# On Decidability of the Bisimilarity on Higher-order Processes with Parameterization

Higher-order processes with parameterization are capable of abstraction and application (migrated from the lambda-calculus), and thus are computationally more expressive. For the minimal higher-order concurrency, it is well-known that the strong bisimilarity (i.e., the strong bisimulation equality) is decidable in absence of parameterization. By contrast, whether the strong bisimilarity is still decidable for parameterized higher-order processes remains unclear. In this paper, we focus on this issue. There are basically two kinds of parameterization: one on names and the other on processes. We show that the strong bisimilarity is indeed decidable for higher-order processes equipped with both kinds of parameterization. Then we demonstrate how to adapt the decision approach to build an axiom system for the strong bisimilarity. On top of these results, we provide an algorithm for the bisimilarity checking.

## Authors

• 3 publications
• 16 publications
01/31/2021

### Superposition with Lambdas

We designed a superposition calculus for a clausal fragment of extension...
11/29/2020

### A Probabilistic Higher-order Fixpoint Logic

We introduce PHFL, a probabilistic extension of higher-order fixpoint lo...
05/05/2020

### Superposition for Lambda-Free Higher-Order Logic

We introduce refutationally complete superposition calculi for intention...
03/09/2022

### On the influence of over-parameterization in manifold based surrogates and deep neural operators

Constructing accurate and generalizable approximators for complex physic...
09/10/2021

### Reducing Higher-order Recursion Scheme Equivalence to Coinductive Higher-order Constrained Horn Clauses

Higher-order constrained Horn clauses (HoCHC) are a semantically-invaria...
11/01/2020

### Temporally-Continuous Probabilistic Prediction using Polynomial Trajectory Parameterization

A commonly-used representation for motion prediction of actors is a sequ...
12/31/2019

### Higher-order algorithms for nonlinearly parameterized adaptive control

A set of new adaptive control algorithms is presented. The algorithms ar...
##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## 1 Introduction

Bisimulation is a most important concept for comparing the behaviour of computing systems, particularly concurrent systems. An accompanying vital question is to check whether two given systems are equal in terms of bisimulation, hence the bisimilarity checking. Bisimilarity checking is an important topic in concurrency theory and formal verification. Basically there are two directions for this topic. One is to adopt an abstract manner, using process rewrite systems [14]. An advantage of this direction is that some core techniques can be extracted and potentially adapted to various models. The other is to work directly on concrete models [19]. An edge of this direction is that some well-defined operators can be harnessed thoroughly to guide the checking. We focus on the second direction in this work.

The bisimilarity checking, including checking bisimulation equalities, simulations, and preorders, has been attracting tremendous attention in the past few decades [12, 24, 14, 10, 13]. In contrast to the fruitful work of bisimilarity checking on first-order models, checking bisimulation equalities for higher-order processes has been more challenging. Much fewer results have been known in higher-order process models. Indeed, a major reason is that higher-order processes communicate in the fashion of process-passing (i.e., program-passing), and have the innate capability of encoding recursion. Besides, the standard bisimulation for higher-order processes, i.e., the context bisimulation, is strikingly different from those for first-order processes. It requires the matching of two output processes to be compared in arbitrary contexts. To this point, simplifying the context bisimilarity has also been a significant topic [20, 21].

To this day, the best known result of bisimilarity checking for higher-order processes is reported in [16], to our knowledge. In that work, Lanese et al. show that the strong bisimilarity checking of HOcore processes is decidable. As a matter of fact, they show that all known strong bisimilarities in HOcore are decidable. HOcore is a minimal higher-order process model that only has the input, (asynchronous) output, and the concurrency operator (i.e., the parallel composition). HOcore is also proven to be Turing complete, and this result is somehow refined toward a more implementable interpretation [4], in the manner of encoding lambda-calculus in HOcore through abstract machines.

