Intelligent Modeling and Verification 2014View this Special Issue
Research Article | Open Access
Xinyan Gao, Yingcai Ding, Wenbo Liu, Kaidi Zheng, Siyu Huang, Ning Zhou, Dakui Li, "Unified Mathematical Framework for Slicing and Symmetry Reduction over Event Structures", Journal of Applied Mathematics, vol. 2014, Article ID 352152, 20 pages, 2014. https://doi.org/10.1155/2014/352152
Unified Mathematical Framework for Slicing and Symmetry Reduction over Event Structures
Nonclassical slicing and symmetry reduction can act as efficient structural abstract methods for pruning state space when dealing with verification problems. In this paper, we mainly address theoretical and algorithmic aspects for nonclassical slicing and symmetry reduction over prime event structures. We propose sliced and symmetric quotient reduction models of event structures and present their corresponding algorithms. To construct the underlying foundation of the proposed methodologies, we introduce strong and weak conflict concepts and a pair of mutually inverse operators and extend permutation group based symmetry notion of event structures. We have established a unified mathematical framework for slicing and symmetry reduction, and further investigated the translation, isomorphism, and equivalence relationship and other related basic facts from a theoretical point of view. The framework may provide useful guidance and theoretical exploration for overcoming verification challenges. This paper also demonstrates their practical applications by two cases.
Generally, to detect whether a finite execution trace of a distributed program satisfies a given predicate, namely, predicate detection (a kind of verification problems), is a fundamental problem in asynchronous distributed systems. It has applications in many domains such as testing, debugging, and monitoring of distributed programs and it is also a powerful runtime verification method.
Unfortunately, predicate detection is NP complete  and suffers from the excessive size of the state space and the state explosion problem—the number of possible global states of the program increases exponentially owing to simple combination.
To deal with this problem, several useful reduction techniques have been suggested in succession for reducing the state space in recent years, such as partial order reduction and symmetric reduction methods [2–4].
On the one hand, the basic observation is that many distributed or concurrent systems exhibit a certain degree of symmetry, for example, a system composed of identical or isomorphic components whose identities are interchangeable from a verification point of view. This kind of structural symmetry in the system is also reflected in the full state space of the system. The main idea behind the symmetry reduction method is to figure out this symmetry and obtain a condensed state space which is typically much smaller than the full state space, but from which the same kind of properties of the system can be derived without unfolding the condensed state space to the full state space. Thus, it can be used to verify any property of the original model.
On the other hand, a slice of a system with respect to a criterion is a subsystem that only contains all the states of the original system that satisfy this specification. The advantage of this technique lies in the fact that the detection is performed only on the small part of the global state space which is of interest. In many cases, the slice is exponentially smaller than the original. In order to tangle predicate detection problem, nonclassical slicing technique, named computation slicing, as an abstraction mechanism, inspired by the classical program slicing of Weiser [5, 6], was first proposed by Garg and Mittal .
For the majority predicate classes, the computation slicing algorithm has polynomial-time complexity and gains exponential reduction of state spaces. Computation slicing has been proved to be an efficient technique for pruning state space of predicate detection in distributed computation. Moreover, it has also been successfully applied to solve the problems of temporal properties verification in transaction level hardware descriptions such as PCI local bus protocol and the MSI (modified shared invalid) cache coherence protocol  in SoC (system on chip) systems and so forth.
Due to the restriction of partial order execution trace model [5, 8], this approach has some limitations. Firstly, it is a runtime checking method and only checks a single partial execution trace once. It is not easy to obtain 100% path coverage even though this detection is performed multiple times. Thus, it is not suitable for exhaustive analysis by reasoning about all possible execution of the system model. Secondly, its underlying model is partially ordered set and it is not expressive enough to handle these models with explicit choice structures or conflicts. Because all the runtime traces do not contain any conflict information, it is not convenient to analyze the system under construction statically.
In this paper, we extend the notion of computation slicing from partial order traces to prime event structures with conflict. We propose a more general event structure slicing notion and a complete mathematical theoretical framework for computing the event structure slices.
