such that a = (t) = (t'), then (t)/(G) = (t')/(G). Let t and t' be terms such that

(1)

We have that the congruence generated by (^–1((F))) is compatible with G. Indeed, since is surjective, is the transitive closure of (^–1((F))). Hence, it is enough to prove that (^–1((F))) is compatible with G because if this is the case, obviously the transitive closure is also compatible with G.

Suppose that G and ((^–1((F))^k). Then there are _i, _iTe(Y) such that a_i = (_i), b_i= (_i), i < k and (^–1((F))^k). Then,

(2)

Since by hypothesis = () is in G, () F. Therefore, by compatibility, equation (2) implies () F. And, again by the definition of behavioral equivalence we have that = () G.

From equation (1), we have that (t) (t') (). In fact, since (t) = (t'), t t'(^–1((F))). Hence, (t) (t')((^–1((F)))). Thus, since (^–1((F))) is compatible with G, (t) (t') ((G)).

It is easy to see that h is surjective, because is surjective. To prove that h is an algebra homomorphism let O be an operation symbol in of type S₀,... , S_n–1 S_n and a₀,... ,a_n–1 A_S0 x ···x A_Sn–1. For each i < n, there is a term t_i such that h(a_i)= (t_i)/(G) with (t_i) = a_i.

On the other hand,

Moreover,

Thus,

In order to use the homomorphism theorem for k-data structures we only have to show that h is a strict data structure homomorphism.

Let F. Then h() = ()/(G), where f_i = (_i) i < k (note that, for every A^k and any congruence , / denotes a₀/, ... ,a_k–1/). So () G, by hypothesis. Hence, h(F) G/(G). That is, h is a data structure homomorphism.

Let now G/(G). Hence, = /(G) for some G. Since is surjective, for each i < k there is a _i such that (_i) = g_i. Let (₀), ... , (_k–1). We have that F, because (₀), ... ,(_k–1) = G. Moreover, h(f_i) = (_i)/(G) =g_i/(G). Thus, h() = /(G). Therefore, h^–1(G/(G)) = F. That is, h is strict.

Since /G is reduced, by the Homomorphism Theorem, we have that /F is isomorphic to /G.

To prove the reciprocal implication in the theorem, assume /F /G. Let i : /F /G be a data structure isomorphism. Suppose that A and B are disjoint (if not, replace them by disjoint isomorphic copies). Take Y to be the set of variables defined by Y = {y_a:a A} {y_b:b B}.

For each b B, we choose a_b A such that i(a_b/(F)) = b/(G) and for each a A we choose b_a B such that i(a/(F)) = b_a/(G).

Define assignments and in the following way:

• : Y A by
  

  
  

• :Y B by
  

  
  

By definition of isomorphism, we have

On the other hand, it can be proven, by induction, that for every Te(Y),

(3)

Now we are going to prove that () F () G. Let () F. Then ()/(F) F/(F). Hence, i(()/(F)) i(F/(F)). Since i is a data structure isomorphism, i(()/(F)) G/(G).

By equation (3), ()/(G) G/(G). That is, () g((G)^k), for some g G. Therefore, by compatibility, () G.

Let () G. Then ()/(G) G/(G). Hence, i^–1(()/(G)) F/(F). By equation (3), ()/(F) F/(F). So, there exists f F such that () f ((F)^k). By compatibility, () F.

In the literature, e.g. [11], an equivalence relation on the class of all k-data structures over a fixed signature such that for all k-data structures and , implies * *, is called behaviorally factorizable.

	5. HIDDEN LOGIC

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
As it is usually adopted in sentential logic frameworks, we will refer to k-formulas as a synonymous of k-terms. A finite k-sequent is a finite sequence of k-formulas ₀:S₀, ... ,_n–1: S_n–1,_n:S_n that we write in the following form:

(4)

If all the k-formulas ₀,... ,_n in the k-sequent are visible k-formulas, then we call it a visible k-sequent.

The set F of a given k-data structure = A, F is understood to represent the set of ‘truth values’ of . With this meaning in mind, the following definitions of some semantic concepts will seem more natural.

A visible k-formula :V is said to be a semantic consequence in of a set of visible k-formulas , in symbols , if, for every assignment h:X A, h() F_V whenever h() F_W for every :W . A visible k-formula is a valid k-formula, or simply a validity, of , and conversely is a model (or a correct abstract machine) of , if . A visible k-sequent such as equation (4) is a valid rule, or simply a validity, of , and conversely is a model of the k-sequent, if {₀,... ,_n–1} _n.

