Tuplix Calculus Specifications of Financial Transfer Networks

T uplix Calculus Sp ecifications of Financial T ransfer Net w orks Jan A. Bergstra 1 ∗ Sanne Nolst T renit´ e 2 Mark B. v an der Zw aag 1 1 Section Soft ware Engineeri n g, Informatics Institute, Universit y of Amsterdam 2 F acult y of Science, Universit y of Amsterdam Email: { jan b ,sanne,mbz } @science.uv a.nl Abstract W e study the application of T uplix Calculus in mo dular financial bu d- get design. W e formalize orga nizational structure usi n g fin ancial transfer netw ork s. W e consider the notio n of flux o f money o ver a netw ork, and a w ay to enforce the matc hing of influx and outflux for parts of a n etw ork. W e exploit so-called signed attribut e notation to make in ternal streams visible through encapsulations. Finally , w e prop ose a T uplix Calculus construct for the definition of data f un ctions. Con ten ts 1 In tro duction 2 2 Financial T ransfer Netw orks 2 3 Flux o v er a Net w ork 4 4 Visualizing In ternal Streams 7 5 F unc tio n Defin i tion and Binding 9 A Deriv ations 1 1 B Primer on T uplix Calculus 13 B.1 Cancellation Mea dows . . . . . . . . . . . . . . . . . . . . . . . . 14 B.2 Basic T uplix Calculus . . . . . . . . . . . . . . . . . . . . . . . . 15 B.3 Zero-T est Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 B.4 Generalized Alterna tive Compos itio n and Auxiliary Op era tors . . 18 ∗ Pa r tially supported by the Dutch NW O Jaquard Pro ject Symbiosis, pro j ect num ber 638.003.611. 1 1 In tro du ction In [3] we described the application of T uplix Calc ulus (TC, se e [6]) in the formal- ization of financ ia l budgets. Here, w e explore this a pplication further s tarting with the definition of financial transfer net works. W e c o nsider t he notion of flux of money ov er a netw ork, and define a flux constr aint oper ator that enforces matching influx and outflux for units. W e exploit so-ca lled signed attr ibute notation to make internal strea ms visible through encapsula tio ns. Finally , we prop ose a T uplix Calc ulus constr uct for the definition of data functions. W e assume familiarity with T uplix Calculus; its s yntax and axioms are collected in Appendix B. 2 Financial T ransfer Net w orks Implicit starting p o int in the modula r budget des ig n in [3] is the a ssumption of an underlying (organizational) structure: tuplix expressio ns sp ecify budgets for certain par ties, and b y co mpo sition we obta in budgets for la rger pa rts (of an organiza tion). Of imp ortanc e is also the identification of attributes, that are used in the sp ecification o f payments b etw een parts, o r betw een par ts and external parties. Example 1. As a simple example, consider an o r ganizatio n co nsisting of parts P and Q , and assume that attribute a is us ed to s pe c ify paymen ts b etw een these parts. Using the names P and Q also a s tuplix meta-v aria bles, we define P = a ( 1 0) , Q = a ( − 10) . So, P w ill pa y amount 10 , while Q intends to receive a mount 10. When w e co m- po se P and Q , expressed as ∂ { a } ( P  Q ), these entries s ynchronize succe s sfully . W e find it w orthwhile to in tro duce a mathematical format for organizational structures. W e define a financial tr ansfer network (FTN) a s a set of units with in-going and o utgoing channels: a channel is a direc ted link b etw een units, or betw een a unit and an external par t y , that is lab eled with an attribute. Lab els of in-go ing channels of a unit ar e used in the sp ecification of payments to the unit, and the lab els o f o utgoing channels are used to specify paymen ts made by the unit. W e require that any c hannel is in-go ing for at most one unit and outgoing for at most one unit. Definition 1. An FTN consists o f: 1. a set A ttr of a ttr ibutes ; 2. a set Unit of units; 3. a function in : Unit → 2 A ttr ; 4. a function out : Unit → 2 A ttr ; 2 such t ha t for all distinct g , h ∈ U nit , in ( g ) ∩ in ( h ) = ∅ and out ( g ) ∩ out ( h ) = ∅ . An attr ibute a is internal if there are units g , h ∈ Unit with a ∈ in ( g ) ∩ out ( h ). An attribute is ext ernal if it is not internal. An FTN can b e depicted in a graph-like manner, with units as no des, and arrows (called channels) labeled with attributes