The main idea is that a prime event structure can be viewed as such a system model consisting of several conflict-free substructures. These substructures themselves are in mutual weak conflict. Any of such conflict-free event substructures of a prime event structure acts as a partial order execution trace which can be sliced by traditional computation slicing algorithm. Based on this idea, we propose a partition approach to decompose a prime event structure into a group of conflict-free substructures equivalently. Each of these substructures can be sliced with respect to a given slicing criterion by the existing slicing algorithm and we can get a set of the sliced substructures. We have proved that these sliced results can be composed together and yield a new prime event structure by a so-called weak choice composition operation. We have shown that the newly generated prime event structure is the slicing result of the original prime event structure. Meanwhile, based on above partition, we can detect structural symmetry property and make symmetric reduction on each substructure of the original system. In additional, we also investigate the relationship between the symmetric reduction model and the original one.
The main contribution of our work can be summarized as follows. We introduced the slicing notion into the area of event structure and extended nonclassical computation slicing with conflict. We also proposed a unified mathematical framework as a common theory basis for event structure slicing and symmetry reduction. We also made a comparison between our event structure slicing and the traditional computation slicing and demonstrated the mathematical aspects of this framework.
The rest of this paper is structured as follows. Related work is discussed in Section 2. Section 3 introduces the notion of event structure and other basic definitions. Section 4 describes two core operators over event strictures. Slicing reduction derived from computation slicing will be discussed in Section 5. Symmetry reduction theory based on permutation group is reported in Section 6. The overall mathematical framework for event structure slicing and symmetry reduction will be provided in Section 7. In the last section, we make a short summary of our work.
2. Related Work
Regarding the slicing technique, the work in [5, 6] proposed classical program slice idea firstly by Weiser. Given a program and a set of variables, a program slice consists of all statements in the program that may affect the value of the variables in the set at some given point.
During years after the program slice notion was proposed, a lot of work based on this notion had been performed. For example, in 1992, the notion of a slice has been also extended to distributed programs . In 2000, the notion of a nonclassical computation slice, which is very similar to the concept of a program slice, has been proposed. In work [7, 10], computation slice over partial order traces was firstly investigated by Garg and Mittal, de Bakker et al. This computation slice notion is based on partial order traces model, which is a special case of event structure without conflict.
Event structure, as an true concurrency model [11–16], can be taken as an extension of partial order model. In concurrency theory, event structures constitute a major branch of concurrent models. These were initially developed as a link between Petri nets and Scott domain theory  and have since been extensively applied as a semantic model for process algebras, for example .
On the other hand, as for symmetry reduction, the use of symmetry to reduce state space has been investigated widely by researchers. Technically speaking, symmetry in event structures [3, 4] is similar to symmetry in model checking [2, 21, 22]. In work , a category of event structures with symmetry was introduced and its categorical properties were investigated, while our work is relevant to the structural reduction via symmetry property over event structure model.
In our previous work , we have extended this technique to event structure area. In this paper, we will further investigate the common basis for both slicing and symmetry reduction over event structures and provide a unified framework.
3. Event Structure and Basic Definitions
In this section, we will introduce the notion of prime event structure [11, 17, 25, 26] and the basic definitions we use throughout the paper. The prime event structure is firstly defined and other related key notions are introduced. Moreover, we focus on finite prime event structures only.
Definition 1 (prime event structure). A prime event structure (over an alphabet , a set of actions) is a 4-tuple structure with (i), a finite set of events;(ii), a partial order, the causality relation, satisfying the principle of finite causes: for all is finite and the inverse of is denoted by ;(iii), the (irreflexive and symmetric) conflict relation, satisfying the principle of conflict inheritance: ;(iv), the action-labelling function.
A prime event structure (for short, an event structure) represents a system in the following way: the action names are activities which the system may perform, an event labelled stands for a particular occurrence of an action, indicates that cannot occur before has, and indicates that actions and can never occur together in one run.