That HOcore is Turing complete renders its process-termination problem undecidable. This fact adds to the contrast that the strong bisimilarity is decidable, which in turn implies the decidability of the barbed congruence. Technically, the decidability is achieved by showing all the strong bisimilarities to be coincident with a very special strong bisimilarity, called IO-bisimilarity, which is decidable by its definition in the first place. On the basis of this decidability outcome, a complete axiom system is also established, as well as an algorithm with acceptable complexity. It is then possible to implement the algorithm for bisimilarity checking HOcore processes in software systems [2]. Intuitively, the essential element making the strong bisimilarity decidable is that HOcore does not have the restriction operator, and thus the capability of expressing recursion is weakened. It is also shown that if restriction is recovered, i.e., if at least four static (i.e., top concurrency level) restrictions are included in HOcore, then the strong bisimilarity immediately becomes undecidable. The undecidability is proven through a reduction from the PCP; similar reductions are also used in other settings, e.g., the Ambient calculus [9]. Building upon [16, 11] further studies the possibility of making the termination decidable, in the setting of a fragment of HOcore where nested higher-order outputs are disabled. Specifically, it is shown that in such a setting the termination of processes becomes decidable (though convergence is still undecidable), due to the reason that the Minsky machines are no longer expressible. Technically, such decidability is achieved using the well-structured transition systems employed in [8]. Following [11, 19] shows that termination turns back to be undecidable if such a fragment of HOcore is enriched with a passivation operator [23], because Turing completeness is retained with the help of passivation.

In [7], Bundgaard et al. study the decidable fragments of Homer [6]

, a higher order process model with the capacity of expressing locations. They show that two subcalculi of Homer have decidable barbed bisimilarity, in both the strong and weak forms. Intuitively, Homer supports certain kind of pattern matching of name sequences that model the locations of resources, and this plays a central role in enhancing the expressiveness. For this reason, Homer can encode first-order processes and is computationally complete, leaving little hope for the decidability of bisimilarities. Therefore, to obtain decidability, some constraints have to be devised. Technically, such constraints are imposed through a finite control property. That is, some finite reachability criterion is excerpted on the semantics of Homer processes. Such a criterion is the key reason for the decidability of barbed bisimilarities. The approach of

[7] provides a valuable reference for acquiring decidability sub-models from a more powerful full model.

However, there is still much space one can exploit concerning bisimilarity checking for higher-order processes, as mentioned in [16]. HOcore is a minimal model, with somewhat low modelling capacity. It would be interesting to quest for a more expressive model by adding certain constructs, while still maintaining the decidability result. Parameterization has been known to be an effective approach of promoting the expressiveness of higher-order processes, that is, abstraction-passing is strictly more expressive than mere process-passing [15]. In this work, we focus on the minimal higher-order processes with parameterization, notation , basically HOcore extended with parameterization. This minimal model contains solely the most elementary parts to formalize higher-order concurrency, with extension of the abstraction and application, two operations originating from the lambda-calculus[3]. We will show that in such a calculus, the strong bisimilarity remains decidable. Similar result is only conjectured in [16]. To this point, we go beyond that conjecture in two respects. Firstly, although our general approach resembles that of [16], the technical route has some key lemmas with essentially different proof structures, due to the complication brought by the parameterization. Secondly, we consider two kinds of parameterization, i.e., both on names and on processes themselves, rather than only one kind. Thus we are working on a potentially more expressive model. This is evidenced by the following two facts. (1) Parameterization, in particular process parameterization, brings strictly more expressiveness to the higher-order process model [15]. (2) Moreover, name parameterization is more expressive than process parameterization [28]. Intuitively, this is true because we can somehow encode process parameterization with name parameterization, using an idea akin to that of encoding process-passing into name-passing. To the best of our knowledge, there has been little work about the decidability of bisimilarities in such a model. The decidability result of this work not only pushes outward the boundary of higher-order processes with decidable bisimilarity, but also digs more into the realm of bisimilarity checking more challenging behavioural equalities, such as weak or branching bisimilarity.

Contribution   Now we summarize the main contribution of this paper.

