Unified Mathematical Framework for Slicing and Symmetry Reduction over Event Structures

Nonclassical slicing and symmetry reduction can act as efficient structural abstract methods for pruning state space when dealing with verification problems. In this paper, we mainly address theoretical and algorithmic aspects for nonclassical slicing and symmetry reduction over prime event structures. We propose sliced and symmetric quotient reduction models of event structures and present their corresponding algorithms. To construct the underlying foundation of the proposed methodologies, we introduce strong and weak conflict concepts and a pair of mutually inverse operators and extend permutation group based symmetry notion of event structures. We have established a unified mathematical framework for slicing and symmetry reduction, and further investigated the translation, isomorphism, and equivalence relationship and other related basic facts from a theoretical point of view. The framework may provide useful guidance and theoretical exploration for overcoming verification challenges. This paper also demonstrates their practical applications by two cases.


Introduction
Generally, to detect whether a finite execution trace of a distributed program satisfies a given predicate, namely, predicate detection (a kind of verification problems), is a fundamental problem in asynchronous distributed systems.It has applications in many domains such as testing, debugging, and monitoring of distributed programs and it is also a powerful runtime verification method.
Unfortunately, predicate detection is NP complete [1] and suffers from the excessive size of the state space and the state explosion problem-the number of possible global states of the program increases exponentially owing to simple combination.
To deal with this problem, several useful reduction techniques have been suggested in succession for reducing the state space in recent years, such as partial order reduction and symmetric reduction methods [2][3][4].
On the one hand, the basic observation is that many distributed or concurrent systems exhibit a certain degree of symmetry, for example, a system composed of identical or isomorphic components whose identities are interchangeable from a verification point of view.This kind of structural symmetry in the system is also reflected in the full state space of the system.The main idea behind the symmetry reduction method is to figure out this symmetry and obtain a condensed state space which is typically much smaller than the full state space, but from which the same kind of properties of the system can be derived without unfolding the condensed state space to the full state space.Thus, it can be used to verify any property of the original model.
On the other hand, a slice of a system with respect to a criterion is a subsystem that only contains all the states of the original system that satisfy this specification.The advantage of this technique lies in the fact that the detection is performed only on the small part of the global state space which is of interest.In many cases, the slice is exponentially smaller than the original.In order to tangle predicate detection problem, nonclassical slicing technique, named computation slicing, as an abstraction mechanism, inspired by the classical program slicing of Weiser [5,6], was first proposed by Garg and Mittal [7].
For the majority predicate classes, the computation slicing algorithm has polynomial-time complexity and gains exponential reduction of state spaces.Computation slicing has been proved to be an efficient technique for pruning state space of predicate detection in distributed computation.Moreover, it has also been successfully applied to solve the problems of temporal properties verification in transaction level hardware descriptions such as PCI local bus protocol and the MSI (modified shared invalid) cache coherence protocol [6] in SoC (system on chip) systems and so forth.
Due to the restriction of partial order execution trace model [5,8], this approach has some limitations.Firstly, it is a runtime checking method and only checks a single partial execution trace once.It is not easy to obtain 100% path coverage even though this detection is performed multiple times.Thus, it is not suitable for exhaustive analysis by reasoning about all possible execution of the system model.Secondly, its underlying model is partially ordered set and it is not expressive enough to handle these models with explicit choice structures or conflicts.Because all the runtime traces do not contain any conflict information, it is not convenient to analyze the system under construction statically.
In this paper, we extend the notion of computation slicing from partial order traces to prime event structures with conflict.We propose a more general event structure slicing notion and a complete mathematical theoretical framework for computing the event structure slices.
The main idea is that a prime event structure can be viewed as such a system model consisting of several conflict-free substructures.These substructures themselves are in mutual weak conflict.Any of such conflict-free event substructures of a prime event structure acts as a partial order execution trace which can be sliced by traditional computation slicing algorithm.Based on this idea, we propose a partition approach to decompose a prime event structure into a group of conflict-free substructures equivalently.Each of these substructures can be sliced with respect to a given slicing criterion by the existing slicing algorithm and we can get a set of the sliced substructures.We have proved that these sliced results can be composed together and yield a new prime event structure by a so-called weak choice composition operation.We have shown that the newly generated prime event structure is the slicing result of the original prime event structure.Meanwhile, based on above partition, we can detect structural symmetry property and make symmetric reduction on each substructure of the original system.In additional, we also investigate the relationship between the symmetric reduction model and the original one.
The main contribution of our work can be summarized as follows.We introduced the slicing notion into the area ofevent structure and extended nonclassical computation slicing with conflict.We also proposed a unified mathematical framework as a common theory basis for event structure slicing and symmetry reduction.We also made a comparison between our event structure slicing and the traditional computation slicing and demonstrated the mathematical aspects of this framework.
The rest of this paper is structured as follows.Related work is discussed in Section 2. Section 3 introduces the notion of event structure and other basic definitions.Section 4 describes two core operators over event strictures.Slicing reduction derived from computation slicing will be discussed in Section 5. Symmetry reduction theory based on permutation group is reported in Section 6.The overall mathematical framework for event structure slicing and symmetry reduction will be provided in Section 7. In the last section, we make a short summary of our work.