The conflict inheritance property states that if an event is in conflict with some event , then it is in conflict with all causal successors of .
From the causality relation, it is not difficult to derive a notion of causal independence:
Let denote the domain of prime event structures labelled over and stand for the empty event structure. Generally, the components of an event structure will be denoted by , and , respectively. More specifically, . If clear from the context, the index will be omitted; that is, is also a valid form.
Additionally, for , the restriction of to can be defined as . Let denote all causal successors of an event ; that is, .
Definition 2 (event substructure). Let and be event structures; is called a substructure of (denoted by ) if and only if (i);(ii)for all ;(iii)for all .
Definition 3 (conflict-free event structure). An event structure is called conflict-free event structure (denoted by , for short) if and only if its conflict relation is empty; that is, .
Let denote the domain of conflict-free prime event structures.
In order to characterize the conflict relationship between two conflict-free event structures (or substructures of a prime event structure), we introduce the following basic definitions: strong conflict, weak conflict, and weak conflict event structure set (for short, weak conflict set).
Definition 4 (strong conflict). Let and . The conflict relation between and and and is called strong conflict if and only if for all , , denoted by . and are called strong conflict if and only if their event sets are in mutually strong conflict, that is, for all , denoted by .
More generally, for any and , the relation between nonempty and is called extended strong conflict if and only if for all , , denoted by . That is, each of is in conflict with each of and the existence of conflict relation in or is allowed.
Definition 5 (weak conflict). Let and . The conflict relation between event sets and and and is called weak conflict if and only if , denoted by . The conflict-free event structures, and , are called weak conflict if and only if their event sets are in weak conflict; that is, for all , denoted by .
Stated in words, it is not that each event of is in conflict with each event of , but there exists at least one conflicting event pair between and .
Basically, according to the previous definitions, strong conflict relation is a special case of weak conflict relation.
Definition 6 (weak conflict set). Let over event set , is called a weak conflict set if and only if and for all .
For convenience, let denote the family of weak conflict event sets.
Definition 7 (maximal conflict-free event substructure). Let be an event structure; any event subset is called a maximal conflict-free event subset (for short, mcfset) of if and only if it satisfies the following: (1)for all ;(2)for all .
Its corresponding substructure is called maximal conflict-free event substructure of ; that is, .
4. Operators over Event Structure
In this section, a pair of mutually inverse operators, (conflict-free partition) and (weak conflict composition), will be introduced and discussed. For any prime event structure , partition and composition operation over it can be associated via its family of configurations.
4.1. Maximal Conflict-Free Partition
In fact, a prime event structure can be viewed as a system consisting of several substructures, which are conflict-free themselves. Such a conflict-free event substructure of a prime event structure represents a specific possible partial order execution trace via branching or nondeterministic choices. For any prime event structure, it is a certainty that we can get its maximal conflict-free substructures by some kind of conflict-free partition operation according to the characteristics of its conflict relation.
First of all, we give the definition of maximal conflict pattern for an event structure. The notion of maximal conflict pattern can make great contributions to accelerate the process of partition by avoiding unnecessary partition steps. We then provide the key partition algorithm for a prime event structure.
Definition 8 (maximal conflict pattern). Let ; for any and , is called a maximal conflict patternif and only if for all , for all .
For any prime event structure, we can get these maximal conflict patterns by the following two steps:(1)casual successors expanding;(2)conflict pairs merging.
Firstly, due to the conflict inheritance property, we know that if event is in conflict with event then their casual successors are also in mutual conflict; that is, .
Let and ; we have that and are in strong conflict if ; namely, .
For example, for a prime event structure , if and casual relations are ,, and , we then have .
We also have that any nonempty subset of and any nonempty subset of are also in strong conflict.
Consider a prime event structure whose conflict relation has conflict pairs. Expand each conflict relation with its successors according to the conflict inheritance property and we can get full conflict relation pairs: ; here, .