A visible k-formula is a semantic consequence of in an arbitrary class K of k-data structures over , in symbols _K , if for each K. Similarly, a k-formula or rule is a validity of K if it is a validity of each member of K.

In our approach, the underlying logics used to specify computational systems, which we call hidden k-logics, have been defined as abstract closure relations on the set of visible k-formulas (cf. [4]). Specifically, a hidden k-logic is a pair = ,, where is a hidden signature and is a substitution-invariant closure relation on the set of visible k-formulas, called the consequence relation of . This consequence relation may be finitary or not. It is said to be finitary just in case it admits a presentation by axioms and inference rules, in the usual Hilbert style. In this case, is said to be specifiable. An -theory of a hidden k-logic is a set of visible k-formulas that are closed under the consequence relation . The set of all -theories is denoted by Th(); it forms an lattice under set inclusion. An important hidden two-logic is the hidden equational logic, where it is considered only a primitive notion of equality between visible data. It is defined by the reflexivity, symmetry, transitivity and congruence rules, as a sorted equational logic, but only on the visible part (cf. [4]).

The following proposition states that for any class K of k-data structures _K is always a hidden k-logic.

Proposition 5.1
Let K be a class of k-data structures, all of them over the same hidden signature . Then _K is a hidden k-logic.

Proof
The proof that _K is a closure relation is straightforward. To prove that _K is substitution-invariant, assume that _K and let : X Te. Let K and h : X A be an assignment. First notice that h* : X A is an assignment such that (h* )* = h* * (here we distinguish between the substitutions and the assignments and their unique extensions to clarify the argument). Since we are assuming _K , . Assume now that h*(*())F. Thus, (h* )())F. That is, h*(*())F. So, *() *().

is a model of a hidden k-logic if every consequence of is a semantic consequence of ; i.e. implies . The class of all models of is denoted by Mod(). If is a specifiable hidden k-logic, presented by a set of axioms and rules of inference, then is a model of if and only if every axiom and every rule of inference of is a validity of . The Completeness theorem holds for hidden k-logics, i.e. for any hidden k-logic and every {}(Te^k)_VIS, iff _Mod() (cf. [3]).

A k-data structure = A, F is a behavioral model of (reduced model in the AAL sense) if it is reduced and a model of . The class of all behavioral models is denoted by Mod*(). Bidoit et al. call this class of models, in the context of observational logics, black box semantics (cf. [6]). In [13], the author presents an exhaustive study of the class of behavioral models by relating closure properties with classifications of the axiomatization it admites.

Example 5.1. (Stacks—revisited I)
The standard algebra of stacks of natural numbers is the following sorted algebra.

S_nat= , S_stack = {a₀,... , a_n–1 *: a₀ 0 if n 0}; i.e. S_stack is the set of all finite sequences of natural numbers such that the first element of the sequence is non-zero if the sequence is nonempty. The interpretation of the constant zero, zero^S and the interpretation of the constant empty, empty^S are 0 and the empty sequence ,‘empty stack’, respectively; and s^S is the successor operation on the natural numbers. The remaining operations are defined as follows.

Note that push^S(,0) = ; i.e. the empty stack absorbs 0 if it is pushed on it, and pop^S() = , and top^S()= 0. We take this non-standard definition of the standard stack algebra because all operations have to be total and we want to avoid introducing special error elements for simplicity.

The two-data structure = S,id_Snat is a model of the logic of stacks (cf. [3]). Moreover, it can be shown, by making the use of the equivalence system for stacks (cf. [13]), that it is a behavioral model.

Proposition 5.2
Let = A, F and = B, G be k-data structures over and f : a strict surjective homomorphism from onto . Then

1. For each (Te^k)_VIS and all h : X A, h() F iff f(h()) G.
   
2. For all {} (Te^k)_VIS, iff .
   

Proof

1. Assume h() F. Hence, f(h()) f(F). Since f is a homomorphism f(F)G, and then f(h()) G. Suppose now that f(h()) G. Thus, h() f^–1(G) = F, since f is strict.
   
2. Assume and let h:X A be any assignment in A such that h() F for each . Hence, by Condition (1) f(h()) G, for each . Then, by hypothesis, f(h()) G, and thus h() F. So, . Assume conversely that and let h : X B be any assignment such that h() G for each . Since f is surjective, there is an assignment g : X A such that fg = h. Then, f(g()) = h() G, and g() F, for each . So, g() F and h() = f(g()) f(F) = G. Thus, .
   