Related Work
Regarding the slicing technique, the work in [5,6] proposed classical program slice idea firstly by Weiser.Given a program and a set of variables, a program slice consists of all statements in the program that may affect the value of the variables in the set at some given point.
During years after the program slice notion was proposed, a lot of work based on this notion had been performed.For example, in 1992, the notion of a slice has been also extended to distributed programs [9].In 2000, the notion of a nonclassical computation slice, which is very similar to the concept of a program slice, has been proposed.In work [7,10], computation slice over partial order traces was firstly investigated by Garg and Mittal, de Bakker et al.This computation slice notion is based on partial order traces model, which is a special case of event structure without conflict.
Event structure, as an true concurrency model [11][12][13][14][15][16], can be taken as an extension of partial order model.In concurrency theory, event structures constitute a major branch of concurrent models.These were initially developed as a link between Petri nets and Scott domain theory [17] and have since been extensively applied as a semantic model for process algebras, for example [18].
All the previous work [7,8,19,20] does not consider the case with conflict.Compared with them, our work is aimed to extend this slicing notion to the area of event structure.
On the other hand, as for symmetry reduction, the use of symmetry to reduce state space has been investigated widely by researchers.Technically speaking, symmetry in event structures [3,4] is similar to symmetry in model checking [2,21,22].In work [23], a category of event structures with symmetry was introduced and its categorical properties were investigated, while our work is relevant to the structural reduction via symmetry property over event structure model.
In our previous work [24], we have extended this technique to event structure area.In this paper, we will further investigate the common basis for both slicing and symmetry reduction over event structures and provide a unified framework.

Event Structure and Basic Definitions
In this section, we will introduce the notion of prime event structure [11,17,25,26] and the basic definitions we use throughout the paper.The prime event structure is firstly defined and other related key notions are introduced.Moreover, we focus on finite prime event structures only.
A prime event structure (for short, an event structure) represents a system in the following way: the action names are activities which the system may perform, an event labelled  ∈ A stands for a particular occurrence of an action,   ⪯   indicates that  cannot occur before  has, and   ♯  indicates that actions  and  can never occur together in one run.
The conflict inheritance property states that if an event  is in conflict with some event , then it is in conflict with all causal successors of .
From the causality relation, it is not difficult to derive a notion of causal independence: Let E denote the domain of prime event structures labelled over A and 0 = (0, 0, 0, 0) stand for the empty event structure.Generally, the components of an event structure E will be denoted by  E , ⪯ E , ♯ E , and  E , respectively.More specifically, E = ( E , ⪯ E , ♯ E ,  E ).If clear from the context, the index will be omitted; that is, E = (, ⪯, ♯, ) is also a valid form.
Additionally, for  ⊆  E , the restriction of E to  can be defined as Definition 3 (conflict-free event structure).An event structure E = ( E , ⪯ E , ♯ E ,  E ) ∈ E is called conflict-free event structure (denoted by , for short) if and only if its conflict relation is empty; that is, ♯ E = 0.
Let F denote the domain of conflict-free prime event structures.
In order to characterize the conflict relationship between two conflict-free event structures (or substructures of a prime event structure), we introduce the following basic definitions: strong conflict, weak conflict, and weak conflict event structure set (for short, weak conflict set).
More generally, for any The conflict-free event structures, F 1 and F 2 , are called weak conflict if and only if their event sets are in weak conflict; that is, for all Stated in words, it is not that each event of  F 1 is in conflict with each event of  F 2 , but there exists at least one conflicting event pair between  F 1 and  F 2 .
Basically, according to the previous definitions, strong conflict relation is a special case of weak conflict relation.

Operators over Event Structure
In this section, a pair of mutually inverse operators,  (conflict-free partition) and  (weak conflict composition), will be introduced and discussed.For any prime event structure E, partition and composition operation over it can be associated via its family of configurations.
4.1.Maximal Conflict-Free Partition.In fact, a prime event structure can be viewed as a system consisting of several substructures, which are conflict-free themselves.Such a conflict-free event substructure of a prime event structure represents a specific possible partial order execution trace via branching or nondeterministic choices.For any prime event structure, it is a certainty that we can get its maximal conflictfree substructures by some kind of conflict-free partition operation according to the characteristics of its conflict relation.
First of all, we give the definition of maximal conflict pattern for an event structure.The notion of maximal conflict pattern can make great contributions to accelerate the process of partition by avoiding unnecessary partition steps.We then provide the key partition algorithm for a prime event structure.
For any prime event structure, we can get these maximal conflict patterns by the following two steps: (1) casual successors expanding; (2) conflict pairs merging.
Firstly, due to the conflict inheritance property, we know that if event  is in conflict with event  then their casual successors are also in mutual conflict; that is, ∀ ∈ Succ(), ∀ ∈ Succ() : ♯ ⇒ ♯.
Let {} ♯ = {} ∪ Succ() and {} ♯ = {} ∪ Succ(); we have that {} ♯ and {} ♯ are in strong conflict if For example, for a prime event structure E, if ♯ E  and casual relations are and We also have that any nonempty subset of {} ♯ and any nonempty subset of {} ♯ are also in strong conflict.
Consider a prime event structure E ∈ E whose conflict relation has  ( ∈ N) conflict pairs.Expand each conflict relation with its successors according to the conflict inheritance property and we can get full conflict relation pairs: Secondly, for such a group of full conflict relation pairs obtained by the above steps, there may exist common elements among some pairs that can be merged together and form a maximal conflict pattern.For example, events  1 ,  Let  E = {I  ♯ E :   ♯    |  ∈ N, 1 ≤  ≤ } denote the maximal conflict pattern set of an event structure E.
For any prime event structure, it is a certainty that we can get its maximal conflict-free substructures by some kind of conflict-free partition operation according to its conflict relation characteristics: maximal conflict patterns.Thus, we have the following theorem for partition.Theorem 9.For any prime event structure, its maximal conflict-free partition exists and the partition result is unique.
If there is no conflict in  E , then  E itself is the maximal conflict-free event subset of E. Otherwise, for any nonempty event subset  ( ⊆  E ∧  ̸ = 0), and there exists such maximal conflict pattern In order to make a subset   of  (  ⊆ ) become conflict-free with respect to the conflict relation: Otherwise, apply the next maximal conflict pattern I +1 ♯ E ( ∈ N, 1 ≤  ≤ ) to all the previously obtained event subsets in the same manner.This partition process is continued until no conflict exists.
As we know, if each pattern of the maximal conflict patterns set has been applied just once by the above manner, then any consequent subset will be conflict-free and the partition process will stop.Meanwhile, there are 2  conflictfree subsets at most.
Because intersection of   and   (,  ∈ {, },  ̸ = , 1 ≤ ,  ≤ ) can be nonempty, thus the partition tree is not yet a full binary tree and set inclusion among these solution nodes is allowed.If some subsets are included by others, then they will be removed until every result subset cannot be included by others.It is not difficult to verify that every consequent subset is maximal and conflict-free.Exploiting these expanded fully conflict patterns to partition the event set  E step by step, we will eventually get all maximal conflictfree event subsets.That is, there exists a practical algorithm to implement the partition operation.Without loss of generality, let ⊘  denote such partition for the time being.
(2) Uniqueness.Assume we have   (E) distinct maximal conflict-free event subsets in total by partition ⊘  .These subsets form a set of , denoted by We might as well assume there is another partition ⊘  that generates the result set Consider any element of R  ; let   (1 ≤  ≤ ,  ∈ N) denote it.The relationship between an element   (1 ≤ ,  ≤   (E), ,  ∈ N) in R  and   satisfies the following. (1) We have known that   ∈ R  is maximal, and now event subset   is also a subset of  E and is in weak conflict with other event subsets except   .Moreover,   includes   .This case leads to a contradiction. ( The proof is similar to the above case (1).This case also leads to a contradiction.
Since   is also a subset of  E , thus, R   = { 1 ,  2 , . . .,   ,   |  =   (E)} is a valid set of .There are  + 1 subsets in this partition ⊘  .This is in contradiction with that there are The proof is similar to the above case (3.2).This case also leads to a contradiction.
Therefore, we are forced to have only ∃  ∈ R  :   =   ; that is, any element in R  is also an element in R  ; we get R  ⊆ R  ; in the same manner, we will get R  ⊆ R  .Thus, we have This establishes the uniqueness and also implies the partition result is independent of partition order or conflict pattern.
Therefore, we have the conclusion.
Then the result set can be represented as of the original prime event structure represents a specific possible execution choice in a system run.We might as well let  denote such an operator.Then, we have the following definition of this partition operator.

