Nondeterministic semantics of compound diagrams

We presented a unified description of flow control and single 
steps of a program is given to obtain flexible definitions of 
algebraic manipulations. This is achieved by using the notion of 
relational diagram. We show how the notion of relational diagram, 
introduced by Schmidt, can be used to give a demonic definition 
for a wide range of programming constructs. It is shown that the 
input-output relation of a compound diagram is equal to that of 
the diagram in which each sub-diagram has been replaced by its 
input-output relation. This process is repeated until elementary 
diagrams is obtained.


1.
Introduction. Programming languages, semantics describes the behavior that a computer follows when executing a program in the language. It gives the relationship between the input and output of a program. In other words, the semantics of the language will decide which sentences are meaningful and which are nonsense [4,29,22]. A basic idea of relational semantics is to let the "meaning" of a program statement be a relation connecting inputs (initial states) with outputs (final states).
The nondeterminism concept has been recognized as a vital component of designing programs and calculating their semantics [4,6,9]. Consider the following situation arising in programming. At a certain point further action depends on the choice between a number of alternatives, the method of choice between these alternatives is not directly specified by the programmer; the program must choose between the alternatives. A programmer specifies a limited number of alternatives, but the program must later choose between them ("Choose" is, in fact, a typical name for the nondeterministic programs).
Binary relations are suitable for nondeterministic programs language because a relation has the possibility to have many outputs so it can represent the input and output values of the program.
In the presence of nondeterminism, one can adopt an angelic view, by considering that a program produces a result when there is a possibility to do so or a demonic view, by considering that a program will produce no result when it is possible. During the execution of a program in an input state, the angelic semantics is the input/output relation obtained by considering the best execution of the program if there is a possibility to terminate it will terminate (like an angel it looks for the best). The angelic semantics corresponds to the choice that termination is guaranteed as long as termination is possible. The demonic semantics is the input/output relation by considering the worst execution of the program; if there is a possibility for the 1358 FAIROUZ TCHIER program not to terminate normally, then it will not terminate normally (like a demon it looks for the worst case). The nondeterminism is important because, for a computation to be successful all possible executions must lead to a successful result [2,3,6,9,46,47,48,49,50,51,52].
Graphs are usually used in computer science to represent programs, automata and Turing machines [11]. These graphs are composed of vertices connected by oriented arcs. Vertices represent control nodes and arcs represent possible transitions of control between commands. Graphs have been used by many authors [16,27,34,40], where they were introduced with different purposes and defined in connection with the descriptions of algorithms or programs.
In a relational formalism, a graph is based on relational concepts : a representation relation of the graph, a set of vertices, an initial vertex and a final vertex. By using the same approach as above, we define a diagram as being a quadruple constructed of a relation, a set of partial identities disjoint from each other (they have a role identical to the vertices of a graph) and also of two particular partial identities characterizing the input and the output of the diagram.
By using these concepts, we show that we can extract from diagrams a binary input-output relation by considering their worst execution it is the demonic relational semantics.
We use the same approach as Schmidt and Ströhlein [42]; they defined a relational program as being a quintuple made of a situation graph, a flowgraph, a relational homomorphism, an input relation and an output relation (for more details see Chapter 10 in [42]). Schmidt and Ströhlein have used these notions to treat the total correctness and the partial correctness of programs.
Our approach uses demonic operations. The operators ∨ and • serve to give an angelic semantics. The demonic operators and do the opposite, they are used to give the demonic semantics of nondeterministic programs. In this paper, we present an approach to analyze the termination properties of these programs. This paper is organized as follows. In Section 2, we present our mathematical tool, abstract relation algebra [14,42,45]. In Section 3, we define recall some basic laws and notions related to infinite looping. In Section 4, we describe our refinement ordering and some demonic operators associated with this order. In Section 5, we define the diagrams and we give two types of diagrams : elementary and compound diagrams. In Section 6, we give a formal definition of the demonic input-output relation of a diagram. This definition encompasses many types of diagrams. In Section 7, we give an application of our results. We conclude in Section 8 with prospects for future research.