We show that in the minimal higher-order process model with parameterization, the strong bisimilarities, including the standard context bisimilarity together with other well-known bisimulation equalities, are all decidable. We borrow and revamp the ideas from [16], i.e., defining a bisimilarity decidable from the very beginning and then showing that the bisimilarities of interest coincide with it. The major novel parts are those tackling the parameterization. Due to the presence of the parameterization, we have a completely new design of the key bisimilarities, particularly those defined directly over open processes (i.e., those processes carrying free variables), as well as the normal bisimulation that needs new forms of triggers for the two kinds of parameterizations. In turn, the congruence proofs must take these changes into consideration. Moreover, some crucial properties for establishing the coincidence of the bisimilarities have entirely new proof methods, in particular, among others, the preservation of substitution that claims the closure of variable substitutions with respect to the strong bisimilarity (since now a variable can take an abstraction). Indeed, the discussion of the mutual inclusion of various bisimilarities calls for more rigorous and fine-grained investigation in the setting of parameterization. More explanation is given in Sections 2, 3.
With the decidability in place, we design an axiom system and a checking algorithm, in roughly the same vein as those in [16], with the following differences. (1) For the axiom system, the core part amounts to reducing the deduction of the strong bisimilarity to the extended structural congruence. Previously, such extension includes a distribution law. Now with parameterization in the game, we have to further extend the structural congruence with the laws for the application operation. (2) For the bisimilarity-checking algorithm, the core is to transform a term (possibly with parameterization) into certain normal form with the help of a tree representation of the process, and then the bisimilarity checking can be readily done almost syntactically on the normal form. In presence of parameterization, we extend the tree to accommodate abstractions and applications, as well as the normalization procedure. In such an extended procedure, we execute applications as many times any possible, and operate the tree in a bottom-up fashion so as to improve on performance. The algorithm has linear space complexity and polynomial time complexity slightly better than available ones. More details are given in Sections 4, 5.
An extended version of this paper with more details is available [27].

Organization The remainder of this paper is organized as follows. Section 2 gives the definitions of the process model and the strong bisimilarities. Section 3 presents the decidability of the strong bisimilarities, with detailed proofs. Section 4 does the axiomatization and proves its correctness. In Section 5, we demonstrate an algorithm for the bisimilarity checking, and analyses its complexity. Section 6 concludes this paper and points to some future work.

## 2 Preliminary

In this section, we first define , the minimal higher-order process model extended with parameterization. Then we introduce the strong bisimilarities to be discussed.

Syntax   Calculus  has the following syntax.

expressions (or terms, processes) are represented by capital letters. For the sake of convenience, we divide names (ranged over by ) into two groups: one for name constants (ranged over by ) and the other for name variables (ranged over by ). The elements of the calculus have their standard meaning. One notices that the output is non-blocking, i.e., asynchronous. Sometimes we write for output. Input and process abstraction bind the process variable , and name abstraction binds the name variable . Otherwise, a process or name variable is free. Bound variables can be replaced subject to -conversion, and the resulting term is deemed as the same. A term is closed if it does not have free process variables. Otherwise it is open. Operations fpv(), bpv(), pv(), fnv(), bnv(), nv(), nc(), n() respectively return the free process variables, bound process variables, process variables, free name variables, bound name variables, name variables, name constants, and names of a set of terms. A variable or name is fresh if it does not appear in the terms under examination. We use for a tuple, for example, a tuple of terms and a tuple of names . Process substitution (respectively name substitution ) denotes the replacement of process variable (respectively name variable ) with the process (respectively name ). Substitutions can be extended to tuples in the expected way, i.e., pairwise replacement.

Parameterization refers to abstraction and application, and sometimes parameterization and abstraction are used interchangeably. Intuitively the process abstraction (respectively name abstraction ) abstracts in the process variable (respectively name variable ), which is supposed to be instantiated by a concrete process (respectively name ) in the application (respectively ); then in turn the application gives rise to an applied form (respectively ). The constructs of abstract and application stem from the counterpart in the lambda-calculus, and somehow extend the domain of the lambda-calculus to a concurrent setting. To ensure correct use of abstraction and application, a type system was designed by Sangiorgi in his seminal thesis [20]. The typing rules in the type system effect to exclude badly formed expressions, such as and in which is a (non-variable) term, (dangling abstraction), and so on. That type system is important but not essential for our work here, so we do not present it and always assume that terms are well-formed subject to typing; interested readers can refer to [20, 22] and reference thereof for more details. Term is abbreviated as . We also have some CCS-like operations defined as follows: where ; ; . A context is an expression with some sub-expression replaced by the hole , and means substituting the hole with .