Definition 10 (conflict-free partition). An operator 𝑐𝑓𝑝 is called conflict-free partition operator for E ∈ E if and only if B 𝑚𝑐𝑓𝐸𝑆 (E) = 𝑐𝑓𝑝(E).
According to our previous discussion, we have C-like pseudocode descriptions: Algorithm 1 for .

Family of Configurations.
In general, the behavior of an event structure is described by its configurations which are sets of events with certain properties.In other words, a configuration is a set of events that have happened during a specific run of the event structure.
We will review the basic definition of configuration in the following section.More detailed information can be found in [26].
A configuration can also be viewed as a global state where all events in the configuration have occurred.The configuration of the event structure should be conflict-free because conflicting events can never happen in a system run.In addition, all casual predecessors of an event in Input: a prime event structure: E; Output: the set of : B  (E); BEGIN (1)  = 0;   = 1;   = 0;  = 0; (2)  = ( E , 1); Goto BUILDES; (7) } / * end if; * / / * Expand and merge each conflict pair and build maximal conflict patterns: Select a partition pattern:  a configuration should be contained in this configuration too; that is, configuration should be downwards closed; otherwise this event could not have happened at all.
That is, a subset  is a (finite) configuration of E if and only if it is finite, left-closed, and conflict-free.
The semantics of a prime event structure is defined as the family of its configurations ordered by set inclusion.Let (E) denote the family of all configurations of event structure E, which forms an ordered set (called prime algebraic coherent partial order; see [16]) by inclusion; that is, ((E), ⊆) is partial order.
For any prime event structure E, a configuration of E is maximal if and only if it is complete.Obviously, for any maximal configuration of a prime event structure, there exists a corresponding maximal conflict-free substructure set.An empty or initial configuration, denoted by 0 Conf ∈ (E), represents the initial state in which there is no event happened.
In general, initial configuration and complete configuration are also called trivial configurations, while others are called nontrivial configurations.
Similarly, we have the following configuration definition for conflict-free event structure.
Definition 13 (configuration of ).Let F = ( F , ⪯ F , 0,  F ) be a  and let  be a subset of  F ( ⊆  F ); then  is called a configuration of F if and only if  is left-closed; that is, ∀,  ∈  F ,  ∈  ∧  ⪯  ⇒  ∈ .
Since F ∈ F, its event subset is evidently conflict-free.Let Conf(F) denote the family of all configurations of conflict-free event structure F. Clearly, when F is the th : Definition 14 (subfamily of configurations).Let F ∈ be a  and let Ω (0 ̸ = Ω ⊆  F ) be a nonempty event subset; a subfamily of configurations of F with respect to event subset Ω is the family of configurations of its event substructure Clearly, for any

Lemma 15. The relation between the family of configurations of a prime event structure and that of its 𝑚𝑐𝑓𝐸𝑆𝑠 can be described by Conf𝐹
Proof.To prove the result of this lemma, we will show that (2) both hold.
(1) "⊆".For any configuration  ∈ Conf(E), since  is a configuration, by definition,  should be conflict-free.Thus  should be the subset of one of the maximal configurations.Otherwise, if  is greater than any maximal configuration, then  must contain mutual conflicting events; that is impossible.
Therefore, we have that there must exist a maximal configuration which contains .Such a maximal configuration corresponds to a maximal conflict-free event subset: We have )) ⊆ Conf(E).Therefore, from (1) and (2), we have the result.