Secondly, for such a group of full conflict relation pairs obtained by the above steps, there may exist common elements among some pairs that can be merged together and form a maximal conflict pattern. For example, events , and are mutually in conflict; we have six immediate conflict relation pairs: , , , , , and .
From the principle of permutation, we then have three maximal conflict patterns by merging conflict pairs: , , and . Equivalently, , , and are also the valid maximal conflict patterns.
Assume that there are maximal conflict patterns after expanding and merging which are , respectively.
Here, denotes the th pattern, and .
If , then any nonempty subset of and any nonempty subset of are also in extended strong conflict.
For any event set , let denote any nonempty subset of ; correspondingly, denotes a conflict subpattern of .
Formally, is called a conflict subpattern of if and only if , denoted by (or ). Otherwise, (or ).
Let denote the maximal conflict pattern set of an event structure .
For any prime event structure, it is a certainty that we can get its maximal conflict-free substructures by some kind of conflict-free partition operation according to its conflict relation characteristics: maximal conflict patterns. Thus, we have the following theorem for partition.
Theorem 9. For any prime event structure, its maximal conflict-free partition exists and the partition result is unique.
Proof. (1) Existence. The proof is constructive.
If there is no conflict in , then itself is the maximal conflict-free event subset of . Otherwise, for any nonempty event subset , and there exists such maximal conflict pattern that .
In order to make a subset of become conflict-free with respect to the conflict relation: , that is, eliminate this conflict relation from its all subsets, we have known that if (or ), then there should be (or ); otherwise, the conflict pattern will still exist in its subsets.
By greedy policy, let and be both maximal inclusion subsets with respect to calculated by and , respectively. This means the current event set will be partitioned into two parts by this maximal conflict subpattern: one part is , and the other is . Certainly, there exists no conflict relation between and any more. If there does not exist any conflict in (or ), then (or ) is one conflict-free event subset of .
Otherwise, apply the next maximal conflict pattern to all the previously obtained event subsets in the same manner. This partition process is continued until no conflict exists.
As we know, if each pattern of the maximal conflict patterns set has been applied just once by the above manner, then any consequent subset will be conflict-free and the partition process will stop. Meanwhile, there are conflict-free subsets at most.
Because intersection of and can be nonempty, thus the partition tree is not yet a full binary tree and set inclusion among these solution nodes is allowed. If some subsets are included by others, then they will be removed until every result subset cannot be included by others. It is not difficult to verify that every consequent subset is maximal and conflict-free. Exploiting these expanded fully conflict patterns to partition the event set step by step, we will eventually get all maximal conflict-free event subsets. That is, there exists a practical algorithm to implement the partition operation. Without loss of generality, let denote such partition for the time being.
(2) Uniqueness. Assume we have distinct maximal conflict-free event subsets in total by partition . These subsets form a set of , denoted by .
We might as well assume there is another partition that generates the result set which is also a set of .
Consider any element of ; let denote it. The relationship between an element in and satisfies the following.(1). Since , then . We have known that is maximal, and now event subset is also a subset of and is in weak conflict with other event subsets except . Moreover, includes . This case leads to a contradiction.(2). The proof is similar to the above case (1). This case also leads to a contradiction.(3).(3.1). Since is also a subset of , thus, is a valid set of . There are subsets in this partition . This is in contradiction with that there are subsets in .(3.2). Since , then ; that is, is a valid set of . is maximal; moreover, is maximal too. This leads to a contradiction.(3.3). The proof is similar to the above case (3.2). This case also leads to a contradiction.
Therefore, we are forced to have only ; that is, any element in is also an element in ; we get ; in the same manner, we will get . Thus, we have .
This establishes the uniqueness and also implies the partition result is independent of partition order or conflict pattern.
Therefore, we have the conclusion.
Assume has in total. Here, let (, for short) denote total amount of , denote the th maximal conflict-free event substructure, and denote the event set of .
Then the result set can be represented as .
In fact, every of the original prime event structure represents a specific possible execution choice in a system run. We might as well let denote such an operator. Then, we have the following definition of this partition operator.