As a consequence of this theorem we have that and * are models of the same k-sequents, or have the same valid rules, since the natural homomorphism from to ^* is strict. Moreover, if _beh then and have the same valid rules.

Corollary 5.1
Let and be two k-data structures. If _beh then and have the same valid k-sequents.

Proof
This is an immediate consequence of the fact that under the assumption that _beh we have, by Theorem 4.1, that * and * are isomorphic, which implies that they have the same valid k-sequents.

From this corollary, we can easily conclude that Mod() is closed under behavioral equivalence _beh.

	6. CONCLUSIONS AND RELATED WORK

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
This generalization of the AAL theory, which allows the introduction of multisorts and accommodates the dichotomy ‘visible versus hidden’, is relevant in its own right. Moreover, it is recognized that its application to the OO paradigm has been very successful; several results have been obtained using AAL methods (cf. [3, 4, 13, 14]). Furthermore, this new bridge between the AAL and the specification and verification theory of programs has an enormous potencial for new developments.

Hidden k-logics, as a natural generalization of deductive systems, were introduced by Martins and Pigozzi [4]. The theory was developed in [3], where the improvements concerning specification and verification of programs were established using tools from AAL. The theory of hidden k-logics provides a unified treatment for several logical systems such as assertional logics, Boolean logics (one-dimensional multisorted logics with Boolean as the only visible sort, and with equality-test operations for some of the hidden sorts in place of equality predicates), equational and inequational logics and the corresponding hidden versions of all of these.

A similar notion to our concept of bisimulation, called homomorphism relation, was used by Leavens and Pigozzi to study the behavioral subtyping in models of hidden equational logic having the same visible part and with filters being the identity relation on the visible part; i.e. over fixed data semantics (cf. [15, 16]). This relation has also been studied in other contexts: (1) Casanovas et al. examined in [17] this relation in the context of equality-free logics. They called the relation by relativeness correspondence. (2) Malcolm studied bisimulation in the coalgebra field (e.g. [18]). He assumed that the visible part is fixed at the signature level and that there are restrictions with respect to the operation symbols in order to be able to deal with models as coalgebras; namely, the methods have to have at most one hidden argument. (3) Hofmann and Sannella presented in [11] a similar result to our Theorem 4.1 but they dealt exclusively with the hidden equational case, i.e. they analyzed the bisimulation relation for ordinary two-data structures.

All of these approaches, as well as ours, may be seen as a generalization of Schoett's technique (cf. [19]). He argued that an algebra A may be used in place of another algebra B without exhibiting surprising behavior, if the two algebras are behaviorally equivalent in the sense that any program that is run in both the two algebras yields the same output. He made the additional assumption that only visible data can be legitimate output of programs. Moreover, he proved that the existence of a bisimulation between A and B is both necessary and sufficient for A being behaviorally equivalent to B.

Our results differ from the ones listed above since they hold for any hidden k-logic, while the previous results are restricted to observational logic, or to hidden equational logic or to equality-free logics. Moreover, our k-data structures are endowed with a set of truth values in order to be part of hidden k-logic semantics. Behavioral equivalence appears as the largest congruence compatible with the set of truth values in opposition to the other cases where behavioral equivalence is part of the data structure. Actually, this approach seems to us to be the most appropriate way to deal with OO systems: the k-data structures should be viewed as abstract machines satisfying some visible properties (expressed by axioms) and whose behavior is elicited by testing the behavior of the abstract machine under the ‘experiments’.

	ACKNOWLEDGEMENTS

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
The author would like to thank the referees for their comments that improved the quality of this paper and, Don Pigozzi and Isabel Ferreirim for some fruitful discussions concerning this work.

	NOTES

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 
This research was supported by Fundação para a Ciência e a Tecnologia (Portugal) through Unidade de Investigação Matemática e Aplicações of University of Aveiro.

	REFERENCES

TOP 1. INTRODUCTION 2. PRELIMINARIES 3. HOMOMORPHISMS AND PRODUCTS 4. GLOBAL BEHAVIORAL EQUIVALENCE 5. HIDDEN LOGIC 6. CONCLUSIONS AND RELATED... ACKNOWLEDGEMENTS NOTES REFERENCES

 

[1] Reichel H. Behavioural validity of conditional equations in abstract data types. (1985) Contributions to general algebra 3. Proc. Conf., Vienna 1984, June. Teubner, Stuttgart: Verlag B.G. 301–324.