b etw een units, o r b etw e en a unit and an e xternal pa rty . Because an attribute of an FTN can b e the la b el of a t most one channel, w e shall also sp eak of the channel a , rather than the channel lab eled with attribute a . A c ha nnel is internal if its lab el is internal; this is the case if it co nnects units of the net work, see the follo wing example. Example 2. Consider the FTN with Attr = { a, b, c } , Unit = { g, h } , and in ( g ) = { a } , out ( g ) = in ( h ) = { b } , in ( h ) = { c } . This netw ork is depicted a s a − → g b − → h c − → The channels a, c are external, b is internal. Given an FTN, a sp e cific ation of a u nit g is a tuplix expression P g that uses only the elemen ts of in ( g ) ∪ out ( g ) a s attributes. Example 3. This example is a shortened, simplified version of the example presented in [3]. W e ha ve added the pre sentation of the organizational structure as a n FTN. W e consider an FTN as depicted in the follo wing picture: P 1 d 1 / / S a / / Q c   b 1 7 7 p p p p p b 2 ' ' N N N N N P 2 d 2 / / The units and their specifica tions (for a given perio d of time, e.g., the cal- endar year 200 8): • S is a financia l sour c e tha t rewards pro duction: fo r eac h pro duct that is pro duced, a consta nt rew ar d r ew is allo cated to unit Q . F or pro duction unit P i (see b elow) the data v ariable n i stands for the num b er o f pro ducts pro duced b y P i during the perio d that is cov ered. Spec ific a tion: S def = a ( r ew · ( n 1 + n 2 )) . • The c ontr ol unit Q will dis patch the rewards to the pro duction units after deduction of a fixed fraction k (a v a lue betw een 0 and 1) that is paid via 3 c to an external service cent er . It further distributes the remainder of the rewards equally a mong the production units: Q def = P x ( a ( − x )  c ( k · x )  (1 − k ) · ( b 1 ( x/ 2)  b 2 ( x/ 2))) . • The pr o duct ion units P i , for i = 1 , 2 , receiv e mo ney from Q via b i and pay for their exp enses via d i (in this simplified example, these units act as ser ial buffers only , that is, they simply pass on what they receive): P i def = P x ( b i ( − x )  d i ( x )) . A combined budget B is sp ecified by the encapsulated c omp osition of these sp ecifications: B def = ∂ { a,b 1 ,b 2 } ( S  Q  P 1  P 2 ) . The encapsula tion enforc e s synchronization on the internal channels and then hides these int er nal strea ms (in Section 3 we elab ora te on the notion o f str e ams). W e find (see Appendix A for the deriv ation): B = P x ( γ ( x = r ew · ( n 1 + n 2 ))  c ( k · x )  (1 − k ) · ( d 1 ( x/ 2)  d 2 ( x/ 2))) . Alternatively , w e may redefine Q so that it pays the pro ductio n units pr o - po rtionally to their contribution to the total pr o duction: Q def = P x ( a ( − x )  c ( k · x )  (1 − k ) · x · ( b 1 ( n 1 / ( n 1 + n 2 ))  b 2 ( n 2 / ( n 1 + n 2 )))) . Then we find, for the co mbin ed budget: B = c ( k · r ew · ( n 1 + n 2 ))  (1 − k ) · ( d 1 ( r ew · n 1 )  d 2 ( r ew · n 2 )) with a similar deriv ation. 3 Flux o ve r a Net w ork Unit sp ecifications of an FTN can be thought o f as determining an unrealized flux ov er the in terna l channels of a netw ork. T ake for instance the channel g a − → h. W e sp eak of a str e am ov er a , when the total amounts specified for a by g and by h match (that is, a dd up to zero). W e then also say that g has o utflux 4 ov er a and h has influx over a . When there is no match, there is no flux; the flux is realized when w e compose unit sp ecificatio ns, and encapsulation over the int er nal attributes is success ful. A very simple example: consider g a − → h with specifications P g = a ( t ) and P h = a ( − s ). W e sa y that g has outflux o f s ize t along a , and that h has influx of size s along a . If the outflux of g along a matches the influx of h alo ng a , that is, if t equals s , then there is a stream of this size from g to h . This matc hing corr esp onds to t he success of e nc a psulation of the composed unit sp ecifica tio ns: w e find ∂ { a } ( P g  P h ) = γ ( t = s ) . This enca psulation r educes to an equa lity test; unsuccessful encapsulatio n yields the null tuplix δ . Note that enca ps ulation hides the internal transa ctions; in Section 4 w e lo o k at a w ay to mak e successful in terna l transactions (i.e., flux ) of units visible. Flux dynamics comes into pla y with generalized alternative comp osition (summation) ov er amounts. F or example, redefine P h so that it will receive any amo unt , and send this along: P g = a ( t ) , P h = P x a ( − x )  b ( x ) , then we find that successful enca psulation deter mines the outflux of h : ∂ { a } ( P g  P h ) = b ( t ) . W ork ing with this p ersp ective we find it natural to b e able to require for certain units that ‘wha t g o es in als o comes out.’ F or example, sp ecify that h will r eceive an y amoun t alo ng a and will tra nsfer a ny amount along b : P g = a ( t ) , P h = P x a ( − x )  P y b ( y ) . Encapsulation ov er a will enfor ce the tra nsfer of amo unt t along a , and an additional requirement that the total flux of h equals zero would turn h into a serial buffer that forwards amount t alo ng b . W e define a unary fl u x c onstra int op er ator that do es exactly this: it adds to its argument the constraint that its to tal flux equals zero. This op erato r (written K , a fter Kir chhoff ) is defined a s follows: K ( X ) = K 0 ( X ) (1) K t ( δ ) = δ (2) K t ( ε ) = γ ( t ) (3) K t ( γ ( x )  X ) = γ ( x )  K t ( X ) (4) K t ( a ( x )  X ) = a ( x )  K t + x ( X ) (5) K t ( X + Y ) = K t ( X ) + K t ( Y ) (6) K t ( P x P ) = P x ( K t ( P )) x 6∈ FV ( t ) (7) 5 a 0   b 0 | | y y y y y y y y R 0 c 0 B B B B B B B B a 1   Q 0 b 1 ~ ~ | | | | | | | | o o e 0 d 0 / / R 1 c 1 B B B B B B B B a 2   Q 1 b 2 ~ ~ | | | | | | | | o o e 1 d 1 / / R 2 Figure 1 : Reserve buffers example Example 4 . W e define p erio dic sp ecifica tio ns for a unit Q and a r eserve R . The unit Q receives income from and has exp enditures to external parties. Ev er y per io d it withdraws a fixed amount from R , and it reserves a fixed per centage of its income to the reserves of the next p erio d. An y r e serves that ar e no t withdrawn are transferr ed to the next p e rio d. T he flux c o nstraint opera tor is used to enforce this transfer of re serves. It is a lso applied to Q so that it will sp end a ny income that is not re served. W e make this mor e precis e. W e define Q n and R n for the unit Q and the reserve R in per io d n . The follo wing a ttributes a re used: • a n +1 for the transfer fro m R n to R n +1 • b n +1 for the reserv ation from Q n to R n +1 • c n for the withdraw al from R n by Q n • d n for the external income of Q n • e n for the external exp enditures of Q n The netw o rk is depicted in Figure 1. Define R n = K ( P u,v, w, x a n ( − u )  b n ( − v )  c n ( w )  a n +1 ( x )) which can b e r ewritten to R n = P u,v, w, x γ ( u + v = w + x )  a n ( − u )  b n ( − v )  c n ( w )  a n +1 ( x ) . 6 In the sp ecifica tion of Q n we use the free data v aria bles pw (perio dic with- draw al), inc n (income in per io d n ), and k (reserve fr action, a v alue b etw een 0 and 1). Define Q n = K ( P u c n ( − pw )  d n ( − inc n )  b n +1 ( k · inc n )  e n ( u )) = P u γ ( u = pw + (1 − k ) · inc n )  c n ( − pw )  d n ( − inc n )  b n +1 ( k · inc n )  e n ( u ) = c n ( − pw )  d n ( − inc n )  b n +1 ( k · inc n )  e n ( pw + (1 − k ) · inc n ) Define P n = ∂ H n ( Q 0  · · ·  Q n  R 0  · · ·  R n +1 ) where H n = { a i +1 , b i +1 , c i | 0 ≤ i ≤ n } . F or P 0 and P 1 we find (see deriv ations in Section A): P 0 = K ( P u,v, w, x a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 ))  c 1 ( w )  a 2 ( x )) , P 1 = K ( P u,v, w, x a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  d 1 ( − inc 1 )  e 1 ( pw + (1 − k ) · inc 1 ) c 2 ( w )  a 3 ( x )) , and this generalizes to P n = K ( P u,v, w, x a 0 ( − u )  b 0 ( − v )  c n +1 ( w )  a n +2 ( x ))   i =0 ,...,n d i ( − inc i )  e i ( pw + (1 − k ) · inc i )) . 