Definition 10 (conflict-free partition). An operator is called conflict-free partition operator for if and only if .
According to our previous discussion, we have C-like pseudocode descriptions: Algorithm 1 for .
4.2. Family of Configurations
In general, the behavior of an event structure is described by its configurations which are sets of events with certain properties. In other words, a configuration is a set of events that have happened during a specific run of the event structure.
We will review the basic definition of configuration in the following section. More detailed information can be found in .
Definition 11 (configuration). Let be a subset of of a prime event structure ; then is called a configuration of if and only if (1) is left-closed if and only if .(2) is conflict-free if and only if .
A configuration can also be viewed as a global state where all events in the configuration have occurred. The configuration of the event structure should be conflict-free because conflicting events can never happen in a system run. In addition, all casual predecessors of an event in a configuration should be contained in this configuration too; that is, configuration should be downwards closed; otherwise this event could not have happened at all.
That is, a subset is a (finite) configuration of if and only if it is finite, left-closed, and conflict-free.
The semantics of a prime event structure is defined as the family of its configurations ordered by set inclusion. Let denote the family of all configurations of event structure , which forms an ordered set (called prime algebraic coherent partial order; see ) by inclusion; that is, is partial order.
Definition 12. A configuration is called complete or (successfully) terminated if and only if . A configuration is called maximal if and only if .
For any prime event structure , a configuration of is maximal if and only if it is complete. Obviously, for any maximal configuration of a prime event structure, there exists a corresponding maximal conflict-free substructure set. An empty or initial configuration, denoted by , represents the initial state in which there is no event happened.
In general, initial configuration and complete configuration are also called trivial configurations, while others are called nontrivial configurations.
Similarly, we have the following configuration definition for conflict-free event structure.
Definition 13 (configuration of ). Let be a and let be a subset of ; then is called a configuration of if and only if is left-closed; that is, .
Since , its event subset is evidently conflict-free.
Let denote the family of all configurations of conflict-free event structure . Clearly, when is the th : of prime event structure , its family of all configurations is denoted by .
Definition 14 (subfamily of configurations). Let be a and let be a nonempty event subset; a subfamily of configurations of with respect to event subset is the family of configurations of its event substructure restricted by event subset ; that is, .
Clearly, for any of event structure , its subfamily of configurations with respect to event subset is denoted by for convenience.
Lemma 15. The relation between the family of configurations of a prime event structure and that of its can be described by .
Proof. To prove the result of this lemma, we will show that both hold.
(1) “”. For any configuration , since is a configuration, by definition, should be conflict-free. Thus should be the subset of one of the maximal configurations. Otherwise, if is greater than any maximal configuration, then must contain mutual conflicting events; that is impossible.
Therefore, we have that there must exist a maximal configuration which contains . Such a maximal configuration corresponds to a maximal conflict-free event subset: ; that is, must be the element of ; that is, . We have .
(2) “”. For any configuration , of course, ; this implies and ; therefore, we get . Since is a configuration, it is also a configuration of ; that is, .
We have .
Therefore, from (1) and (2), we have the result.
4.3. Domains of Configurations
In this section, we will discuss the concept of domain from the point of view that computation states are taken as such subsets and progress in a computation is measured by the occurrence of more events.
Definition 16 (least upper bound). Let be a partial order; an element is called least upper bound of subset (), denoted by , if and only if .
Definition 17 (coherent). Let be a partial order; two elements are called consistent (denoted by ) if and only if ; a subset is pairwise consistent if and only if any two of its element have an upper bound in ; that is, ; is called coherent if and only if every pairwise consistent subset () has a least upper bound .
The consistency relation of and is denoted by ; conversely, inconsistency is denoted by .
Definition 18 (complete prime). A partial order ; an element is a complete prime if and only if for every finite subset , if exists and then there exists an such that (i.e., .
Let denote the set of complete prime of .
Definition 19 (prime algebraic). A partial order is called finitary if and only if is finite. is called prime algebraic if and only if is countable and .
