BCS-FACS Northern Formal Methods Workshop

We hypothesize that the mathematics used in the modelling, and hence speciﬁcation, of computing systems should be universal in the sense that it be equally suitable for the modelling of natural systems, viz., physical, chemical, biological, or cosmological, and vice-versa, and as a consequence we propose to demonstrate a method of development that promises to lead into a fruitful area of exploration for both research and pedagogy in the general ﬁeld of dynamically distributed systems. In the process, we demonstrate that there is a geometry of formal methods, complementary to the usual algebra of formal methods and show how the geometry may be used in practice in the formal speciﬁcation of systems. The results are immediately applicable to the model-theoretic formal methods such as VDM and Z.


Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems
autonomous agents, such as CCS [19], which is properly called a ªprocess calculusº [19,4] and CSP [10], etc., it seems clear that communication occurs on a channel that is expressly set up such that information output from one entity a is input by a second (and possibly the same) entity ā. (See, for example, [10,134]).Now both CCS and CSP are instances of what are customarily called process algebras and it has ever been the goal of the so-called Irish School of the VDM [13], which is founded on classical algebra, to ®nd a natural joining with a process algebra.Furthermore, it is customary to present the mathematical structure of the monoid as lying at the heart of computing with certain exceptions reserved for the semigroup.DEFINITION 1.1 A set A is said to be a semigroup if it is closed under an associative inner law or binary operation, , i.e., such that for all a, b in A then a b is also in A.
A monoid is a semigroup furnished with an identity element for the inner law.In common with others we have always asserted that the monoid does indeed hold central stage in computing and have bemoaned the fact that the group (a monoid with inverse elements), which is one of the most elegant structures in mathematics with profound applications in the natural sciences, seems to have been ªoutlawed by natureº in the computing sciences.
The one exception which we have admitted is the role that the free group plays.
All of computing may be reduced to actions on the free1 monoid over some alphabet of symbols, Σ, where the inner law is concatenation.It is the foundation of `list processing' languages: LISP, PROLOG, etc., and lies also at the heart of formal languages and their machines (see [6]).We may say that communication has occurred if the symbols a and ā = a −1 annihilate: where 1 denotes the null word, or empty word.Such annihilation of a symbol and its opposite lies at the heart of the free group.HYPOTHESIS 1. 1 The basic mathematical structure which underpins communication is the free group on some alphabet.
It seems reasonable to identify a and ā with a name and co-name Á a la CCS [19,37] and the null word with the silent action τ .This association between CCS semantics and an Abelian free group has already been carried out with respect to a synchronous variant of CCS, denoted SCCS and recorded by Milner [19, 195±203] and from which an asynchronous calculus can be derived by introduction of an explicit waiting action.It is only recently, that is literally at the time of writing, that we had become aware of this group-theoretic approach through the text of Fencott [7,274] and, in passing, it is worth noting that the latter's variants, CCS and CCS + , the semantics of which are given in terms of transitions with respect to a bag of actions, may also yield interesting results.
There is no doubt that the algebra of the group-theoretic version of CCS is ªsomewhat more elegantº [than standard CCS] [19,197].That it is not better known may be due to two factors, (a) the unfounded widespread belief that group theory does not truly belong in computing, alluded to above, and (b) the expansion law leads to the classical exponential explosion.Nevertheless, Milner [19,202] noted that that ªwith further experience with the synchronous calculus ways may be found to preserve its power without suffering excessive expansion.ºHas there been such further experience?Moreover, ever since learning of the π-calculus [20], with its support for the notions of locality and mobility, and realizing that the existence of mobile telephony provided a model for it, and subsequently having perused the original technical reports [21], [22], it seemed absolutely clear that here was a speci®cation language that would be even better than (S)CCS.However, no evidence of an association between the semantics of the π-calculus and the free-group has yet turned up.Further, in a private conversation (Alexis Donnelly, University of Dublin, Trinity College), we have been shown that it is all to easy to confuse the notation of the π-calculus with the a and ā of a free group.Therefore, it is pleasing to discover that Hennessy's recent work on ªa fully abstract denotational semantics for the π-calculusº [9,5] contains a concept of ªcommunication potentialº, viz., n? and n!, which suggests a possible way forward.In short, using the latter notation for the π-calculus may permit us to build an appropriate independent free group semantics for the communication.

Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems
In addressing the problem of the marriage of a model-theoretic method and a process algebra, a problem which has been tackled many times with a varied degree of success by others, viz., the marriage of CCS and VDM-SL [25], we have asked ourselves what sort of conceptual framework we needed in order to wed the algebra used in the Irish School of the VDM with that of, say, the SCCS or the π-calculus.Naturally, there was a notation issue; there always is.But more importantly, we wished to have a process, an extension of methods already in use, by which we might build models.In particular and to illustrate the sort of questions we ask ourselves, let us address the single issue of the origin or creation of symbols such as a and ā.From whence do they come?In what manner are they generated?
We shall proceed as follows.First we present a hypothesis which compares a distributed system to a chaotic system.It seems to be the right sort of setting or environment for what we have in mind.Second, we shall examine the nature of variables and anti-variables and present the appropriate mathematical framework.This provided the impetus for a device which we call the zipper, which proved to be extraordinarily fruitful.Third, we demonstrate how such variables and anti-variables are distributed across a system.Fourth, we introduce the (secondary) notion of time and its (uniquely) forward arrow.

Chaos HYPOTHESIS 2.1 A distributed system is inherently chaotic.
When we say that a distributed system is chaotic, we intend the word `chaotic' to have its current technical meaning in mathematics.Speci®cally, we shall associate chaos with a nonlinear system, that is to say, ªa set of nonlinear equations, which may be algebraic, functional, ordinary differential, partial differential, integral or a combination of theseº [5,1].In the title of the paper we have spoken about a ªdynamical distributed systemº and a dynamical system is ªused as a synonym of nonlinear systems when the nonlinear equations represent evolution of a solution with time or some variable like timeº [5,1].
Given that the intended domain of application is speci®cally a computing system then it seems reasonable to suppose that we will be using a system of nonlinear algebraic or functional equations.We will obtain the dynamics by using a `state-change' operator which in turn will allow us to derive time itself as a secondary notion.Now we shall attempt to justify the hypothesis.
• A ª®xed point is the analogue of an equilibrium point of a system of ordinary differential equationsº [5,68] and we know that minimum ®xed points are the solutions of the recursive equations by which we compute.
• The syntactic basis of our programming languages are given by context-free grammars and the recursive equations of a context free-grammar are nonlinear.
• In communication between two processes we are perfectly entitled to suppose that the messages are programs Á a la Java or TeleScript and such programs can only be interesting if they are words over a nonlinear system.Although a distributed system is per se chaotic, we expect to get useful results by applying certain kinds of controls such as protocols, paradigms of communication, etc.
But how are we to model such chaotic computing systems?At present we suppose that in the message-passing that takes place there are associated words over a free group, some of which are irreducible, i.e., of the form xyxȳ, xȳ xy, etc.This emphasis on the free group is justi®ed by two further observations: (i) it arises naturally as a generalization of the integers and the process of construction is precisely analogous to the behaviour of a pushdown automaton (to which we will provide a demonstration below) and (ii) it occurs naturally in describing paths in the general abstract spaces of algebraic topology.In fact, it was in perusing a paper of Whitney [26], Moscow 1935: Topology Moving Toward America, that the ®rst evidence of a practical geometrical approach to the use of formal methods began to emerge.Speci®cally, it was the following passage of Whitney which was responsible for the triggering.I mention just one crucial idea of Hopf: that of ªhomotopy boundaryº, λ, from which everything ¯owed: From a ®xed point P of K, choose a (simplicial) path to any 2-simplex σ 2 , go around its boundary, and back to P : BCS-FACS Northern Formal Methods Workshop, 1996

Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems
The key ideas seemed to be that (i) `paths are labelled with free group elements', i.e., words, and (ii) certain `nonreducible words have special signi®cance'.
But such lofty notions and putative theories do not suf®ce.It is also necessary to provide a mechanism, a means whereby the notions translate effectively into algorithms and, hence, into programming language constructs.As mentioned above, to the symbols of the free group, x and x, already corresponded the channel naming in CCS, and by extension, that of the π-calculus.This was already evident at the VDM'91 Conference in Noordwijkerhout.It was not until the FME'94 Conference in Barcelona that the next step was suggested and to that we now turn.