Domains of Configurations.
In this section, we will discuss the concept of domain from the point of view that computation states are taken as such subsets and progress in a computation is measured by the occurrence of more events.
Firstly, we will recall some related conceptions regarding domain [16,27].Then, some important facts will be discussed.
Evidently, event structures and coherent, finitary prime algebraic domains are equivalent; one can be used to represent the other.
The following theorem describes the important property of family of configurations of a prime event structure.

Theorem 25. For any nonempty
Proof.The proof is straightforward.
Thus prime event structure and finitary coherent prime algebraic domain are equivalent; this implies that there is a one-to-one correspondence between a prime event structure and its family of configurations; one can be used to represent the other.

Weak Choice Composition.
Theorem 23 describes an important property between the domains of configurations of prime event structures and the prime event structures themselves.
We can obtain a full set of  from a prime event structure by applying  operator over it.Conversely, given a full set of  of an event structure, we can certainly recover the original event structure that generates this set of  by some kind of composition operation.
Further, for any weak conflict set, we give the constraint conditions, under which this weak conflict set can be composed together and form a prime event structure that can generate this set by conflict-free partition operation.
The following theorem discusses the constraint conditions for composition.
Theorem 26 (necessary and sufficient condition for composition).For any weak conflict set WF   = {F  ∈ F | ,  ∈ N, 1 ≤  ≤ }, if it satisfies the following conditions: ( 1) and ( 2), then there exists a unique prime event structure E ∈ E prime that can generate this set by  partition operation; that is, ( ) is a finitary coherent prime algebraic domain.
Proof.On one hand, the intersection of event sets of any two  is nonempty meaning that common events have happened from both event structures.By definition, if these events represent common global states in runs of a system described by the same prime event structure with multiple choices, they should behave identically.That is, their configurations with respect to the intersection of event set should be identical.
In addition, from Theorems 23 and 24, the family of configurations of a prime event structure ordered by set inclusion should be a finitary coherent prime algebraic domain.
Thus, we have the necessary condition for composition.On the other hand, from Theorems 23 and 24, we have that there is a one-to-one correspondence between a prime event structure and its family of configurations.Given a valid family of configurations for prime event structure, then there should exist a corresponding prime event structure.
For any weak conflict set: by joining can form a valid family of configurations for a prime event structure, that is, ⋃ 1≤≤ (F  ) forms a ordered by set inclusion, then there should exist such a unique prime event structure E that (E) = ⋃ 1≤≤ (F  ).
Therefore, we get the necessary and sufficient condition for composition.
Obviously, the set B  (E) of a prime event structure satisfies the above condition.Clearly, this implies that there must exists a composition operation which can construct the target event structure E from a weak conflict set that satisfies the constraint conditions.We may as well let  denote the operator.Thus, we have the following definition.
Definition 27 (weak choice composition ( operator)).Let WF   be a weak conflict set, which satisfies necessary and sufficient conditions for composition; an operator  is called weak choice composition operator if and only if the result event structure R = (WF   ) and R satisfies the following: The following theorem states that the operator  and  are mutually inverse for a prime event structure.
Proof.The proof is straightforward.
Obviously, it is not difficult to derive an algorithm for weak conflict composition operator from Definition 27 and Theorem 28.

Slicing Reduction
In this section, we will discuss slicing reduction technique for partial order trace or prime event structure.Slicing is often taken as an effective abstract technique to combat the state explosion problem.A slicing algorithm for event structure with respect to predicates in a subset of temporal logic formulas is studied.Specially, we focus on statically analyzing rather than online detecting over event structure model.
First of all, we will retrospect the classical notion of computation slicing for partial order traces.Then, we will extend the idea from partial order traces to prime event structures with conflict relations.Additionally, all related definitions and theorems [18,19,28] for our theory will be discussed.

Partial Order Trace Slicing. Computation slicing was introduced in [7] as an abstraction technique for analyzing partial order traces of distributed programs or distributed computations.
Generally, for classical program slicing, programs are sliced with respect to a slicing criterion that is an interested point for analyzing.In static program slicing, for example, "a program line number" can be taken as a valid slicing criterion.Thus, in order to compute a slice, we need to firstly define the slicing criterion.
Intuitively, a slice of a trace with respect to a temporal logic specification or a predicate (slicing criterion)  is a subtrace that contains all the states of the trace that satisfy .A slice contains all the states that satisfy  such that it can be computed efficiently and is often much smaller than the original model.
We can use directed graphs to model partial order (execution) traces (POTs, for short) as well as slices.Thus, a notion named graph ideal (or order ideal) of directed graph [29] is introduced to specify partial order traces and slices pictorially.Formally, its definition is given as follows.Definition 29 (order ideal).Given a poset (, ≤), (≤ denotes an order relation) a subset  of  is an order ideal if it satisfies ∀,  : ,  ∈  : ( ∈ ) ∧ ( ≤ ) ⇒ ( ∈ ).
Definition 30 (graph ideal).Given a directed graph  = (, Γ), let () and Γ() denote the set of vertices with event labels and directed edges, respectively.A subgraph It is more convenient to use directed graphs to represent partially ordered sets and prime event structures for slicing computation.It satisfies the following.
(1) For any event  and  of E, if  ⪯ , then there is directed edge from the vertex V  labelled with  to the vertex V  labelled with .
(2) For any event  and  of E, if ♯, then there is dash line between the vertex V  labelled with  to the vertex V  labelled with .
For example, as shown in Figure 1, a partial order trace or a  is demonstrated pictorially.The corresponding event structure for Figure 1 is as follows.
(i) E = ( E , ⪯ E , ♯ E ,  E ), ( = {, , , }). (1) In addition, when attempting to construct the graph representation of , as Figure 1 shows, two specific vertexes ⊤ and ⊥ will be added as initial state and terminal state corresponding to initial configuration and maximal configuration, respectively.
A subset of elements forms an order ideal if whenever an element is contained in the subset then all its preceding elements are also contained in the subset.Intuitively, order ideals or left-closed subsets can be graphically represented by graph ideals.Generally, independency relation will not be represented explicitly.It is not difficult to have that partial order trace is only a special case of prime event structure with no conflict relations.Here, graph ideal is a notion equivalent to the configuration of an event structure.Empty set and the set of all vertices are called trivial ideal.Similarly, initial configuration and complete configuration are also called trivial configurations.
Definition 31 (predicate on configuration).Intuitively, a logic formula or predicate is a Boolean-valued function defined on the set of configurations:  : Conf(E) → {0, 1}.It actually represents a subset of configurations in which the Boolean function evaluates to 1.
The predicate detection problem is to decide whether the initial configuration of an event structure satisfies a predicate.More formally, we have the following definition.
Definition 32 (predicate detection).For any prime event structure E and any predicate , predicate detection is to decide whether Conf(E), {⊥} ⊨  holds or not.
Predicates are used to specify system behaviors and properties such as safety and liveness.Properties expressed by a CTL (computational tree logic, introduced in [30]) formula are beyond the scope of this paper.For evaluating the value of a predicate efficiently, various predicate classes [28] such as conjunctive, stable, observer-independent, linear, relational, and nontemporal regular [7] predicates have been defined.
Generally, predicate on configurations will act as the slicing criterion for POTs slicing.This formal definition is derived from computation slice notion [7] given by Garg and Mittal.Meanwhile, existence and uniqueness of the  slice have also been discussed; that is, the following theorem holds.