Definition and basic laws.
Definition 2.1. A relation algebra A is a structure (B, ∨, ∧, −, •, ) over a nonempty set B of elements, called relations. The unary operations −, are total whereas the binary operations ∨, ∧, • are partial. We denote by B ∨R the set of those elements Q ∈ B for which the union R ∨ Q is defined and we require that R ∈ B ∨R for every R ∈ B. If Q ∈ B ∨R , we say that Q has the same type as R. The following conditions are satisfied.
(a) (B ∨R , ∨, ∧, −) is a Boolean algebra, with zero element 0 R and universal element 1 R . The elements of B ∨R are ordered by inclusion, denoted by ≤.
(b) If the products P • R and Q • R are defined, so is P • Q . If the products (d) There are elements R id and id R associated to every relation R ∈ B. R id behaves as a right identity and id R as a left identity for B ∨R . (e) The Schröder rule P holds whenever one of the three expressions is defined.
If R ∈ B ∨R , then R is said to be homogeneous. If all R ∈ A have the same type, the operations are all total and A itself is said to be homogeneous.
For simplicity, the universal, zero, and identity elements are all denoted by 1, 0, id, respectively. One can use subscripts to make the typing explicit, but this will not be necessary here. The precedence of the relational operators, from highest to lowest, is the following: − and bind equally, followed by •, followed by ∧ and finally by ∨. The scope of i and i goes to the right as far as possible. R is called the converse of R. Another operation that occurs in this article is the reflexive transitive closure R * . It satisfies the well-known laws where R 0 = id and R i+1 = R • R i . From Definition 2.1, the usual rules of the calculus of relations can be derived (see, e.g., [9,14,42]). We assume these rules to be known and simply recall a few of them. The notion of Galois connections is very important in what follows, there are many definitions of Galois connections [1]. We choose the following one [6]. .
The function f is called the lower adjoint and g the upper adjoint.

3.1.
Monotypes. In the calculus of relations, there are two ways for viewing sets as relations; each of them has its own advantages. The first is via vectors: a relation x is a vector [42] iff x = x • 1. The second way is via monotypes [6]: a relation a is a monotype iff a ≤ id. The set of monotypes {a | a ∈ B ∨R }, for a given R, is a complete Boolean lattice. We denote by a ∼ the monotype complement of a.

3.2.
Domain and codomain operators. The domain and codomain of a relation R can be characterized by the vectors R • 1 and R • 1, respectively [21,42]. They can also be characterized by the corresponding monotypes. In this paper, we take the last approach. In what follows we formally define these operators and give some of their properties.
Definition 3.1. The domain and codomain operators of a relation R, denoted respectively by R < and R > , are the monotypes defined by the equations (a) These operators can also be characterized by Galois connections(see [6]). For each relation R and each monotype a, The domain and codomain operators are linked by R > = R < .

Monotype residuals.
Definition 3.2. Let R be a relation and a be a monotype. The monotype right residual and monotype left residual of a by R (called factors in [6]) are defined respectively by An alternative characterization of residuals can also be given by means of a Galois connection as follows [5]: Since we do not use the operator \ • in the sequel, we need the next property of / •.
We now give an additional property of the monotype complement and monotype residual operators.
(2) In the following, we have to use exhaustively the complement of the domain of a relation R, i.e the monotype a such that a = R < ∼ . To avoid the notation R < ∼ , we adopt the Notation R ≺ := R < ∼ .
(3) Because we assume our relation algebra to be complete (Definition 2.1), least and greatest fixed points of monotonic functions exist. We cite [15] as a general reference on fixed points.
Let f be a monotonic function. The following properties of fixed points are used below: In this subsection, we describe notions that are useful for the description of the set of initial states of a program for which termination is guaranteed. These notions are progressive finiteness and the initial part of a relation.

Progressive finiteness of a relation.
A relation R is progressively finite in terms of points iff there are no infinite chains s 0 , ..., s i such that s i Rs i+1 ∀i, i ≥ 0. I.e there is no points set y which are the starting points of some path of infinite length. The least set of points which are the starting points of paths of finite length i.e from which we can proceed only finitely many steps is called initial part of R denoted by I(R). This topic is of interest in many areas of computer science, mathematics and is related to recursion and induction principle.
(a) The initial part of a relation R, denoted I(R), is given by The description of I(R) by the formulation a / •R = a shows that I(R) exists, since (a | a ≤ id : a/ •R) is monotonic in the first argument (by Equation (1)) and because the set of monotypes is a complete lattice, it follows from the fixed point theorem of Knaster and Tarski that this function has a least fixed point. Progressive finiteness of a relation R is the same as well-foundedness of R .
I(R) is a monotype. In a concrete setting, I(R) is the set of monotypes which are not the origins of infinite paths (by R). Using Equations 4 and Boolean laws, one has: In [5], it is shown that the following is also equivalent: The next theorem involves the function w a (X) := Q ∨ P • X, which is closely related to the description of iterations. The theorem highlights the importance of progressive finiteness in the simplification of fixed point-related properties.
The precedence of the relational operators, the unary operators always take precedence in our formulae over the binary operators so, the precedence from highest to lowest, is the following: ≺ , < , > , ∼ , − and bind equally followed by •, / •, ∧ and finally by ∨.
As the demonic calculus will serve as an algebraic apparatus for defining the denotational semantics of the nondeterministic programs, we will define in what follows these operators.