Namely, is called prime algebraic if and only if, for every element , exists define , and .
Definition 20 (domain). A coherent, prime algebraic, and finitary partial order is called a Scott domain (or simply a domain).
Definition 21. Let be a coherent, finitary prime algebraic domain. Define , where consists of the complete primes of :(1);(2).
Definition 22. Let be a prime algebraic complete lattice. Define , where consists of the complete primes of , .
Theorem 23. Let ; then is a finitary coherent prime algebraic domain; the complete primes are the set (see ).
Theorem 24. Let be a finitary coherent prime algebraic domain. Then, is a prime event structure, with giving an isomorphism of partial orders where with inverse given by (see ).
Evidently, event structures and coherent, finitary prime algebraic domains are equivalent; one can be used to represent the other.
The following theorem describes the important property of family of configurations of a prime event structure.
Theorem 25. For any nonempty : of event structure , its family of configurations is prime algebraic complete lattice. Its complete primes are those elements of the form .
Proof. The proof is straightforward.
Thus prime event structure and finitary coherent prime algebraic domain are equivalent; this implies that there is a one-to-one correspondence between a prime event structure and its family of configurations; one can be used to represent the other.
4.4. Weak Choice Composition
Theorem 23 describes an important property between the domains of configurations of prime event structures and the prime event structures themselves.
We can obtain a full set of from a prime event structure by applying operator over it. Conversely, given a full set of of an event structure, we can certainly recover the original event structure that generates this set of by some kind of composition operation.
Further, for any weak conflict set, we give the constraint conditions, under which this weak conflict set can be composed together and form a prime event structure that can generate this set by conflict-free partition operation.
The following theorem discusses the constraint conditions for composition.
Theorem 26 (necessary and sufficient condition for composition). For any weak conflict set , if it satisfies the following conditions: (1) and (2), then there exists a unique prime event structure that can generate this set by partition operation; that is, .(1) .(2) is a finitary coherent prime algebraic domain.
Proof. On one hand, the intersection of event sets of any two is nonempty meaning that common events have happened from both event structures. By definition, if these events represent common global states in runs of a system described by the same prime event structure with multiple choices, they should behave identically. That is, their configurations with respect to the intersection of event set should be identical.
Thus, we have the necessary condition for composition.
On the other hand, from Theorems 23 and 24, we have that there is a one-to-one correspondence between a prime event structure and its family of configurations. Given a valid family of configurations for prime event structure, then there should exist a corresponding prime event structure.
For any weak conflict set: , if all by joining can form a valid family of configurations for a prime event structure, that is, forms a ordered by set inclusion, then there should exist such a unique prime event structure that .
Therefore, we get the necessary and sufficient condition for composition.
Obviously, the set of a prime event structure satisfies the above condition. Clearly, this implies that there must exists a composition operation which can construct the target event structure from a weak conflict set that satisfies the constraint conditions. We may as well let denote the operator. Thus, we have the following definition.
Definition 27 (weak choice composition ( operator)). Let be a weak conflict set, which satisfies necessary and sufficient conditions for composition; an operator is called weak choice composition operator if and only if the result event structure and satisfies the following: (1);(2).
The following theorem states that the operator and are mutually inverse for a prime event structure.
Theorem 28. For any holds.
Proof. The proof is straightforward.
5. Slicing Reduction
In this section, we will discuss slicing reduction technique for partial order trace or prime event structure. Slicing is often taken as an effective abstract technique to combat the state explosion problem. A slicing algorithm for event structure with respect to predicates in a subset of temporal logic formulas is studied. Specially, we focus on statically analyzing rather than online detecting over event structure model.
First of all, we will retrospect the classical notion of computation slicing for partial order traces. Then, we will extend the idea from partial order traces to prime event structures with conflict relations. Additionally, all related definitions and theorems [18, 19, 28] for our theory will be discussed.
5.1. Partial Order Trace Slicing
Computation slicing was introduced in  as an abstraction technique for analyzing partial order traces of distributed programs or distributed computations.