Theorem 34.
For any E max  ( ∈ , 1 ≤  ≤  E ) of a prime event structure and any predicate , the slice of with respect to predicate , that is, slice(E max  , ) exists and is unique.
In general, the family of configurations for a  forms a distributed lattice, and its slice with respect to a predicate is a sublattice.Sometimes a slice may contain those configurations that do not satisfy the predicate for completing sublattice.
In the next section, we will discuss the slicing definition and model for prime event structure.

Sliced Model over Event
Structure.Generally, predicate on configurations acts as the slicing criterion for prime event structure slicing.Temporal regular predicate, such as a regular subset of CTL called RCTL [7,8,29], which contains four temporal operators EF, AG, EG, and EX[j], and nontemporal regular predicates both can also be taken as the slicing criterions.
Compared with the definition of slice of , we have a similar case for prime event structure.
Definition 35 (slice of prime event structure).A slice of a prime event structure with respect to a formula , denoted by (E, ), is such an event structure that satisfies the following.
(i) Its family of configurations contains all the configurations that satisfy .(ii) Its family of configurations has the least number of configurations.
Generally, a slice may contain configurations that do not satisfy the given predicate.The slice of an event structure with respect to a predicate is called lean [32] if every configuration of the slice satisfies the predicate.
Proof. ( 1) Existence and Uniqueness.From Theorem 34, we have that, for any E max  ( ∈ , 1 ≤  ≤  E ) of a prime event structure E and any predicate , its slice with respect to predicate  exists and is unique.
For any , the family of configuration of slice(E max  , ) is a distributed lattice and is unique.
E is also unique and (⋃ C E , ⊆) is a finitary coherent prime algebraic domain.
Next, we show that the slicing operation will keep the second part of necessary and sufficient condition for composition.
For ).This means that, for any two , if their intersection is nonempty, no matter which part of the intersection belongs to the slice, after slicing, the necessary and sufficient condition for composition will be still satisfied.
Thus, we get that ⋃ C E is a valid family of configurations for prime event structures; there should exist such a unique prime event structure  ∈ E that satisfies Conf() = ⋃ C E .We can get  by applying  to the corresponding event structures of ⋃ C E .Therefore, the existence and uniqueness for event structure slicing have been established.We will then prove that the prime event structure  is the ultimate result of slicing.
(2) Satisfactoriness and Minimality.On the one hand, for any configuration  of event structure E that makes predicate  hold, that is,  ∈ Conf(Slice(E, )), there must be a : E max  so that  ∈ Conf(Slice(E, )); let C  = Conf(slice(E max  , )), because C  contains all the configurations of event structure E max  that make predicate  hold.We have that  must be contained by C  ; that is,  ∈ C  .
We get  ∈ Conf(Slice(E, )) ⇒  ∈ ⋃ C E .Further, we get Conf(Slice(E, )) ⊆ ⋃ C E .On the other hand, for any configuration  ∈ ⋃ C E , we get  ∈ Conf(E) and  can make predicate  hold; then  ∈ Conf(Slice(E)) must hold.Thus, we get That is, ⋃ C E ⊆ Conf(Slice(E, )).Therefore, we have ⋃ C E = Conf(Slice(E, )).Thus, we get that Slice(E, ) = .Moreover, by the definition of slice of maximal conflictfree event substructure, we have that, for any E max  ( ∈ N, 1 ≤  ≤  E ), the corresponding slice(E max  , ) contains the least number of configurations that satisfy the given predicate ; we then have that ⋃ C E = Conf(Slice(E, )) also contains the least number of configurations satisfying this specification.Thus, satisfactoriness and minimality both hold.
Consequently, from both (1) and (2), we conclude that the theorem holds.