Semantics   We denote by the standard structural congruence extended by the rules for application, i.e., the smallest congruence meeting the following laws among which the last two formulate the application.

Calculus  has the following operational semantics on open terms, with symmetric rules skipped. In the third rule, we assume .

 \inferm(X).Pm(X)−−−→P\infer¯¯¯¯¯mQ¯¯¯¯m(Q)−−−→0\inferP|Qλ→P′|QPλ→P′\inferP|Qτ→P′|Q′{A/X}P¯¯¯¯m(A)−−−→P′Qm(X)−−−→Q′\inferQλ→Q′Q≡PPλ→P′P′≡Q′

The semantics grant a term three kinds of actions: input means that can receive a term on channel to replace the variable acting as a place-holder in (here we have a late instantiation style); output means that can send a term (which could be an abstraction) on channel in an asynchronous fashion; interaction means that makes a communication of some term between concurrent components. Actions are ranged over by . Operations fpv(), bpv(), pv(), fnv(), bnv(), nv(), nc(), n() and also substitutions can be extended to actions in the expected way accordingly. We sometimes write to represent the transition for some if is not important. Modelling application as part of the structural congruence follows the line of reduction in lambda-calculus, though there are other options (see [20, 22]). Thus up-to , a term can be somehow turned into an equivalent one by applying applications as many times as possible, ending up with a term containing only those application of the form . As in [20], we ensure that applications (substitutions) are bound to end (i.e., normalized), so as to avoid -like terms such as in which . Said another way, in the sense of order, we focus on abstractions with finite order, not order. See [20, 22] for more discussion about this. We further notice that if infinite application were to be admitted (though this is a bit strange), then essentially one would retrieve replication, e.g., in which

. This would probably lead to a drastically different situation, which we do not tackle in this work. Before moving on, we give an example to illustrate the modelling capability of

. We define two processes and executing a simple protocol, making good use of the parameterization.

 Pdef=¯¯¯aA|b(X).(X⟨B⟩|O),Qdef=a(X).(X⟨c⟩|c(Y).R),Adef=⟨x⟩(¯¯b[⟨Z⟩¯¯¯xZ])
 P|Qτ→≡b(X).(X⟨B⟩|O)|A⟨c⟩|c(Y).R≡b(X).(X⟨B⟩|O)|¯¯b[⟨Z⟩¯¯cZ]|c(Y).Rτ→≡(⟨Z⟩¯¯cZ)⟨B⟩|O|c(Y).R≡¯¯cB|O|c(Y).Rτ→≡R{B/Y}|O

The protocol goes as follows: (1) sends an abstraction over channel (which is agreed upon beforehand); (2) instantiates the name abstraction carried by with a name chosen by alone (not necessarily negotiated with before starting the protocol); (3) Part of the code of , i.e., is sent back to over channel chosen by alone; (4) Process , e.g., some computational resource or data, is sent to over channel , so as to be used in . In the entire protocol, and only agree on the channel name , and initially do not disclose on which channel the resource is to be transmitted.

Below we give the notion of “guarded” and some relevant properties.

###### Definition 1.

A variable is guarded in if merely occurs in the following two situations. (1) occurs in ’s subexpressions of the form (in which could be the same as ), or (in which is not ). (2) occurs free in ’s subexpressions of the form .   A term is guarded if any free variable of it is guarded.

In what follows, we have the abbreviations: , , . The proofs of the coming two lemmas are by transition induction.

###### Lemma 2.

We have the following transition properties.
(1) If , then for every with .
(2) If with guarded in and , then , , and is with .
(3) If with fresh and not in , then , , and is .
(4) If with fresh and not in , then , , and is .
(5) If with fresh and not in , then , , and is .
(6) If , then .
(7) If and is not , then in which is , and .
(8) If , then there are several possibilities: (a) and . (b) and . That is, , and . (c) and . That is, , and .