4 Visualizing In ternal Streams In a n FTN with unit sp ecifications we sp eak of an internal stream over a c hannel, if encapsulation over that c hannel is successful (does no t y ie ld the null tuplix δ ). In an encapsulation P = ∂ H ( P 0  · · ·  P k ) of unit sp ecifications P i , all information on internal streams is lost, that is, due to the e nca psulation no en tries with attr ibutes from H o ccur in P . Still, it ma y 7 be us eful to see the internal s tr eams of a unit under influence of comp o s ition and encapsulation. W e shall exploit signe d a tt ribute notation to retain f o cus on encapsulated s pe cifications: we add copies of internal entries that will rema in visible after encapsulation. Signed A t t ribute Notation So far we ha ve used flat attribut e notation for en tries: for a unit g , if a ∈ in ( g ), then an entry a ( t ) is interpreted a s influx of a mount − t to g , and if a ∈ o u t ( g ), then a ( t ) is in terpr e ted a s outflux of amount t from g . The notation is neutra l in this respect (and this is the basis for the definition of encapsulation). An a lternative is signe d attribute notation : for attribute a , ass ume fresh attributes − a, + a , and write − a ( t ) for influx of amount t , and + a ( t ) for outflux of amount t . W e hav e not defined encapsulation for this no tation. Clearly , tuplix expre s sions in signed attribute notation ca n b e tra nsformed to flat a ttribute notation by replac ing entries + a ( t ) b y a ( t ), and − a ( t ) by a ( − t ). Vice versa, fo r a g iven unit g , transform a ( t ) to − a ( − t ) if a ∈ i n ( g ), and to + a ( t ) if a ∈ out ( g ). Com bined Flat and Signed Attribute Notation F or a unit g and a set of (internal) attributes H , the mapping ζ g,H will add a signed copy of internal entries of g in a specifica tion using flat attribute nota tion. ζ g,H ( δ ) = δ (8) ζ g,H ( ε ) = ε (9) ζ g,H ( γ ( x )) = γ ( x ) (10) ζ g,H ( a ( x )) =      + a ( x )  a ( x ) if a ∈ out ( g ) ∩ H − a ( − x )  a ( x ) if a ∈ in ( g ) ∩ H a ( x ) otherwise (11) ζ g,H ( X  Y ) = ζ g,H ( X )  ζ g,H ( Y ) (12) ζ g,H ( X + Y ) = ζ g,H ( X ) + ζ g,H ( Y ) (13) ζ g,H ( P x X ) = P x ζ g,H ( X ) (14) The resulting specificatio n co mbines flat and signed attribute notatio n. Encapsulation Assume we hav e units g 0 , . . . , g k with corr esp onding s pe c ifications P 0 , . . . , P k , and we wan t to see wha t comp osition a nd enca psulation with P 1 , . . . , P k do to P 0 . Let H b e the set of attributes tha t are in terna l to g 0 , . . . , g k . The encapsulation P = ∂ H ( ζ g 0 ,H ( P 0 )  P 1  · · ·  P k ) , 8 will, if succe s sful, co ntain signed copies of the in terna l trans a ctions of g 0 . W e can now fo cus on g 0 by letting J = { a, + a, − a | a ∈ in ( g 0 ) ∪ out ( g 0 ) } , and selecting (see definition on page 18) on the attributes in th is set: Sele ct J ( P ) shows all the tr ansactions o f g 0 under influence of the e nca psulation. Of c o urse, we can also make all internal streams of the comp os itio n visible: ∂ H ( ζ g 0 ,H ( P 0 )  ζ g 1 ,H ( P 1 )  · · ·  ζ g k ,H ( P k )) . Example 5. Consider the following net work: a − → g b − → h c − → T ake unit specifications P g = a ( − 1 )  b (1) , P h = b ( − 1 )  c (1) , and obser ve that ∂ { b } ( P g  P h ) = a ( − 1)  c (1) . The encapsulatio n enforc es synchronization o n b , and leaves no tra ce of this synchronization. Now consider P = ∂ { b } ( ζ g, { b } ( P g )  P h ) = a ( − 1)  + b (1)  c (1) where the signed cop y of the internal outflux of g on b remains visible. Finally , let J = { a, + a, − a | a ∈ in ( g ) ∪ out ( g ) } , and find Sele ct J ( P ) = a ( − 1)  + b (1) . 5 F unction Definition and Bind ing W e ex tend T uplix Calculus with a construct to define data functions, a nd with summation ov er functions. W e only sketch ho w this extension can b e achieved; a fully w or ked-out technical account is future w or k . W e ex tend the sig nature of the data type with lambda abstra ction and applica tion in order to express functions. F o r example, λx.x + x 9 is the function that doubles its a rgument, and ( λx.x + x )2 is the function applied to ar gument 2. Adopting β -conv er sion a s usual, this reduces to 2 + 2. W e a lso assume standar d α - conv ersio n (renaming o f bo und v ar iables). W e further assume for eac h arit y a se t of function v a riables. If f is a function v ariable of arity k , we write f ( t 1 , . . . , t k ) for the applica tio n o f f to ar guments t 1 , . . . , t k . W e write λ ¯ x.t ( ¯ x ) for the lambda abstraction ov er some given, implicit num b er o f v ar ia bles x , and f ( ¯ x ) for the application of f to arguments ¯ x , where the num b er o f arguments is alwa ys assumed