Variables and anti-variables
In their Barcelona paper on action systems Back and Sere [2] suggested that ªthe block notation [[var w := w 0 • S]] wraps up a number of different things into a single construct: (i) It associates the variables w with the statement S, (ii) it creates a new variable w on entry to the block, (iii) it initializes the variable w to w 0 , (iv) it hides the variable w from the environment, and ®nally, (v) it destroys the variable w on exit from the block.ºThey then proposed that in order to ªgain more ¯exibility in parallel composition, and in order to be able to model distributed systems in a realistic fashion,º they needed to deal with the different aspects of the block construct and generalize it in an appropriate fashion.
Instead of following through with their approach, their ideas of creation and destruction of variables prompted a different train of thought.That is to say, the idea of creation and destruction of a variable seemed to agree well with the notion of annihilation at the time of communication.Their paper prompted the sketch (Fig. 1) which was to have major in¯uence on subsequent developments.Speci®cally, it was hypothesized that the declaration of a variable, say x x x x x, would also immediately give rise to its opposite, x.Then the destruction of a variable would be accomplished by bringing it together again with its opposite.It was not clear at the time what sort of programming language constructs might be appropriate to capture this notion of the creation and destruction of a variable.What did seem evident was BCS-FACS Northern Formal Methods Workshop, 1996 that the diagram suggested points of contact with the world of physics, speci®cally of quantum phenomena, and the world of cosmology.But one ought not to consider oneself restricted to the creation and destruction of variables.It is clear that by extension one might envisage the creation and destruction of objects, processes, etc.
As a ®rst attempt to express the creation (i.e., variable declaration at the leftmost point of the ªbig bangº in Fig. 1), one might write where, again, the 1 denotes the empty word, i.e., nothing!Perhaps a better notation, in order to signify the separation of x and x, might be or even Supposing that such a pair, (x, x), would collapse in much the same way that an electron and positron would, we might write The notation is at present suggestive only.The next step was to ®nd a suitable mathematical basis to support the ideas and to broaden them so that they might be used to model real systems.The ªbig bangº sketch was originally a nice picture.However, when looked at sideways, it suggested the possibility of a zipper.

The Zipper Process
The idea of the zipper was simple.When `zipped up' the zipper closed, the opposites came together, and we had annihilation.In addition, the opened zipper suggested a railway siding and railways sidings were once used (and perhaps still are used) to explain stack machines, or pushdown automata.When ®rst used, the zipper was also purely diagrammatic and suggestive (Fig. 2).It was not until this year, 1996, that it was formalized.
Let Σ denote some alphabet of letters {a 1 , a 2 , . . ., a n }.Sequences of letters over Σ are called words and the space of such words is usually denoted by Σ .We denote the empty word by 1 and concatenation (•) by juxtaposition.The space of all words under concatenation is usually denoted by (Σ , •, 1) and is called the free monoid (over the alphabet Σ).
For convenience we denote letters of Σ and singleton words by letters at the start of the English alphabet: a, b, c, . . ., and other words by letters at the end of the alphabet: u, v, w.
By a zipper process, ζ : x → x, (Fig. 2) we construct the alphabet of formal inverses Σ = {ā 1 , . . ., ān }.The idea of using a zipper to denote the desired construction came from (a) the `mechanical device' so-named, and (b) from the big bang picture (Fig. 1) of the creation of a variable.With it we were able to construct, for example, the group of integers, (Z, +), from the monoid of natural numbers under addition, (N, +, 0) [16].We give here a brief sketch of this process.
For each natural number n, we construct its opposite ζ(n) = n.Then the operation of addition on N is extended such that n+ζ(n) = 0. Mathematically, there are some important issues yet to be addressed.First, it is clear that under the zipper process, we obtain a second zero element, ζ(0) = 0. Thus we have a monoid of opposite natural numbers, isomorphic to the original.
To obtain a single zero we must identify 0 and ζ(0) = 0.This is achieved by glueing them together.Such identi®cation (or glueing) is commonplace in topology [1].For example, one may construct an atlas of the world by glueing together different charts (Fig. 3).In passing we note that the glueing of the zeros above is essentially equivalent to the construction of a ®xed-point for the zipper: ζ(0) = 0.
To complete the construction of the integers by the zipper process we must now reverse the order on the left hand branch.We do not have space here to elaborate on the especial signi®cance of this reversal of order and of the uses of the zipper process to other spaces and their interpretations.
Let us now turn to the construction of the free group by zippering the free monoid.We have already obtained the formal inverses of letters.By extension, we construct inverse words: where we have already glued together the null word 1 and its opposite ζ(1) = 1.In addition, and in analogy to the construction of the integers, we must also reverse the order of letters.Thus, for the lexicographical ordering a < b, we have ā > b.It is this reversal property of the zipper which tells us that we are dealing with a construction which is `isomorphic' to the pushdown automaton.
Since the Irish School of the VDM is founded on a semantics of monoids and their morphisms [13], [14], then by BCS-FACS Northern Formal Methods Workshop, 1996 construction we have just demonstrated that the zipper function may be added to that base.Speci®cally, ζ is an antiisomorphism from the free monoid (Σ , •, 1) to the free monoid ( Σ , •, 1), where we identify the null word 1 with its formal inverse ζ(1) = 1: Note also that the zipper function, ζ, is a formal extension of the reverse anti-automorphism, , on the free monoid: If we now extend the de®nition of concatenation to include annihilation of words of the form xx = xx = 1, then the structure ((Σ ∪ Σ) , •, 1) is called the free group.Finally, for completeness, we extend the zipper function to the free group itself by de®ning ζ(ā) = ā = a.
Our hypothesis that the free group is the right mathematical basis for the modelling of communication is now considerably strengthened.
The work on the free group and the effectiveness of the zipper process led to some further astonishing results and exhibited some interesting points of contact with algebraic topology.In short a world of geometry of formal methods started to open up.We give one simple example of this development.