###### Lemma 3.

Assume that is a term and is a process variable. There are in which is guarded and natural number such that one of the following cases is true. (1) , and for every .   (2) , and for every .   (3) , and for every .

The strong bisimilarities   In the following, we first present a provably decidable strong bisimilarity, named strong HO-IO bisimilarity. Then we go head to define the various strong bisimilarities, including the strong context bisimilarity and other strong bisimilarities of concern. These strong bisimilarities turn out to be equal.

Strong HO-IO bisimilarity   We define a bisimulation called strong HO-IO bisimulation, with the corresponding equality called strong HO-IO bisimilarity. As will be seen, the most desirable properties we want from this bisimilarity is that it is decidable. The definition needs to take into account the abstractions, because the terms transmitted to be compared may be abstractions. Jumping ahead, the other strong bisimulations to be defined also have this requirement for abstractions.

###### Definition 4 (Strong HO-IO bisimilarity).

A symmetric binary relation over  terms is a strong HO-IO bisimulation, if whenever the following properties hold.

(1) If is a non-abstraction, then so is .  (2) If is a process-abstraction , then is a process-abstraction , and .  (3) If is a name-abstraction , then is a name-abstraction , and .  (4) If , then with and .  (5) If , then and .  (6) If , then and .  (7) If , then , and and .  (8) If , then and . The strong HO-IO bisimilarity, notation , is the largest strong HO-IO bisimulation.

Strong HO bisimilarity   The concept of strong HO bisimilarity is due to Thomsen [25].

###### Definition 5 (Strong HO bisimilarity).

A symmetric binary relation over closed  terms is a strong HO bisimulation, if whenever the following properties hold.

(1) If is a non-abstraction, then so is .  (2) If is a process-abstraction , then is a process-abstraction , and for every closed .  (3) If is a name-abstraction , then is a name-abstraction , and .  (4) If , then with and .  (5) If , then and for every closed , it holds that .  (6) If , then and .    The strong HO bisimilarity, notation , is the largest strong HO bisimulation.

Strong context bisimilarity   We denote by a process possibly with appearing free in it, i.e., . Accordingly, denotes . As a nearly standard version of the bisimilarity for higher-order processes, the context bisimulation was proposed by Sangiorgi [20].

###### Definition 6 (Strong context bisimilarity).

A symmetric binary relation over closed  terms is a strong context bisimulation, if whenever the following properties hold. (1) If is a non-abstraction, then so is .  (2) If is a process-abstraction , then is a process-abstraction , and for every closed .  (3) If is a name-abstraction , then is a name-abstraction , and .  (4) If , then and for every closed , it holds that .  (5) If in which is a non-abstraction, process-abstraction , or name-abstraction, then for some that is respectively a non-abstraction, process-abstraction , or name-abstraction, and for every , it holds that .  (6) If , then and .   The strong context bisimilarity, notation , is the largest strong context bisimulation.

We note that can be extended to open process terms, similar for . That is, for open terms and with ,

Strong normal bisimilarity   Higher-order process expressions here may be parameterized over processes themselves or names. Accordingly, abstractions can be transmitted in communications, and thus process variables have three types: non-abstraction, process-abstraction, and name-abstraction. We refer the reader to [20] for the detailed formalization of types. To cater for our need, knowing which of the three types a process variable belongs to is sufficient for our work. For convenience, we may simply say that a process variable is a non-abstraction, process-abstraction, or name-abstraction.

Before presenting the definition of the strong normal bisimilarity, we give the definition of triggers: , , . These triggers correspond to the three types of process variables represented above, and will be used to handle abstractions bound to instantiate these process variables. The concept of triggers was proposed by Sangiorgi and plays a prevalent role in the manipulation of higher-order processes; see [20][26]. We stress that the design of the normal bisimulation in this work requires new forms of triggers due to the presence of parameterization. The work in [16] only needs the simplest form of triggers acting as synchronizers sending handshaking signals, i.e., . However in contrast, in the setting of parameterization, triggers should bear the responsibility of relocating the parameters for an abstraction. This design is non-trivial in general, and we harness the results in the previous work [26] to devise different forms of triggers used by the parameterization. It is not hard to prove that the strong normal bisimilarity is a congruence [20].