to be equal to the arity of f . A function definition f = λ ¯ x .t ( ¯ x ) , where f is a function v a riable, is expressed in the T uplix Calculus by the con- struct Γ( f , λ ¯ x.t ( ¯ x )) , and we would hav e, e.g., Γ( f , λx.x + x )  a ( f (1)) = Γ( f , λx.x + x )  a (2) . T o deriv e suc h identities we adopt the axiom scheme Γ( f , λ ¯ x.t ( ¯ x )) = Γ( f , λ ¯ x .t ( ¯ x ))  γ ( f ( ¯ s ) − t ( ¯ s )) , (FD) for any data terms ¯ s . Final step: w e extend T uplix Calculus with summation P f ov er function v ar iables f . This is v ery similar to summation o ver data v aria bles. With these features w e can define and use functions in a ‘let-lik e’ manner in sp ecifications. The general form P f (Γ( f , λ ¯ x.t ( ¯ x ))  P ) may be read as ‘let f b e defined as λ ¯ x.t ( ¯ x ) in tuplix P .’ F or an example a pplication w e refer to [4]. In that pap er we define a budget allo cation to faculties a t a university-lev el. The allo ca tio n for a facult y F can be given by a f ac ult y- independent function f , whic h takes as input a n um b er of parameter v alues specific to F . So, sa y that Γ( f , λ ¯ x.t ( ¯ x )) defines f , and that the allo cation to F is defined as f ( ¯ x F ). The total of budget allo cations is then sp ecified b y P f (Γ( f , λ ¯ x.t ( ¯ x ))   F ( a F ( f ( ¯ x F )))) , where a F is a c hannel na me used in the transfer of money to F . 10 A Deriv ations Note: a ze r o test γ ( t − s ) may b e written as γ ( t = s ). Deriv a tio n for Example 3: B = ∂ { a,b 1 ,b 2 } ( S  Q  P 1  P 2 ) = ∂ { a,b 1 ,b 2 } ( a ( r ew · ( n 1 + n 2 ))  P u ( a ( − u )  c ( k · u )  (1 − k ) · ( b 1 ( u/ 2)  b 2 ( u/ 2)))  P u ( b 1 ( − u )  d 1 ( u ))  P u ( b 2 ( − u )  d 2 ( u ))) = P u,v, w ∂ { a,b 1 ,b 2 } ( a ( r ew · ( n 1 + n 2 ))  a ( − u )  c ( k · u )  (1 − k ) · ( b 1 ( u/ 2)  b 2 ( u/ 2))  b 1 ( − v )  d 1 ( v )  b 2 ( − w )  d 2 ( w )) = P u,v, w ( γ ( u = r ew · ( n 1 + n 2 ))  γ ( v = (1 − k ) u/ 2)  γ ( w = (1 − k ) u/ 2 )  c ( k · u )  d 1 ( v )  d 2 ( w )) = P u ( γ ( u = r ew · ( n 1 + n 2 ))  c ( k · u )  (1 − k ) · ( d 1 ( u/ 2)  d 2 ( u/ 2))) Deriv a tio n for Example 4: P 0 = ∂ { a 1 ,b 1 ,c 0 } ( Q 0  R 0  R 1 ) = ∂ { a 1 ,b 1 ,c 0 } ( c 0 ( − pw )  d 0 ( − inc 0 )  b 1 ( k · inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  P u,v, w, x γ ( u + v = w + x )  a 0 ( − u )  b 0 ( − v )  c 0 ( w )  a 1 ( x )  P u ′ ,v ′ ,w ′ ,x ′ γ ( u ′ + v ′ = w ′ + x ′ )  a 1 ( − u ′ )  b 1 ( − v ′ )  c 1 ( w ′ )  a 2 ( x ′ )) = P u,u ′ ,v ,v ′ ,w ,w ′ ,x,x ′ γ ( u + v = w + x )  γ ( u ′ + v ′ = w ′ + x ′ )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  a 0 ( − u )  b 0 ( − v )  c 1 ( w ′ )  a 2 ( x ′ )  ∂ H ( c 0 ( − pw )  b 1 ( k · inc 0 )  c 0 ( w )  a 1 ( x )  a 1 ( − u ′ )  b 1 ( − v ′ )) 11 = P u,u ′ ,v ,v ′ ,w ,w ′ ,x,x ′ γ ( u + v = w + x )  γ ( u ′ + v ′ = w ′ + x ′ )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  a 0 ( − u )  b 0 ( − v )  c 1 ( w ′ )  a 2 ( x ′ )  γ ( w = pw )  γ ( v ′ = k · inc 0 )  γ ( x = u ′ ) = P u,v, w ′ ,x ′ γ ( u + v = pw + w ′ + x ′ − k · inc 0 )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  a 0 ( − u )  b 0 ( − v )  c 1 ( w ′ )  a 2 ( x ′ ) = P u,v, w, x γ ( u + v = w + x + pw − k · inc 0 )  a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  a 2 ( x )  c 1 ( w )  e 0 ( pw + (1 − k ) · inc 0 ) = K ( P u,v, w, x a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  a 2 ( x )  c 1 ( w )  e 0 ( pw + (1 − k ) · inc 0 )) P 1 = ∂ { a 2 ,b 2 ,c 1 } ( P 0  Q 1  R 2 ) = ∂ { a 2 ,b 2 ,c 1 } ( P u,v, w, x γ ( u + v = w + x + pw − k · inc 0 )  a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  a 2 ( x )  c 1 ( w )  e 0 ( pw + (1 − k ) · inc 0 )  c 1 ( − pw )  d 1 ( − inc 1 )  b 2 ( k · inc 1 )  e 1 ( pw + (1 − k ) · inc 1 )  P u,v, w, x γ ( u + v = w + x )  a 2 ( − u )  b 2 ( − v )  c 2 ( w )  a 3 ( x )) 12 = P u,v, w, x,u ′ ,v ′ ,w ′ ,x ′ γ ( u ′ = x )  γ ( v ′ = k · inc 1 )  γ ( w = pw )  γ ( u + v = w + x + pw − k · inc 0 )  a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  d 1 ( − inc 1 )  e 1 ( pw + (1 − k ) · inc 1 ) γ ( u ′ + v ′ = w ′ + x ′ )  c 2 ( w ′ )  a 3 ( x ′ ) = P u,v, x,w ′ ,x ′ γ ( u + v = x + 2 pw − k · inc 0 )  γ ( x + k · inc 1 = w ′ + x ′ )  a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  