The len homomorphism
At a VDM meeting in Brussels, 20th April 1988, it had been postulated that the tail-recursive forms ψ w , for an arbitrary word w ∈ Σ which correspond to the Σ -homomorphisms (see [13]) for an arbitrary monoid (M, ⊕, u) are essentially generalized af®ne transformations.This hypothesis was the ®rst concrete point of contact between the algebra of constructive mathematics and a geometry.
Here we show that the correspondence is exact for the len homomorphism.Speci®cally, we show that there is a quotient group of tail-recursive forms which is isomorphic to a subgroup of the af®ne group of translations.
Denoting the len homomorphism by ψ we note that The corresponding constructive case is where F : e → 1.It may be shown ([13]) that the tail recursive form ψ w is connected to ψ(w) by the initialization and the tail-recursive form is de®ned by the equations The constructive case is given by BCS-FACS Northern Formal Methods Workshop, 1996 It is already clear that the tail-recursive forms form a monoid with the inner law given by and identity element ψ 1 .
When one inquires as to the actual value of the computation of the length of a non-null word w then ψ(w) = ψ w (0) where ψ w (m) is given by The form ψ w ↔ + /F w = n, n ∈ Z, is the composition of an iteration of F : e → 1 followed by a reduction with respect to addition.It is precisely the form of this result that suggests an af®ne transformation.
By zippering we showed how the free group may be obtained from the free monoid.Since both the integers Z = (N ∪ N, +) and the free group G = ((Σ ∪ Σ) , •) are zippered structures then it is reasonable to expect that for each tail-recursive form ψ w there is a corresponding (additive) inverse tail-recursive form ψ w = ψ w .(See Fig. 4).Such a tail recursive form `behaves' exactly like the natural logarithm.Let us now establish the geometrical connection.
An af®ne space may be thought of as ªordinaryº space [3,9].Speci®cally, it is very much like a vector space but without any particular point playing the role of origin.Now a vector space is de®ned over a ®eld.This is much too strong for our requirements.
Consequently we introduce the weaker, i.e., more abstract or general, structure of a (left) R-module for an arbitrary ring R [12,163].Now we are in a position to give a de®nition of a generalized af®ne space, basing our de®nition on that of Crampin and Pirani [3,9].

DEFINITION 3.1 [Generalized af®ne space]
A set A is called a generalized af®ne space modelled on the R-module M if there is a map called a generalized af®ne structure, A × M → A, denoted additively:

BCS-FACS Northern Formal Methods Workshop, 1996
Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems For the problem in hand we choose the af®ne space to be Z, the set of integers, and since Z is also a ring, then it will do nicely for our Z-module.
It is clear that the tail-recursive forms ψ w satisfy conditions (1) and ( 2) above.To satisfy (3) we must guarantee uniqueness.
Given two words v and w of the same length, say n, then we have the corresponding tail-recursive forms ψ v and ψ w .We construct the obvious natural equivalence relation on these forms, ψ v ≡ ψ w .To choose a representative for the equivalence class of all forms ψ w for which the word w has length n, we use the unique sort homomorphism, denoted by σ: where denotes merge sort [13].The extension of the sort homomorphism to the corresponding free group is obtained by imposing an ordering on the barred letters suggested directly by the zipper: . . .< c < b < a < a < b < c < . . .and directly in analogy to the ordering on the integers.
Then for the equivalence class of all tail-recursive forms ψ w such that ψ(w) = n, we choose the unique ψ σ(w) .Now it is easy to demonstrate that we have congruence.Speci®cally, for elements ψ σ(v) and ψ σ(w) we must show that the following sum is well-formed, ψ σ(v) + ψ σ(w) = ψ σ(vw) .By de®nition, we have ψ σ(v) = + /F σ(v) and ψ σ(w) = + /F σ(w).Hence The only interesting aspect of the proof is the observation that σ(vw) = σ(v) σ(w).Hence, we have constructed a subgroup of the group of tail-recursive forms which is isomorphic to the integers and we are almost done.A simple matter of inclusion Z → R does the rest.

Interlude
It took a long time between the statement of the original hypothesis that the tail-recursive form of the len homomorphism was essentially a translation of space (April 1988) and the assembly of the mathematics needed to establish and verify it (March 1996).There is now no doubt that this was possible only because we were prepared to review all of our basic assumptions about what constitutes constructive mathematics (not exactly the same as constructivism) and how classical mathematics has more to offer than we hitherto had suspected.
Clearly, the free group is an important keystone.Since a tail-recursive algorithm of the form ψ w is just a whileloop program on sequences or lists, then we have just demonstrated that not only do `negative' lists exist but also that the corresponding `negative' while-loop programs exist.Of course, to carry out the usual computations, we use the correspondence ψw = ψ w.In some sense we have `two parallel universes', suggested perhaps by the separation in Fig. 1.
When we analyze the method by which we obtained our result, then it is clear that much depends on the concept of the zipper.The zipper was simply a copying function which, in this case, doubled the initial alphabets, the double or copy of a letter being denoted by a barred letter.Such copying or doubling plays a critical role in the Markov algorithm

BCS-FACS Northern Formal Methods Workshop, 1996
Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems [17], [18] and we strongly suspect that there is much in the Theory of Markov Algorithms that we might yet use in attempting to grapple with the problem of the construction of an algebra based on the free group for the semantics of, say, communication in the π-calculus.
The idea of negative lists is not new.Just as the integers Z may be de®ned in terms of pairs of natural numbers N ⊕ N, so may `general ' lists be de®ned in terms of pairs of lists.
Historically, we began by considering pairs of the form (us, s), called difference lists and used to construct very ef®cient programs in PROLOG.Under the transformation (u, v) → uv the difference list (us, s) maps to to uss = u and the space of all such difference lists forms a monoid [13] under the product (us, s)(vt, t) = (uvts, ts) [Aside: In [13] the `intuitive' product (us, s)(vt, t) = (uvst, st) was given.Although a monoid of positive lists is thus determined, the product does not generalize.]If we use the equivalence relation (us, s) ≡ (uss, 1) then we can form the quotient monoid which is obviously isomorphic to the corresponding free monoid.The pair (u, 1) is the canonical representative of `positive' lists.
Similarly, pairs of the form (t, vt) which correspond to tvt = t tv = v, are clearly `negative lists'.The canonical representative is (1, v).For the inner law of composition of such negative lists we have

(s, us)(t, vt) = (st, vust)
There is a natural zipper function on positive lists, ζ : (us, s) → (s, us).It is clear that we can use this to demonstrate that the monoids of negative lists are isomorphic to the monoids of positive lists.The end result of all this algebra is simply that we have potentially a suitable implementation structure for all algorithms related to the free group.
The ®nal task was to ®nd an inner law of composition for completely arbitrary pairs (u, v) and (s, t).At ®rst we considered following the analogy of the formation of the integers out of the pair of monoids of natural numbers.All efforts to do so failed abysmally.Now we know why.Indeed, the following law of composition which we discovered in September 1996 and derived directly from the transformation (u, v) → uv, indicates that it is impossible (due to the occurrence of the negative list v) to achieve the desired result by `joining' the two monoids of positive and negative lists.In short, the inner law of composition of pairs of lists can only be carried out within the context of the square of a free group, i.e., the cartesian product of a free group with itself!Space prohibits us from elaborating upon this new development here.Instead we terminate the interlude and turn our attention to some of the other developments, however brie¯y, which add to the conceptual framework (of the dynamically distributed systems) which we are in the process of constructing.