Generally, for classical program slicing, programs are sliced with respect to a slicing criterion that is an interested point for analyzing. In static program slicing, for example, “a program line number” can be taken as a valid slicing criterion. Thus, in order to compute a slice, we need to firstly define the slicing criterion.
Intuitively, a slice of a trace with respect to a temporal logic specification or a predicate (slicing criterion) is a subtrace that contains all the states of the trace that satisfy . A slice contains all the states that satisfy such that it can be computed efficiently and is often much smaller than the original model.
We can use directed graphs to model partial order (execution) traces (POTs, for short) as well as slices. Thus, a notion named graph ideal (or order ideal) of directed graph  is introduced to specify partial order traces and slices pictorially. Formally, its definition is given as follows.
Definition 29 (order ideal). Given a poset , denotes an order relation a subset of is an order ideal if it satisfies .
Definition 30 (graph ideal). Given a directed graph , let and denote the set of vertices with event labels and directed edges, respectively. A subgraph of is a graph ideal if it satisfies .
It is more convenient to use directed graphs to represent partially ordered sets and prime event structures for slicing computation. It satisfies the following.(1)For any event and of , if , then there is directed edge from the vertex labelled with to the vertex labelled with .(2)For any event and of , if , then there is dash line between the vertex labelled with to the vertex labelled with .
In addition, when attempting to construct the graph representation of , as Figure 1 shows, two specific vertexes and will be added as initial state and terminal state corresponding to initial configuration and maximal configuration, respectively.
A subset of elements forms an order ideal if whenever an element is contained in the subset then all its preceding elements are also contained in the subset. Intuitively, order ideals or left-closed subsets can be graphically represented by graph ideals. Generally, independency relation will not be represented explicitly. It is not difficult to have that partial order trace is only a special case of prime event structure with no conflict relations. Here, graph ideal is a notion equivalent to the configuration of an event structure. Empty set and the set of all vertices are called trivial ideal. Similarly, initial configuration and complete configuration are also called trivial configurations.
Definition 31 (predicate on configuration). Intuitively, a logic formula or predicate is a Boolean-valued function defined on the set of configurations: . It actually represents a subset of configurations in which the Boolean function evaluates to 1.
The predicate detection problem is to decide whether the initial configuration of an event structure satisfies a predicate. More formally, we have the following definition.
Definition 32 (predicate detection). For any prime event structure and any predicate , predicate detection is to decide whether holds or not.
Predicates are used to specify system behaviors and properties such as safety and liveness. Properties expressed by a CTL (computational tree logic, introduced in ) formula are beyond the scope of this paper. For evaluating the value of a predicate efficiently, various predicate classes  such as conjunctive, stable, observer-independent, linear, relational, and nontemporal regular  predicates have been defined.
Generally, predicate on configurations will act as the slicing criterion for POTs slicing.
Definition 33 (slice of (POTs)). A slice of a (POTs): of prime event structure with respect to a formula , denoted by , is such an event structure that satisfies the following. (i)Its family of configurations contains all the configurations that satisfy .(ii)Its family of configurations has the least number of configurations and still forms a sublattice.
This formal definition is derived from computation slice notion  given by Garg and Mittal. Meanwhile, existence and uniqueness of the slice have also been discussed; that is, the following theorem holds.
Theorem 34. For any of a prime event structure and any predicate , the slice of with respect to predicate , that is, exists and is unique.
In general, the family of configurations for a forms a distributed lattice, and its slice with respect to a predicate is a sublattice. Sometimes a slice may contain those configurations that do not satisfy the predicate for completing sublattice.
In the next section, we will discuss the slicing definition and model for prime event structure.
5.2. Sliced Model over Event Structure
Generally, predicate on configurations acts as the slicing criterion for prime event structure slicing. Temporal regular predicate, such as a regular subset of CTL called RCTL [7, 8, 29], which contains four temporal operators EF, AG, EG, and EX[j], and nontemporal regular predicates both can also be taken as the slicing criterions.
Compared with the definition of slice of , we have a similar case for prime event structure.