d 1 ( − inc 1 )  e 1 ( pw + (1 − k ) · inc 1 ) c 2 ( w ′ )  a 3 ( x ′ ) = P u,v, w, x γ ( u + v = w + x + 2 pw − k · ( inc 0 + inc 1 ))  a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  d 1 ( − inc 1 )  e 1 ( pw + (1 − k ) · inc 1 ) c 2 ( w )  a 3 ( x ) = K ( P u,v, w, x a 0 ( − u )  b 0 ( − v )  d 0 ( − inc 0 )  e 0 ( pw + (1 − k ) · inc 0 )  d 1 ( − inc 1 )  e 1 ( pw + (1 − k ) · inc 1 ) c 2 ( w )  a 3 ( x )) B Primer on T uplix Calculus This app endix is an excerpt from [6 ]. F o r further reading on meadows we refer to [7, 5]. W e remar k that the o per ators + for alterna tive comp osition and ∂ H for enca psulation stem fro m the pr o cess a lgebra ACP [2 ], see also [1 , 8 ]. The summation oper ator P (binding of da ta v aria bles that generalize s alternative comp osition) is also pa r t of the sp ecifica tion langua ge µ CRL [9], which combines A CP with equationa lly sp ecified abstract data type s . 13 B.1 Cancellation Meado ws T uplix Calculus builds on a data t yp e for quantities . This data t yp e is required to b e a non-trivial c anc el lation m e adow , or, e q uiv alently , a zer o-totalize d field [7, 5]. A zero-to talized field is the well-known alg ebraic structure ‘field’ with a total oper ator for division so that the result of division b y zero is zero (and, for example, in a 47-totalized field o ne has chosen 47 to represent the res ult of a ll divisions by zero ). A me adow is a commutativ e r ing with unit equipp ed with a to tal una r y op eration ( ) − 1 named inv ers e that sa tisfies the axioms ( x − 1 ) − 1 = x and x · ( x · x − 1 ) = x , and in whic h 0 − 1 = 0. F o r T uplix Calculus we also requir e the c anc el lation axiom x 6 = 0 & x · y = x · z ⇒ y = z to hold, th us o btaining c anc el lation me adows , whic h we take as the mathemat- ical structure fo r qua ntities, requiring further that 0 6 = 1 to exclude (trivial) one-p oint mo dels. These axioms for cancella tion meadows characterize exactly the eq ua tional theo r y of zero- totalized fields [5]. The prop er ty of cancellation meadows t ha t is exploited in the T uplix Ca lculus is that division by zero yields zero, while x · x − 1 = 1 for x 6 = 0. W e define a data typ e (sig nature a nd axio ms) fo r qua n tities whic h comprises the constants 0, 1, the binar y op erato r s + and · , and the unary oper ators − and ( ) − 1 . W e often write x − y instead of x + ( − y ), x/y instead o f x · y − 1 , a nd xy instead of x · y , and we shall omit br a ck ets if no confusion can aris e fo llowing the usual bindin g con ven tions . Fina lly , w e use numerals in the co mmon wa y (2 abbreviates 1 + 1, etc.). The axioma tization consists of the cancellation axiom x 6 = 0 & x · y = x · z ⇒ y = z , the sep ar ation axiom 0 6 = 1 , and the follo wing 10 axioms for meadows (see [5]): ( x + y ) + z = x + ( y + z ) , x + y = y + x. x + 0 = x, x + ( − x ) = 0 , ( x · y ) · z = x · ( y · z ) , x · y = y · x, 1 · x = x, x · ( y + z ) = x · y + x · z , ( x − 1 ) − 1 = x, x · ( x · x − 1 ) = x . 14 The fo llowing identities are deriv able fr om the axioms for meado ws. (0) − 1 = 0 ( − x ) − 1 = − ( x − 1 ) ( x · y ) − 1 = x − 1 · y − 1 0 · x = 0 x · − y = − ( x · y ) − ( − x ) = x F urthermo re, the cancella tio n axiom and a xiom x · ( x · x − 1 ) = x imply the gener al inverse law x 6 = 0 ⇒ x · x − 1 = 1 of zero -totalized fields. B.2 Basic T uplix Calculus Core T uplix Calculus (CTC) is parametrized with a no nempt y set A of at- tributes . Its s ignature contains the constants ε (the empt y tuplix) and δ (the nu ll tuplix), and tw o further k inds o f atomic tuplices: en t ries (attribute-v a lue pairs) o f the form a ( t ) with a ∈ A , a nd t a data ter m, and, for an y da ta term t , the zero test γ ( t ) ( γ 6∈ A ). Finally , CTC has one binary infix op erato r: the c onjunctive c omp osi- tion o p e r ator  . This op e rator is commut a tive and associa tive. Axioms ar e in T able 1. In CTC, a tuplix is a conjunctive comp ositio n o f tests and en tries, with ε representing an empt y tuplix, and δ representing an erro neous situa tion whic h nu llifies the entire comp osition. En tries with the same attr ibute ca n be com- bined to a single entry containing the sum of the quantit