[2] Pigozzi D. Abstract algebraic logic. In: Encyclopedia of Mathematics, Supplement III—Hazewinkel M., ed. (2001) Dordrecht: Kluwer Academic Publishers. 2–13.

[3] Martins M. Behavioral reasoning in generalized hidden logics. In: PhD Thesis (2004) University of Lisbon, Faculdade de Ciências.

[4] Martins M., Pigozzi D. Behavioural reasoning for conditional equations. In: Math. Struct. in Comp. Science (2007) 17(5):1075–1113.

[5] Blok W., Pigozzi D. Algebraizable logics. Mem. Am. Math. Soc. (1989) 77(396).

[6] Bidoit M., Hennicker R., Wirsing M. Behavioural and abstractor specifications. Sci. Comput. Program. (1995) 25:149–186.[CrossRef]

[7] Goguen J., Malcolm G. A hidden agenda. Theor. Comput. Sci. (2000) 245:55–101.[CrossRef]

[8] Blok W., Pigozzi D. Algebraic semantics for universal Horn logic without equality. In: Res. Expo. Math—Romanowska A., Smith J.D.H., eds. (1992) 19. Universal algebra and quasigroup theory, Lect. Conf, 1989. Berlin: Heldermann Verlag. 1–56.

[9] Denecke K., Wismath S. Universal Algebra and Applications in Theoretical Computer Science. (2002) Boca Raton, FL: Chapman and Hall/CRC.

[10] Hopcroft J., Ullman J., Motwani R. Introduction to Automata Theory, Languages, and Computation (2001) 2nd ed. Reading, MA: Addison-Wesley.

[11] Hofmann M., Sannella D. On behavioural abstraction and behavioural satisfaction in higher-order logic. Theor. Comput. Sci. (1996) 167:3–45.[CrossRef]

[12] Hennicker R. Structural Specifications with Behavioural Operators: Semantics, Proof Methods and Applications (1997) Habilitationsschrift. Institut für Informatik, Ludwig-Maximilians-Universität München.

[13] Martins M. Closure properties for the class of behavioral models. Theor. Comput. Sci. (2007) 379(1–2):53–83.[CrossRef]

[14] Martins M. Behavioral institutions and refinements in generalized hidden logics. J. Univers. Comput. Sci. (2006) 12(8):1020–1049.

[15] Leavens G., Pigozzi D. The behavior-realization adjunction and generalized homomorphic relations. Theor. Comput. Sci. (1997) 177:183–216.[CrossRef]

[16] Leavens G., Pigozzi D. A complete algebraic characterization of behavioral subtyping. Acta Inf. (2000) 36:617–663.[CrossRef]

[17] Casanovas E., Dellunde P., Jansana R. On elementary equivalence for equality-free logic. Notre Dame J. Form. Log. (1996) 37:506–522.[CrossRef]

[18] Malcolm G. Behavioural Equivalence, Bisimulation, and Minimal Realisation. Magne Haveraaen, Olaf Owe, Ole-Johan Dahl, eds. (1996) Recent Trends in Data Type Specifications. 11th Workshop on Specification of Abstract Data Types 1995, September. 359–378.

[19] Schoett O. Behavioural correctness of data representations. Sci. Comput. Program. (1990) 14:43–57.[CrossRef]

CiteULike    Connotea    Del.icio.us    What's this?

This Article Abstract FREE Full Text (PDF) All Versions of this Article: 51/2/181    most recent bxm031v2 bxm031v1 Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Add to My Personal Archive Download to citation manager Request Permissions Google Scholar Articles by Martins, M. A. Search for Related Content Social Bookmarking          What's this?

Online ISSN 1460-2067 - Print ISSN 0010-4620

Copyright © 2009 British Computer Society

Oxford Journals Oxford University Press

• Site Map
• Privacy Policy
• Frequently Asked Questions

Other Oxford University Press sites: Oxford University Press Oxford Journals China Oxford Journals Japan American National Biography Booksellers' Information Service Children's Fiction and Poetry Children's Reference Corporate & Special Sales Dictionaries Dictionary of National Biography Digital Reference English Language Teaching Higher Education Textbooks Humanities International Education Unit Law Medicine Music Online Products Oxford English Dictionary Reference Rights and Permissions Science School Books Social Sciences Very Short Introductions World's Classics