Slicing Reduction Algorithm.
In this section, we will present an approach for event structure slice computing.The slicing algorithm for a prime event structure or its  with respect to regular predicates is based on the Adding Edges Theorem (see [8,20,31,33]).
In fact, by the following theorem, these lattices will never be actually constructed in the slicing process for efficiency.
The configurations do not satisfy the predicate but still can be included to complete the sublattice.
Given a distributive lattice  generated by a graph , every sublattice of  can be generated by a graph obtained by adding edges to .The following theorem holds.
Theorem 37 (Adding Edges Theorem).Let   be any sublattice of a finite distributive lattice  generated by the directed graph .Then, there exists a graph   that can be obtained by adding edges to (removing vertices from)  that generates   .
For any prime event structure, we can get the slices of its  by applying the Adding Edges Theorem.These slices can be composed by  to form a new prime event structure which is the target slice of the original event structure.This approach is less general but results in more efficient detection algorithms for a special class of predicates.Note that we will never actually construct the lattice or family of configurations of the event structure due to efficiency.
Garg and Mittal have presented an efficient algorithm slice(, ) [8,28] based on graphical representation  to compute the slice of POTs (or conflict-free event structures) with respect to a predicate .The algorithm adopts the principle of the Adding Edges Theorem and can produce a sliced graph representation.Especially, we have  = slice(, true) for predicate  = true itself.
We extend the idea and algorithm to more general models and provide an algorithm for slicing the  and the original prime event structure.Thus, we have Algorithm 2 to compute the slice of conflict-free event structure.
For a prime event structure with conflict relations, we have to apply  operator to get (E) maximal conflict-free event substructures and each of them can be sliced by slice.Then, the set consisting of each sliced result can be composed together by  to construct a new event structure.This new event structure will be the sliced result.
Thus, we can derive Algorithm 3 to compute the slice of a prime event structure.
Because the set of the slices of  may no longer keep the weak conflict relation which exists in the original .
Therefore, after slice((E), ) operation is performed, the relation among these slices can be one of the following cases: (1) strong conflict; (2) conflict-free; (3) weak conflict; (4) hybrid of weak conflict and conflict-free; (5) hybrid of weak conflict and strong conflict; (6) hybrid of strong conflict, weak conflict, and conflictfree.
In case of (1), (3), and ( 5), the operation  can be performed directly.But in case of (2), (4), and (6), we have to add some events in order to make the result set of slices still be able to form a valid weak conflict set at the end of process.
For temporal predicates [8], such as ,  and  can be computed by slice(, ()), slice(, ()), and slice(, ()), respectively.From the definition of a slice, we know that every configuration of a slice slice(E, ) is also a configuration of E.
Clearly, the following two corollaries hold.

Corollary 38. (1) For any prime event structure
Similarly for , the following holds.

Case Study for Slicing Reduction.
In this section, we will give an example to illustrate the prime event structure slice notion and its computing process.
Consider a prime event structure: E = ( E , ≤ E , ♯ E ,  E ), as shown in Figure 2. The components are described as follows: (1) event set:      The configurations that satisfy the predicate are labelled with frames.In fact, these configurations are only used to describe relationship between original event structure and its slice graphically; in general, they will never be actually constructed in the slicing algorithm for efficiency.
The families of configurations of the slices of E 1 and E 2 with respect to the predicate { = −2 ≤ ( −  + ) < 2} are shown in Figures 6(1) and 6(2), respectively.It can be verified that both Conf(E 1 ) and Conf(E 2 ) form distributed lattices.These configurations of the slices are exactly the ones that satisfy the given predicate in the family of configurations of the original event structure.Figure 7 shows the family of configurations constructed by applying ∪ operation to the families of configurations of all slices.
Finally, in Figure 8, the slice of E 1 and the slice of E 2 are combined into the slice of E by  operator, as expected.
To illustrate the benefit of predicate detection by using slicing reduction as shown in above example, consider the states in Figure 3 again.
Let { = −2 ≤ ( −  + ) < 2} be the predicate to be checked, and suppose we want to detect whether () holds or not; that is, there exists a global state that satisfies .Without slicing reduction applied, we are forced to examine all global states, 15 states in total as shown in Figure 3, to decide whether the traces satisfy the predicate.
Alternatively, we can compute the slice via slicing reduction technique with respect to the regular temporal predicate and use this slice for predicate detection.
For this purpose, firstly, we compute the slice with respect to  and the slice is shown in Figure 7.
Finally, we check whether the initial state is the same as the initial state of the slice and decide whether the predicate is satisfied or not.
The slice contains only 9 states and has much fewer states than the original traces itself.Generally, it is exponentially smaller in many cases and this can result in substantial savings.

Symmetry Reduction
Finite state systems frequently exhibit symmetry which can be found in memories, caches, register files, bus protocols, and anything that has a lot of replicated structures.The use of symmetry to reduce state space has been investigated widely by researchers [2,3,15,22,23].
In this section, we will discuss symmetry properties over prime event structures.Symmetry in an event structure implies the existence of nontrivial permutation groups that preserve both the events labelling and all relations of causal dependence and independence that exist between events.We start by introducing some notions of group theory.
6.1.Automorphism Groups.We know that the set of all permutation on a set forms a permutation group under functional composition.A permutation group over a finite set  consists of bijections,  → , and their compositions as the binary operations.
Definition 40 (permutation group).Let  be a finite set; a permutation of  is a bijection from  to itself.Then,   := { :  →  |   }; that is, the family of all the permutations of the set , denoted by   , forms a group called the symmetric group on .For any bijection  ∈   is called a permutation.Any subgroup of is called a permutation group on .
Obviously, a symmetric group is a special permutation group.A permutation group over a set has good properties; specially, it can induce an equivalence relation.The equivalence classes of an equivalence relation on a set can form a partition of this set.Thus, for a set , if there exists a permutation group on the set , the permutation group can induce a partition of the set .We can easily check this property.
In this paper, permutation groups are used to partition the set of events in an event structure so that we use equivalence classes (orbits) of events to investigate symmetry in this event structure.
Definition 42 (automorphism group).A permutation group  is called an automorphism group for the event structure E (E = (, ⪯, ♯, ) ∈ E) if and only if every permutation  ∈  is an automorphism of E.