ies inv olved. A zero test γ ( t ) acts a s a conditional: if the argument t equals zero , then the test is void and disapp ears fr om conjunctive compositions. If the argument is not equa l to zero, the test n ullifies an y conjunctiv e compo s ition con taining it. Observe ho w we exploit the prop er ty of zero-totalized fields that t/t is always defined, a nd that the division t/t yields zero if t equals ze r o, a nd 1 otherwis e. F urther note that an equality test t = s can b e expressed as γ ( t − s ). A tuplix term is close d if it is do es not con tain tuplix v ariables and also do e s not c ontain data v ar ia bles. A tuplix term is t u plix-close d if it do es not con tain tuplix v aria bles (but it may contain data v ariables). The tuplix calculus is t wo-sorted. On the tuplix side we hav e the a x ioms T1 – T10 and w e use the pro o f r ules of equational logic. On the data side, w e 15 T able 1: Axioms for Basic T uplix Calculus X  Y = Y  X (T1) ( X  Y )  Z = X  ( Y  Z ) (T2) X  ε = X (T3) X  δ = δ (T4) a ( x )  a ( y ) = a ( x + y ) (T5) γ ( x ) = γ ( x/x ) (T6) γ (0) = ε (T 7 ) γ (1) = δ (T8) γ ( x )  γ ( y ) = γ ( x/x + y /y ) (T9) γ ( x − y )  a ( x ) = γ ( x − y )  a ( y ) (T10) X + Y = Y + X (C1) ( X + Y ) + Z = X + ( Y + Z ) (C2) X + X = X (C3) X + δ = X (C4) X  ( Y + Z ) = ( X  Y ) + ( X  Z ) (C5 ) γ ( x ) + γ ( y ) = γ ( xy ) (C6) 16 refrain from giving a precis e pro o f theory . The rule De lifts v a lid data iden tities to the tuplix calculus: for all (op en) data terms t and s , D | = t = s implies γ ( t ) = γ ( s ) , ( De ) where D (a non-trivial ca ncellation mea dow) is our mo del of the data t yp e. This axiom system with axioms T1 – T10 plus proof rule De is denoted b y CTC. The axiom system CTC is extended to Ba s ic T uplix Calculus (BTC), by addition of the binary o pe rator + called alternative c omp osition or choic e to the sig nature, and b y a doption o f axioms C1 – C6 (see T able 1). The fo llowing tw o pr o of rules are deriv able: D | = t = s implies P [ t/x ] = P [ s/x ] , and P  γ ( x − t ) = P [ t/x ]  γ ( x − t ) , for tuplix terms P and with substitution P [ t/x ] defined as usual for t wo-sorted equational log ic (replac e ment of all data v aria ble s x in P by t ). B.3 Zero-T est Logic W e present some observ a tions o n the use o f the zero- test op era tor which lead to a simple logic. First, the empt y tuplix ε with ε = γ (0) b y axiom T7 may b e read as ‘true’, and the n ull tuplix δ with δ = γ (1) by axiom T8 may be read as ‘false’. Negation. Define the test ‘not x = 0 ’ by e γ ( x ) def = γ (1 − x/x ) . Conjunctive comp osition of tests may b e read as lo gical conjunction: γ ( x )  γ ( y ) (T9) = γ ( x/x + y /y ) tests ‘ x = 0 and y = 0’. Alternative compo sition o f tests may be read a s log ical disjunction: γ ( x ) + γ ( y ) (C6) = γ ( x · y ) tests ‘ x = 0 or y = 0’. A formula w ould then b e a tuplix-closed (no tuplix v ariables ) BTC term without ent r ie s. An y formula can be expr essed as a single test γ ( t ) using ax- ioms T7 – T9 and C6, and the definition of negation. W e find that this log ic ha s all the usual properties . Cle arly , conjunction and disjunction are commutativ e, asso ciative, and idemp otent, a nd it is not difficult to derive distributivit y , ab- sorption, and double negation elimination. As us ual, implication can be defined in ter ms of neg ation a nd disjunction: e γ ( x ) + γ ( y ) = γ ((1 − x/x ) · y ) tests ‘ x = 0 implies y = 0’. 17 B.4 Generalized Alter nativ e Comp osition and A uxiliary Op erators The gener alize d alternative c omp osition ( or: summation) op er ator P x is a unary operator th a t binds data v aria ble x and c a n be seen as a data-par ametric generaliza tion of the alternative comp osition op erato r +. W e add this binder to the s ignature of BTC and write FV ( P ) for the set of fr e e data v aria bles o ccurring in tuplix term P . W e write V ar ( t ) for the set of data v ar iables o c- curring in data term t (there is no v ariable binding within data ter ms). Define substitution P [ t/x ] as: r eplace ev ery free occurr ence of data v ariable x in t uplix term P by the data ter m t , such that no v ar iables of t become b ound in these replacements. E.g., recall the