Surgery and State Change
We wish to terminate this paper by showing very brie¯y in what way a fresh look at our assumptions underlying the Irish School of the VDM has contributed to some other very interesting mathematics and, consequently, to some of the new ideas on speci®cation techniques, with particular reference here to the theme of dynamically distributed systems.We begin with the relationship between total and `partial' functions.
The fundamental mathematical structure in computing is the monoid of the space of maps, thought of as `partial' functions, some of which are total, under the override operator:

Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems
For example, if we consider memory, µ, to be a mapping from variables (x ∈ X) to values (y ∈ Y ), then the usual meaning of assignment is given by where the variable x in the memory µ is overwritten with the value y.For convenience and mathematical generality, if x is not already present in µ then we agree that µ † [x → y] is to be interpreted as the extension of µ by [x → y].
The override operator must of necessity occur in any formal speci®cation language which deals with change of state, viz., VDM, Z, etc.
We may de®ne the override operator in terms of a cut operator, − , and a paste operator, , which are the usual removal and extension of maps, respectively.Thus the expression µ † [x → y] may be de®ned by and is interpreted to mean `cut or chop out the (old) x information from µ' and `paste in the (new) x information'.We can be said to be doing surgery on the memory µ and we choose the term surgery deliberately in order to tie the concept of override to algebraic topology [1,162].We also use the ªcut and pasteº phrase to indicate that there are applications of surgery/override on Apple Macs that are worth exploring.

The Totalizer
Given a map µ in the space X → Y , then the value of µ at x ∈ dom µ is denoted as usual by µ(x).There is never a question of attempting to evaluate µ at some point not in its domain.For convenience, we denote the subspace of total functions from X to Y by Y X .Thus for a total function µ ∈ Y X , µ(x) is always well-de®ned for all x ∈ X.
We frequently use inverse image maps in our speci®cations.The inverse image of µ ∈ X → Y is a map µ −1 ∈ Y → P X, where we are accustomed to use the prime to denote the exclusion of the null set (and more generally to indicate the `derivation' of the semi-group from its monoid).It is customary in mathematics to write µ −1 (y) = ∅ precisely when y is not in the domain of µ −1 and this con¯icts completely with our de®nition of map evaluation given above.For years we argued that there really was no problem.But consider the simple map µ Considering the latter as a map, then by de®nition µ(y) is meaningless if y = y.
The problem is completely resolved if one introduces a constant total function ∅ Y , which is essentially the constant ∅ Y = ∅, and which we will call the totalizer of µ −1 (Hughes, Private Communication 1995), (Mac an Airchinnigh, Private Communication 1996).Then consider the expression We consider this to be a constructive de®nition even though we have a total function ∅ Y on the left (of the override operator) and the whole function is total.The reason is simpleÐthe function on the left is a constant!Such a construction, to our surprise, has already been used by Fencott [7,64].Every partial function can be totalized in such a manner where the totalizer is a suitably chosen constant (function).Moreover, conceptually it is equivalent to the notion of the completion of a ®nite state machine and, thus, has a good pedigree within computing [6,31].In addition, the space of all strictly partial functions and the space of their totalized counterparts are isomorphic, a fact which can easily be demonstrated by a cone construction, to wit, let z be an element which does not occur in the space Y .Then for each strictly partial function µ ∈ X → Y we associate the cone κ ∈ X → Y {z}, where κ = (z X † µ).Inclusion of the total functions Y X shows that X → Y is isomorphic to X → Y {z}.