Quotient Model of an Event
Structure.The symmetric quotient model for an event structure is a structural reduced model.
Let  be a permutation group acting on the set  and  ∈ ; then the orbit of  is the set () = { | ∃ ∈  : () = }.From each orbit () we pick a representative that is called rep(()).Intuitively, the quotient model can be obtained by collapsing all the events to orbits.
Definition 43 (symmetric quotient model).Let E = (, ⪯ , ♯, ) ∈ E and let  be an automorphism group on the event set  of the event structure E. The symmetric quotient model E  = (  , ⪯  , ♯  ,   ) is defined as follows.
(1) The event set is   = {() |  ∈ }, the set of orbits of the events in .
We then say that  is an invariant under .Thus, if  is an invariance group for all actions in the action set Act of E and E  is the symmetric quotient model for E; we can directly have ∀ ∈ Act,  ∈  : () ⇔   (()) = (rep(()) = .
From the above definition, we have that the symmetric quotient model is still a prime event structure and preserves all the causal dependence and independence relations of the original, but the conflict relations are reduced.Note that every two different events in an orbit are exactly in conflict with each other.The quotient model can preserve all the behavior of the original one.

Symmetry Reduction Algorithm.
Based on previous discussion, we have Algorithm 4 for symmetry reduction.In this algorithm, replicated substructure will be removed and only one copy will be kept.
Firstly,  operator will be applied on a given event structure to get a set of conflict-free substructures.
Then, for any two elements of them, a checking procedure will be performed to remove the redundant one.
Finally,  will be applied on the substructure set to get the reduced model.Detailed pseudocode description is shown in Algorithm 4.

An Example for Symmetry Reduction.
In this section, an example will be discussed to demonstrate the reduction process based on Algorithm 4.
The example of a prime event structure E with five events ( 1 ,  2 ,  3 ,  4 , and  5 ) and its semantics in terms of families of configurations is given in Figures 9(1) and 9(2), respectively.
We can get weak conflict set of the event structure E by  operator as follows: (E) = {E 1 , E 2 , E 3 }, where (4) Thus, we have  1 ♯   2 ,  1 ♯   3 , and By definition, we have that E 1 and E 2 are symmetric.According to the symmetry reduction algorithm, we will remove replicated events but keep the common or representation ones.The substructure E 2 is removed.The resulted substructure set consists of two elements: E 1 and E 3 , because E 1 and E 3 are weak conflict sets of E and  operator can be applied on them to construct a new event structure: E  = (E 1 , E 3 ).Thus, the symmetric reduced event structure can be described by Figure 11.
To illustrate the advantage for properties checking by using symmetry reduction as shown in the above example, consider the states in Figure 9, 9 states in total.
Suppose we want to check whether a property () holds or not; that is, there exists a global state that satisfies .Without symmetry reduction applied, we have to examine all global states, 9 states in total.But with symmetry reduction, as shown in Figure 11 or Figure 10 to decide whether the property holds, only 7 states should be checked and a considerable saving can be achieved.

Mathematical Framework
In this section, we will provide a unified mathematical framework for slicing and symmetry reduction based on  and  operators.
Firstly, we will review some basic definitions in this section.Here, we refer the reader to [14] for details.Next, we will introduce the single action transitions [3] for event structures.Finally, we will discuss the related theories for slicing and symmetric reduction and establish the unified framework.

Basic Definitions
Definition 44.For any event structure In fact, L[F] is the partial order of left-closed and conflict-free subsets of  E ordered by set inclusion.
(1) Isomorphism and Equivalence.We are concerned with the translation of concepts and ideas from one side to the other.
The following theorems hold.Clearly, from Theorems 50 and 51, we have the following.
(1) For any prime event structure E, we have that (2) Similarly, for any partial order  = (, ⊑),  is a prime algebraic complete lattice or a finitary coherent prime algebraic domain; we have that From Theorems 23, 24, and 25, we have that conflictfree event structures and prime algebraic complete lattices are equivalent; this implies that there is a one-to-one correspondence between a prime event structure and its family of configurations.Similarly, prime event structures and finitary coherent prime algebraic domains are also equivalent; one can be used to represent the other.
(2) Mutual Inverse Operation.For any prime event structure,  and  are mutually inverse operators.
We can get the full set of maximal conflict-free substructures of a prime event structure by  operator.Conversely, given the full set of maximal conflict-free substructures of the prime event structure, we can recover the original prime event structure by  operator.
(3) Slicing Reduction.Firstly, compared with traditional computation slicing, Figure 12 demonstrates the translation between a conflict-free event structure (or its slice) and prime algebraic complete lattice.This forms the theoretical basis of computation slicing technique proposed by Garg and Mittal, Sen [7,20].
Secondly, Figure 12 also demonstrates the translation between a prime event structure (or its slice) and finitary coherent prime algebraic domain, which serves as the theoretical basis of our event structure slicing with conflict.A pair of mutually inverse operators,  and , act as a link between the two parts.
Thirdly, the slice of a prime event structure can be computed by the following steps: (1) applying  operator to partition the original prime event structure into a full set of maximal conflict-free substructures; (2) for each maximal conflict-free substructure, applying traditional computation slicing algorithm based on Adding Edges Theorem [7,8,20] over its directed graph representation to compute the slice with respect to the given predicate; (3) applying  operator to compose the resulted slices in above step (2) and form a new prime event structure, while the generated event structure is the slice of the original prime event structure.
(4) Symmetry Reduction.Operators  and  can also play an important role in symmetry reduction.Symmetry reduction of a prime event structure can be performed by the following steps: (1) applying  operator to partition the original prime event structure into a full set of maximal conflict-free substructures; (2) checking automorphism among the produced substructures and checking causal relation and action set; (3) removing duplicated substructure and applying  operator to compose the resulted structure to form a newly generated prime event structure, which will be symmetry reduced prime event structure.
(5) Trace Equivalence.The relation between original event structure and its quotient model can be specified by Theorems 52 and 53 (See [3]).
Theorem 52.Let E ∈ E and E  be quotient structure of E; then E  ≈  E.
Theorem 53.Let E ∈ E and let E  be the symmetric quotient model for E. Then E≃  E  .
Generally, given an event structure E, in fact, its behavior is exhibited by the labelled transition system (LTS, for short) LTS E = {Conf(E), t E ,  E , 0}, where (1) the configurations Conf(E) are states; (2) the set of labels is the set of actions t E ; (3) the transitions  E are single action transitions between every two configurations of E; namely,  E ⊆ Conf(E) × t E × Conf(E); (4) the initial configuration (the empty set 0) is the initial state.
The above equivalence is based on labelled transition systems whose transitions are single action transitions.As shown in Figure 12, we construct labelled transition system for prime event structure and its quotient model, we will have that their LTSs are interleaving bisimulation and interleave trace equivalence also.Therefore, the following corollary holds.
Corollary 54.Let E ∈ E and E  let be the symmetric quotient model for E. If  = (Conf(E), Act, → E , 0) and   = (Conf(E  ), , → E  , 0) are induced from E and E  , respectively, then ≈    and ≈    hold.
Evidently, we have the following theorems.
Theorem 55.For any E ∈ E, its symmetric quotient model E  and symmetric reduced model E  are isomorphism; that is, Proof.It is not difficult to prove it by constructing a bijection between the events and their orbits.
Theorem 56.For any E ∈ E, its symmetric reduced model E  is a substructure of E; that is, E  ⊲ E.
Proof.The proof is straightforward.
(6) Technique Combination.Symmetry reduction technique is orthogonal to slicing reduction and can be used in conjunction with slicing.Thus, it is easy to have the following result.
Proof.The proof is straightforward.