4.
A demonic refinement ordering. We now define the refinement ordering (refinement ordering) we will be using in the sequel. This ordering induces a complete join semilattice, called a demonic semilattice. The associated operations are demonic join ( ), demonic meet ( ) and demonic composition ( ). We give the definitions and needed properties of these operations, and illustrate them with simple examples. For more details on relational demonic semantics and demonic operators, see [6,7,8,9,20].
We will give the rationale behind the definition of refinement called the refinement ordering.
If we consider a relation R as a specification of the input-output behavior of a program p, then p will be totally correct with respect to R if : • for any input i in the domain of R, i is a possible output of p only if (i, i ) ∈ R, • p always terminates for any input belonging to the domain of R [37]. For an input that does not belong to the domain of specification R, program p may return any result or return no result; that is, the specifier does not care what happens following the submission of such an input.
Definition 4.1. We say that a relation Q refines a relation R [38], denoted by In other words, Q refines R if and only if • R < ≤ Q < : this means that Q must assign a result to any state to which R also assigns a result; this means that Q must not produce results not allowed by R for those states that are in the domain of R. Thus, for instance, 1 0 0 1 1 0 1 1 0 0 0 0 , but 1 0 0 0 1 1 1 0 (these Boolean matrices represent relations over sets by the well-known correspondence).
Proposition 1. Let Q and R be relations, then (a) The greatest lower (wrt ) of Q and R is, otherwise, the least upper bound does not exist.
For the proofs see [12,20]. And here is an example of these operations: 5. Relational diagrams. In the following, we will give the formal definition of a diagram and different types of diagrams. We define a diagram as being a quadruple constructed of a relation, a set of monotypes mutually disjoint; they have a role identical to the vertices of a graph and also of two particular monotypes characterizing the input and the output of the diagram. The word diagram is well justified by the use of matrices and graphs.
Even though we don't use matrices and graphs in our formal treatment (already used in our anterior work [46,47]), we use them in our informal and intuitive explications.
How the matrices can be obtained from diagrams is intuitively obvious, and we refer to [41,42,46,47] for a rigorous treatment.
The set of matrices whose entries are relations constitutes a relation algebra [41,42], with the relational operations defined as follows. Let R and S be matrices whose entries belong to the same homogeneous algebra. Then, (a) A quadruple P = (P, C, e, s) is a diagram on A iff, • P is a relation of A, called the associated relation of diagram P, • C is a set of monotypes instead to be vectors as it has already been done in [47]. The monotypes are disjoint from each other, verifying the condition : ( C) P • ( C) = P , • e (entry) and s (sortie,which means exit in french) are monotypes (e, s ∈ C) called respectively the input relation and the output relation of the diagram P. (b) A diagram P 1 = (P 1 , C, e 1 , s 1 ) is a sub-diagram of diagram P = (P, C, e, s) iff : In other words, a sub-diagram is a diagram such that its associated relation is included in the associated relation of the principal diagram. When the principal diagram is executed, the sub-diagram is also executed. The control begins by the input node e 1 to P 1 and terminates by the output node s 1 . The diagram P 1 communicates no information to the diagram P through the internal nodes of the diagram P 1 .
Let us give an example that illustrates definition 5.1(a). Consider the loop : do n > 0 → n := n − 10 od, where n takes its values on the set of natural numbers N, which is the set of states. By following the same approach as Schmidt and Ströhlein [42], this program can be represented by the following graph : The node 0 is the input node and the node 2 is the output node. Each arc is labeled with a relation on {0, 1, 2} × N calculated by the program between the nodes related by this arc. These relations are : For example, the relation on {0, 1, 2} × N calculated by the loop body between the nodes 1 and 0 is P 2 . The representation matrix of this graph is : We will give the relations characterizing the diagram P = (P, C, e, s).
• The associated relation of this diagram is P = P 1 ∨ P 2 ∨ P 3 . Then, P is a relation of type We distinguish two types of diagrams : elementary and compound diagrams.
(a) A diagram P = (P, C, e, s) is atomic iff C = {e, s} and P = e P • s.
The graph and the matrix associated with this diagram are : and P= e s e Ø P s Ø Ø .
An atomic diagram consists of a unique atomic step i.e. the transition between the input node and the output node is formed in exactly one step ( there is only one input which is different from Ø in the matrix). (b) A diagram P = (R, C, e, s) is a sequence diagram iff : P = P 1 ∨ P 2 , C = {e, a, s}, P = e P 1 • a and P 2 = a P 2 • s. This diagram can be represented by the following graph and matrix : The graph and also the matrix illustrate well the use of the word sequence. We note that a sequence diagram is the sequence of two atomic diagrams such that the output relation of the first one is equal to input relation of the second one. (c) A diagram P = (R, C, e, s) is a branching diagram iff The graph and the associated matrix representing this diagram are : In a branching diagram, the execution begins in the input node and the output node is formed in a nondeterministic way in two different branches and each one is composed of two atomic steps. We notice that, if G 2 = Q = b = Ø (or the symmetric case), then P is transformed into a sequence diagram.