pro of rule P  γ ( x − t ) = P [ t/x ]  γ ( x − t ) . This rule r e mains sound in the setting with summation, but application of the rule ma y require t he renaming of bound v ar iables in P , so that t he subs titution can b e p erfor med. When consider ing substitutions we implicitly assume that bo und v ar iables are renamed prop erly . The axiom schemes for summation are listed in T able 2. Auxiliary O p erators. F or BTC with summation, we define three auxiliary op erator s: sca la r m ultiplication, clea ring, and encaps ulation. Axioms are listed in T able 2 . • Scalar m ultiplication t · P multiplies the quan tities contained in en tries in tuplix term P by t . Axiom Sc7 is an a x iom scheme with t ranging over data terms and P ra nging ov er tuplix terms. • Clearing: F or set of a ttributes I ⊆ A , the op erator ε I ( X ) rena mes all ent r ies of X with attribute in I to ε . It “clears ” the attributes contained in I . F or a set of attributes J ⊆ A we further define Sele ct J ( X ) def = ε A \ J ( X ) . This f unction allows to fo cus on those e ntries with attribute fro m J . • Encapsulation can b e see n as ‘conditional clearing’. F or set of attributes H ⊆ A , the oper ator ∂ H ( X ) enca psulates all entries in X with a ttribute a ∈ H . Tha t is , fo r a ∈ H , if the accumulation of quantities in entries with attribute a equals zero , the enca psulation on a is considere d successful and the a -entries are cle ar e d (b ecome ε ); if the a ccumulation is no t eq ual to zero, they b ecome null ( δ ). This ac cumu la tion of quan tities is co mputed per alternative: the encapsula tio n op erato r distributes ov er alterna tive comp osition. W e further define ∂ H ∪ H ′ ( X ) def = ∂ H ◦ ∂ H ′ ( X ) . 18 T able 2: Axiom schemes for gener alization and auxiliary oper ators. T erms P and Q range ov er tuplix terms and t ranges over data terms. P x P = P if x 6∈ FV ( P ) (S1) P x P = P y P [ y /x ] if y 6∈ FV ( P ) (S2) P x ( P  Q ) = P  P x Q if x 6∈ FV ( P ) (S3) P x ( P + Q ) = P x P + P x Q (S4) P x γ ( x − t ) = ε if x 6∈ V ar ( t ) (S 5) P x e γ ( x − t ) = ε if x 6∈ V ar ( t ) (S6) x · ε = ε (Sc1) x · δ = δ (Sc2) x · γ ( y ) = γ ( y ) (Sc3) x · a ( y ) = a ( x · y ) (Sc4) x · ( X  Y ) = x · X  x · Y (Sc5) x · ( X + Y ) = x · X + x · Y (Sc6) t · P y P = P y ( t · P ) if y 6∈ V ar ( t ) (Sc7) ε I ( ε ) = ε (Cl1) ε I ( δ ) = δ ( Cl2) ε I ( γ ( x )) = γ ( x ) (C l3) ε I ( a ( x )) = ( ε if a ∈ I a ( x ) otherwise (Cl4) ε I ( X  Y ) = ε I ( X )  ε I ( Y ) (Cl5) ε I ( X + Y ) = ε I ( X ) + ε I ( Y ) (Cl6) ε I ( P x P ) = P x ( ε I ( P )) (Cl7) ∂ H ( ε ) = ε (E1) ∂ H ( δ ) = δ (E2) ∂ H ( γ ( x )) = γ ( x ) (E3) ∂ H ( a ( x )) = ( γ ( x ) if a ∈ H a ( x ) if a 6∈ H (E4) ∂ H ( X  ∂ H ( Y )) = ∂ H ( X )  ∂ H ( Y ) (E5) ∂ H ( X + Y ) = ∂ H ( X ) + ∂ H ( Y ) (E6) ∂ H ( P x P ) = P x ( ∂ H ( P )) (E7) 19 References [1] J.C.M. Baeten and W.P . W e ijland. P r o c ess Algebr a . Cambridge T r acts in Theoretical Co mputer Science 18 , Cambridge Universit y P ress, 19 90. [2] J.A. Bergstra and J.W. Klop. Pro cess alg ebra for s y nchronous comm unica- tion. Information and Contr ol 60 (1–3):10 9 –137 , 1984. [3] J.A. Bergstra, S. Nolst T renit´ e and M.B. v an der Zwaag. T ow ar ds a for mal- ization o f budgets. arXiv.org, a rXiv:080 2 .3617 v1 [cs.LO], 2008. [4] J.A. Bergstra , S. Nolst T renit´ e and M.B. v an der Z waag. UvA budget al- lo cation mo del. Repo rt PRG0805, Section Soft ware E ngineering, Universit y of Amsterdam, 2008. [5] J.A. Bergstra and A. Ponse. A generic basis theorem for cancellation mead- ows. arXiv.org , arXiv:0803.3 969v2 [math.RA ], 2008 . [6] J.A. Berg stra, A. Ponse and M.B. v an der Zwaag. T uplix Calculus. arXiv.o rg, arXiv:071 2.342 3v1 [cs.LO ], 200 7. [7] J.A. Berg s tra and J.V. T uck er. The rationa l n umber s as an abstract data t yp e. Journal of the A CM 54(2), 2007. [8] W. F okk ink . Intr o duction to Pr o c ess A lgebr a . T exts in Theo retical Computer Science, Springer-V erla g, 2000. [9] J.F. Gro ote and A. Ponse. The syntax and semantics of µ CRL. In: A . Ponse, C. V erho e f and S.F.M. v a n Vlijmen (edit o rs), Algebr a of Communi- c ating Pr o c esses ’94 , page s 26 –62, W orkshops in Computing Serie s , Springer - V erla g , 1995 . 20