Conclusion
In this paper, we presented a unified mathematical framework for event structure slicing and symmetric reduction.We described the equivalent relationship between original event structure and its maximal conflict-free event substructures.We proposed two mutually inverse operators: conflict-free partition operator and weak choice composition operator.Both symmetry reduction and slicing reduction can be performed by this pair of operators.We also investigated the related properties, translations, and correspondences between event structures and domains.Essentially, slicing over event structure is a high level extension to the traditional computation slicing based on the model with conflict.
Slicing technique can make the verification of program behavior easier by reducing the size of the state space to be analyzed.Symmetry reduce is another powerful structural reduction technique that can also be applied to narrow down state space.Both quotient model and sliced model produced by reduction are often much smaller than the original model.The consequential model can be used to significantly improve the effectiveness of property verification of the original model.
In future work, on the one hand, we will extend our work to other more complicated event structure models, such as flow event structure [34] and bundle event structure [35,36].On the other hand, we hope to implement and test our approach on various verification tools in practice.In addition, we would like to exploit more possible applications and theories.

Figure 1 :
Figure 1: Partial order trace and its directed graph representation.

Definition 33 (
slice of (POTs)).A slice of a (POTs): E max  ( ∈ N, 1 ≤  ≤  E ) of prime event structure E with respect to a formula , denoted by slice(E max  , ), is such an event structure that satisfies the following.(i) Its family of configurations contains all the configurations that satisfy .(ii) Its family of configurations has the least number of configurations and still forms a sublattice.

Figure 3 :
Figure 3: Family of configurations of E.

Figure 6 :
Figure 6: Subfamilies of configurations of the slices.

Figure 7 :
Figure 7: Subfamily of configurations of the slice.

Figure 8 :
Figure 8: Slice model with respect to .

Figure 9 :
Figure 9: An event structure and its family of configurations.
The conflict relation between  1 ( 1 ⊆  F 1 and  1 ̸ = 0) and  2 ( 2 ⊆  F 2 and  2 ̸ = 0) is called strong conflict if and only if for all  ∈  1 ,  ∈  2 : ♯, denoted by  1 ♯   2 .F 1 and F 2 are called strong conflict if and only if their event sets are in mutually strong conflict, that is, for all and only if for all  ∈   1 ,  ∈   2 : ♯, denoted by   1 ♯    2 .That is, each of   1 is in conflict with each of   2 and the existence of conflict relation in   1 or   2 is allowed.
that is, for any nonempty event subset   (  ⊆ ) and any predicate , if any configuration of   satisfies , that is,   is the common part of both slices of E max

E
is called a single action transition if and only if  ∈ , ,   ∈ Conf(E),  ⊆   and there exists an event  such that   −  =  with  E () = .  indicates that in the event structure the state represented by the configuration  may evolve into a state represented by the configuration by performing Input: a prime event structure E; Output: the reduced model of the event structure: E  ; BEGIN (1)  = 0;  = 1;  = 0;  = 0; B = 0; / * Step One: partition via  operator, we will get all maximal conflict-free sub-structure of an event structure * /   (  ) = { ∈  | ∃ ∈   : () = } / * : checking two sets are are identical or not * / / * ||: the element amount of the set  * / / * Step Two-2: checking their action sets are identical or not * / (8) if ((|  (  | ̸ = |  (  )|) ‖ (  (  ),   (  )) { → Definition 49 (interleaving bisimulation equivalent).Let E 1 , E 2 ∈ E. E 1 and E 2 are called interleaving bisimulation equivalent (E 1 ≈  E 2 ) if and only if there exists an interleaving bisimulation between E 1 and E 2 .