In a loop diagram, P is applied until Q can be applied. 6. Demonic input-output relation of compound diagrams. During the execution of a program in an input state, by considering a demonic point of view (if there is a possibility for the program not to terminate normally then it will not terminate normally), three cases may happen : normal termination, abnormal Figure 1. A sequence diagram P termination and infinite loops. As our goal is to define formally the input-output relation of a diagram by supposing its worst execution, we have to consider these three cases together at the same time. For more details see [47]. In the following, the expression "input-output relation" means the demonic input-output relation. The input-output relation of a diagram P is given by a relation E(P) where E is a function from the set of diagrams to a relational algebra, which associates to each diagram P the relation E(P) given by : In the following, we will consider the case of compound diagrams. Suppose that we have a certain compound diagram P = ( n i=1 P i , C, e, s) composed of elementary sub-diagrams (Definition 5.1) P i = (P i , C i , e i , s i ). Instead of calculating the inputoutput relation E(P ) of diagram P directly by applying Equation 8, which is a laborious task, we will prove that the relation E(P ) is equal to the input-output relation of the diagram obtained from diagram P by replacing each sub-diagram P i by its input-output relation E(P i ). The process continues until we obtain elementary diagrams for which we apply the results given in [47]. Let us give an example: Let P = (P, C, e, s) be a diagram constructed of two sub-diagrams P 1 = (P 1 , C, e, c) and P 2 = (P 2 , C, c, s), as illustrated by Figure 1. The sub-diagrams P 1 and P 2 may even be compound diagrams. Instead of calculating directly the input-output relation E(P ) of diagram P by applying Equation 8, we want to show that E(P ) = E(P ), with P = (E(P 1 ) ∨ E(P 2 ), C, e, s), C = {e, c, s}, E(P 1 ) = e E(P 1 ) • c, E(P 2 ) = c E(P 2 ) • s .
We remark that P is a sequence diagram (see the graph of Figure 1). By applying Equation the results in previous work [47,48] to diagram P , we obtain E(P ) = E(P 1 ) E(P 2 ), whence we deduce E(P ) = E(P 1 ) E(P 2 ). It is clear that behind this result a whole preliminary formal treatment is hidden. We also have to consider the other types of diagrams, i.e. the branching diagram and the loop diagram. Instead of treating each case separately, we will give a general result which regroups all the cases. We will restrict ourselves to the following constraints that we explain below: Hypotheses 1. Let R = (R, C, e, s), be a diagram in which we identify a subdiagram P = (P, C P , a, c) ( Figure 2) such that : Our goal is to decompose the relation R to extract a sub-diagram P of diagram R. The input states of P are represented by a, the output states by c and the states which are neither input nor output states, which we call internal states, are represented by b. These three elements are mutually disjoint, in other words , also c • P ≺ = 0 (i.e. c P = 0) which means that c is terminal. The monotype d represents all the states of R except those of a, b, c. Therefore, d P = 0, P • d = 0 and d ∧ a = d ∧ b = d ∧ c = 0. By considering these conditions and the fact that P is the associated relation of the sub-diagram P, we have P = (a ∨ b) P • (a ∨ b ∨ c). We suppose that the internal states of P cannot be used to transmit the control from P to Q or from Q to P , which gives b Q = Q • b = 0. We suppose also that the states of a are used as entries to P only, then a Q = 0. We obtain : In the same way, the input in R cannot be done by b, then e ≤ a ∨ c ∨ d. Finally, the output states of the principal diagram R have to be output states of sub-diagrams, thus s∧a = s∧b = 0, which implies s ≤ c ∨ d. The relation Q represents the union of associated relations of sub-diagrams of R other than P. From these hypotheses, the matrices R and P associated respectively with diagrams R and P can be represented as follows : Remark 1. Each compound diagram R = ( n i=1 P i , C, e, s) composed of subdiagrams P i = (P i , C, e i , s i ) can be brought back to Hypotheses 1 by identifying a sub-diagram P k = (P k , C k , e k , s k ), where 1 ≤ k ≤ n, and by taking (a) P := P k , In the following, we will present the main result of this paper. It is sufficient to give an explication of this theorem and also its application in Section 7. This means that the input-output relation of diagram R = (P ∨ Q, C, e, s) is equal to the input-output relation of diagram (E(P) ∨ Q, C, e, s) ; the associated relation of diagram P has been replaced by the input-output relation of the last one (see the matrix below). We note that the diagram (E(P), {a, c}, a, c) is an atomic diagram (Definition 5.1(a)).
The same reasoning may be applied to the rest of diagram R ; it is enough to identify in the diagram R a sub-diagram which verifies Hypotheses 1 and we apply this until we obtain elementary diagrams for which we apply the results of the second chapter of the Thesis [47,48] and also in [13].
In the following section, we will show how to apply Theorem 6.1 to certain types of diagrams.