Variable distribution
We have not yet solved completely the problem of the distribution of variables and anti-variables.But we have made considerable progress.A distributed system is essentially a partition of some space and inverse images µ −1 give rise to partitions of the domains of the maps µ.So important is this relationship between map and partition that it has been BCS-FACS Northern Formal Methods Workshop, 1996 Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems accorded a special name in classical mathematicsÐthat of ®bre [12, 12±13].A very convenient analogy for a bundle of ®bres is that of Goldblatt [8].He likens it to a bunch of asparagus spears.Thus, at the root of each ®bre we have the y element.The head or spear is nothing more than µ −1 (y).There is more to the theory of ®bre bundles than asparagus spears!A terse overview is given by Schwartz [23, 57±64].
Clearly, we can envisage the construction of a suitable µ such that its ®bres give us a distribution of names.Let us consider a special case of this notion of ®bre bundle.A hash function h on words w ∈ W = Σ is, by de®nition, a total distribution function, a function which constructs partitions (Hughes, Private Communication 1996).Formally, h is an element of the total function space Z p W , which is a a subspace of W → Z p , where Z p is the group of integers modulo prime p.The ®bre over some j ∈ Z p , denoted h −1 (j), is nothing other than the set of words which hash to j. Hughes has developed a considerable amount of algebra based on this single concept of distribution.Although we have not yet worked out all the details of the application of the algebra to the distribution of names we feel that we are close.
But there is more.Already in 1993 we had discovered the existence of a family of monoids which were given the name `indexed monoids' [15].Essentially, from any monoid (M, * , e), called the base monoid, one could obtain the corresponding indexed monoid (X → M , , θ), where the new inner law, , was derived from the inner law of the base monoid: The de®nition was necessitated by the strict requirement that µ be evaluated at a point x in its domain.Thus, for example, did we obtain the monoid of bags as an indexed monoid of the natural numbers under addition.A more complete account of the indexed monoids is [11] and [4], the latter containing some exciting group-theoretical results based on the concept of the totalizer.
Now it is clear that if we have some monoidal structure X → PY which is inherent to an agent then we can construct a corresponding indexed monoidal structure A → (X → PY ) .This may be interpreted as a family of structures associated with a family of agents and thus, by virtue of the inherency, a necessary facet of a homogeneous distributed system.Further, there is clearly a direct relationship between the ®bre bundles and the indexed monoids.

Time
We turn now to the ®nal aspect of the conceptual framework which we wish to present, that of the problem of time.We have always felt uncomfortable with the ®tting of time to our speci®cations.No matter what we attempted, it always seemed unnatural.Moreover, the attempts of others seemed equally unnatural.In this year, 1996, two fortuitous events occurred.The ®rst we shall explain here.The second was a remark during the Trinity Week Symposium at the University of Dublin, Trinity College, Dublin (May 1996), that in quantum cosmology, time itself is considered to be a secondary concept, much as pressure and temperature are.This astonishing view of time accorded well with the mathematics that we began to develop in March 1996, most of which is due to Arthur Hughes.
Our starting point is the Hughes monoid of maps where M = X → Y , and α ∈ M is an atom, i.e., a singleton map, and M † α denotes the entire space of all maps µ † α for each µ ∈ M.There are |X||Y | atoms in the monoid M. The initially surprising thing about the Hughes monoid is that the identity element is α and not the customary null map.In addition, it is clear that the Hughes monoid is essentially a translation monoid.Let α = [x → y] be an atom in M. A coÈ atom of α in M is an element of the space of all atoms α = [x → y] in M where y = y.Let α denote a typical coÈ atom of α.Then α † α = α.This absorption property of an atom with respect to its coÈ atoms may also be BCS-FACS Northern Formal Methods Workshop, 1996 extended to the empty map, θ † α = α.Consequently, an atom `eats' both null map and its coÈ atoms.This prompts us to de®ne the concept of kernel of a Hughes monoid with respect to an atom α.

DEFINITION 4.2 [Kernel of a Hughes Monoid]
The kernel of a Hughes monoid with respect to an atom α ∈ M, denoted K α , is the set of all elements κ in M which are absorbed by α under override, i.e., such that κ † α = α This kernel, K α , is the ®bre over the identity element in the target monoid of the override homomorphism.This is the reason for calling it a kernel.It is easy to demonstrate that the Hughes monoid is isomorphic to ( − α M, †, θ), the monoid reduced by α.Let us de®ne where M 0 = M and α j is a suitable atom in M j .It may be demonstrated that with an appropriate choice of α j that M j approaches a total function in the limit, where no further change can take place.This limit corresponds to a steady state and the entire process seems to agree with the second law of thermodynamics!Naturally everything depends on the speci®c choice of the α j , j = 1, 2, . . . .But there is another way to view the entire process.Let us consider some µ and some α, chosen appropriately.Now let us compare µ and µ † α.We are accustomed to think that here we have an `update', a `state-change', both terms carrying strong connotations of time.But suppose that we were to posit the primacy of structures µ and µ † α? Then by de®nition of the above process there comes a point when no further change can take place.Moreover there are no cycles.We may interpret the process as a basis for the de®nition of time, one which agrees with the physics, and one which has only one (forward) direction!Now let us consider a space M which is subsequently distributed, i.e., indexed or partitioned.Let us choose the atom α and form µ † α for each µ in the system.The evolution of the system depends on the partition in which α lies.
Were one so bold as to assume that each partition was analogous to a representation of a galaxy or a star, then the process µ † α, would suggest that some galaxies or stars would `evolve faster' than others.More importantly the very arbitrariness of the choice of α with respect to the partition would also indicate that one could not know which was evolving faster than another!Surely this is relativity par excellence?