Definition 35 (slice of prime event structure). A slice of a prime event structure with respect to a formula , denoted by , is such an event structure that satisfies the following. (i)Its family of configurations contains all the configurations that satisfy .(ii)Its family of configurations has the least number of configurations.
Generally, a slice may contain configurations that do not satisfy the given predicate. The slice of an event structure with respect to a predicate is called lean  if every configuration of the slice satisfies the predicate.
Theorem 36. For any and any predicate , exists and is unique, and holds.
Proof. (1) Existence and Uniqueness. From Theorem 34, we have that, for any of a prime event structure and any predicate , its slice with respect to predicate exists and is unique.
For any , the family of configuration of is a distributed lattice and is unique.
Further, let ; is also unique and is a finitary coherent prime algebraic domain.
Next, we show that the slicing operation will keep the second part of necessary and sufficient condition for composition.
For any and , if and , we then have that ; that is, for any nonempty event subset and any predicate , if any configuration of satisfies , that is, is the common part of both slices of and . We still get that .
This means that, for any two , if their intersection is nonempty, no matter which part of the intersection belongs to the slice, after slicing, the necessary and sufficient condition for composition will be still satisfied.
Thus, we get that is a valid family of configurations for prime event structures; there should exist such a unique prime event structure that satisfies . We can get by applying to the corresponding event structures of .
Therefore, the existence and uniqueness for event structure slicing have been established. We will then prove that the prime event structure is the ultimate result of slicing.
(2) Satisfactoriness and Minimality. On the one hand, for any configuration of event structure that makes predicate hold, that is, , there must be a : so that ; let , because contains all the configurations of event structure that make predicate hold. We have that must be contained by ; that is, .
We get .
Further, we get .
On the other hand, for any configuration , we get and can make predicate hold; then must hold. Thus, we get .
That is, .
Therefore, we have .
Thus, we get that .
Moreover, by the definition of slice of maximal conflict-free event substructure, we have that, for any , the corresponding contains the least number of configurations that satisfy the given predicate ; we then have that also contains the least number of configurations satisfying this specification. Thus, satisfactoriness and minimality both hold.
Consequently, from both and , we conclude that the theorem holds.
5.3. Slicing Reduction Algorithm
In this section, we will present an approach for event structure slice computing. The slicing algorithm for a prime event structure or its with respect to regular predicates is based on the Adding Edges Theorem (see [8, 20, 31, 33]).
In fact, by the following theorem, these lattices will never be actually constructed in the slicing process for efficiency.
The configurations do not satisfy the predicate but still can be included to complete the sublattice.
Given a distributive lattice generated by a graph , every sublattice of can be generated by a graph obtained by adding edges to . The following theorem holds.
Theorem 37 (Adding Edges Theorem). Let be any sublattice of a finite distributive lattice generated by the directed graph . Then, there exists a graph that can be obtained by adding edges to (removing vertices from) that generates .
For any prime event structure, we can get the slices of its by applying the Adding Edges Theorem. These slices can be composed by to form a new prime event structure which is the target slice of the original event structure. This approach is less general but results in more efficient detection algorithms for a special class of predicates. Note that we will never actually construct the lattice or family of configurations of the event structure due to efficiency.
Garg and Mittal have presented an efficient algorithm [8, 28] based on graphical representation to compute the slice of POTs (or conflict-free event structures) with respect to a predicate . The algorithm adopts the principle of the Adding Edges Theorem and can produce a sliced graph representation. Especially, we have for predicate itself.
We extend the idea and algorithm to more general models and provide an algorithm for slicing the and the original prime event structure. Thus, we have Algorithm 2 to compute the slice of conflict-free event structure.
For a prime event structure with conflict relations, we have to apply operator to get maximal conflict-free event substructures and each of them can be sliced by . Then, the set consisting of each sliced result can be composed together by to construct a new event structure. This new event structure will be the sliced result.
Thus, we can derive Algorithm 3 to compute the slice of a prime event structure.