7.
Applications. In this section, we will illustrate the application of Theorem 6.1 calculating the input-output relation of compound diagrams which may be reduced to sequence diagrams.
Let the diagrams P, P 1 and P 2 be such that P = (P 1 ∨ P 2 , C, e 1 , s 2 ), P 1 = (P 1 , C 1 , e 1 , s 1 ) and P 2 = (P 2 , C 2 , s 1 , s 2 ), where C = C 1 ∨ C 2 , ( C 1 ) ∧ ( C 2 ) = s 1 and s 1 P ≺ 1 = 0. Suppose that diagrams P 1 and P 2 are not atomic. Our aim is to calculate the input-output relation E(P) of diagram P by applying Theorem 6.1 and the results from [47]. To do that, we reduce P 1 and P 2 to obtain a sequence diagram (Definition 5.1). The relation (e 1 ∨ s 1 ) ∼ ( C 1 ) represents the states of the diagram P 1 which are different from input and output states (the internal states). By using c P = 0 and also the properties verified by a, b (Hypothesis 1 and Substitution 1), we obtain (a ∨ b) P • (a ∨ b ∨ c) = ( C 1 ) P • ( C 1 ) = P.

Conclusion.
We have presented certain notions concerning relation algebra and relational diagrams in Sections 2 and 5 and also the refinement order in Section 4. We have shown how to give a generic demonic input-output relation definition (Equation 8), based on the concept of relational diagrams [42,47]. This definition has been used to calculate the demonic input-output relation of an arbitrary instruction, which we have done in the case of the sequence (Equation 5). Our main result is Theorem 6.1, where we showed that the input-output relation of compound diagram is equal to that of the diagram in which each sub-diagram has been replaced by its input-output relation. This process is repeated until we obtain elementary diagrams to which we apply the results given in [47]. To prove Theorem 6.1, we needed many intermediate results. Some of them have been demonstrated by the generalisation of Mills' theorem [18,46,47,48,49,50,51,52]. In Section 7, we have applied Theorem 6.1 to a compound diagram corresponding to a particular case (sequence) of language of guarded commands. The approach to demonic input-output relation presented here is not the only possible one. In [10,31,32,33], the infinite looping has been treated by adding to the state space a fictitious state ⊥ to denote nontermination. In [9,25,30,35,36,39,54,55,57], the demonic input-output relation is given as a pair (relation,set). The relation describes the input-output behavior of the program, whereas the set component represents the domain of guaranteed termination.
We note that the preponderant formalism employed until now for the description of demonic input-output relation is the wp-calculus. For more details see [2,3,23,56,58].