Epilogue
It is generally now well known that the Irish School of the VDM eschews formal logic and embraces classical algebra as the basis for the speci®cation of computing systems.Consequently, any proofs that must be carried out must conform to classical mathematics.Such a position, whilst in keeping with the view of mathematicians and engineers in general, should not be construed as a rejection of formal logic, or of the endeavours of other Schools of formal methods.Rather, we seek to attain the same goal by a different route.
In this paper we have set forth those ideas which constitute a part of the conceptual framework by which we view the reality of dynamically distributed systems.We do not construe the term `distributed system' in the ultra-narrow sense of a distributed system of processes.Rather do we conceive that much of physical reality is per se a collection of classes of distributed systems.
In proposing a new conceptual framework for modelling, we intended to propose a body of mathematics.Said body had to ®t the philosophy of constructive mathematics espoused by the Irish School of the VDM.We have already completely determined an engineering-oriented algebraic basis for the modelling of (data) structure with associated operations.We had long sought a compatible and complementary algebra for communications and behaviour.This paper gives a summary of our progress to date.

Acknowledgements
I gratefully acknowledge the advice and support of the members of the Formal Methods Group in the University of Dublin, Trinity College, who endured much of the material presented in this paper, and in particular I should like to BCS-FACS Northern Formal Methods Workshop, 1996 Towards a New Conceptual Framework for the Modelling of Dynamically Distributed Systems mention Dr. Claus Pahl who read a very early draft, Alexis Donnelly who cleared up some misconceptions of the πcalculus and Arthur Hughes who provided much of the innovative mathematics.Is it necessary to state that any errors within are entirely those of the author?
A particular note of thanks is due to the anonymous referees who fearlessly highlighted the obvious de®ciencies of an earlier draft.

Appendix
For convenience, we give here the de®nitions of those algebraic structures which are necessary for a proper understanding of the len homomorphism as translation.The de®nition of an af®ne space is taken from [3,9].All other de®nitions are from [12].

DEFINITION 6.1 [Af®ne space]
A set A is called an af®ne space modelled on the real vector space V if there is a map called an af®ne structure, A × V → A, denoted additively:

1x = x
For both the ring R and the Abelian group M we take the set of integers Z. Then the set of integers, Z, is a left Z-module under this de®nition.

Figure 1 :
Figure 1: The Big Bang idea

Figure 5 :
Figure 5: Points and displacements in an af®ne space

DEFINITION 4 . 1 [
Hughes Monoid] A Hughes monoid (M † α, †, α) is constructed from an arbitrary monoid of maps under surgery, (M, †, θ), by overriding all elements µ in M with respect to an atom α in M.

such that 1 .DEFINITION 6 . 2 [DEFINITION 6 . 3 [
(x + v) + w = x + (v + w) 2. x + 0 = x 3. for any pair of points x, x ∈ A there is a unique element of M, denoted x − x, such that x + (x − x) = x .Ring] A ring is a structure consisting of a non-empty set R together with two binary operations, + and • in R and two distinguished elements ), 1 ∈ R such that 1. (R, +, 0) is an Abelian group; 2. (R, •, 1) is a monoid; 3. The distributive laws a(b + c) = ab + ac (b + c)a = ba + ca hold for all a, b, c ∈ R. The set of integers, Z, is a ring.Left R-module] If R is a ring, a left R-module is an Abelian group M together with a map (a, x) → ax of R × M into M satisfying 1. a(x + y) = ax + ay 2. (a + b)x = ax + bx 3. (ab)x = a(bx)