###### Definition 7 (Strong normal bisimilarity).

A symmetric binary relation over closed  terms is a strong normal bisimulation, if whenever the following properties hold.

(1) If is a non-abstraction, then so is .  (2) If is a process-abstraction , then is a process-abstraction , and for every closed it holds for fresh that:
(a) , if is a non-abstraction.  (b) , if is a process-abstraction.  (c) , if is a name-abstraction.

(3) If is a name-abstraction , then is a name-abstraction , and .

(4) If , then and for every closed , it holds for fresh that:
(a) , if is a non-abstraction.  (b) , if is a process-abstraction.  (c) , if is a name-abstraction.

(5) If , there are three possibilities:  (a) If is not an abstraction, then for non-abstraction , and it holds for fresh that .  (b) If is a process-abstraction , then for process-abstraction that is , and it holds for fresh that .  (c) If is a name-abstraction , then for name-abstraction that is , and it holds for fresh that .

(6) If , then and .   The strong normal bisimilarity, notation , is the largest strong normal bisimulation.

We can also extend to open terms. For open terms and with , , where each variable in , and is respectively a non-abstraction, process-abstraction and name-abstraction, and is replaced with the corresponding trigger for that variable type. The corresponding tuples of triggers are respectively denoted by , and , where the names of all the triggers are fresh.

Open strong normal bisimilarity   The following bisimilarity is a variant of the strong normal bisimilarity on open terms. It is basically an extension of the same bisimilarity in [16].

###### Definition 8 (Open strong normal bisimilarity).

A symmetric binary relation over  terms is an open strong normal bisimulation, if whenever the following properties hold.

(1) If is a non-abstraction, then so is .  (2) If is a process-abstraction , then is a process-abstraction , and .  (3) If is a name-abstraction , then is a name-abstraction , and .  (4) If or , then matches in the same way as in strong normal bisimilarity.  (5) If , then and .  (6) If , then and .

(7) If , then and moreover the following is valid for fresh .
(a) If is not an abstraction, then so is and .  (b) If is a process-abstraction, then so is and .  (c) If is a name-abstraction, then so is and .

(8) If , then and .

The open strong normal bisimilarity, notation , is the largest open strong normal bisimulation.

## 3 Deciding the strong bisimilarity for Π\tiny mp

In this section, we first establish the decidability of the strong HO-IO bisimilarity. This is the cornerstone of the decidability for other bisimilarities. Then we discuss the relationship between the strong bisimilarities, and eventually obtain the coincidence between them. As such, all of the strong bisimilarities are decidable.

### 3.1 The decidability and properties of ∼\tiny∘\tiny hoio

To facilitate discussion on decidability, we need a metric of the syntactical structure of a term.

###### Definition 9 (Depth of a term).

The depth of a term is a mapping from terms to natural numbers defined as follows.

An immediate property is that both of and implies . The proof of this property is by induction over the depth of . The details can be found in [27].

###### Lemma 10.

If or , then .

Strong HO-IO bisimulation up-to    Bisimulation up-to is a useful technique to establish bisimulations. Its definition is obtained by replacing with in every clause of Definition 4. The advantage of the up-to technique is that if is a strong HO-IO bisimulation up-to , then . See [17, 22] for a thorough introduction and discussion.

Congruence   Through standard state-diagram-chasing argument, one can prove that is an equivalence relation. It is also a congruence, as the follow-up lemma reveals. See [20, 16] for a reference of proof; we also provide a proof in [27]. .

###### Lemma 11 (Congruence).

On  terms, is congruence. That is, suppose and are  terms, then implies: (1) ;  (2) ;  (3) ;  (4) ;  (5) ;  (6) .

Decidability   We now establish the decidability of . As a premise, we have the following structural property, whose proof is a simple induction over the semantic rules.

###### Lemma 12.

Suppose is a  term. Then: (1) If , then .  (2) If , then and .

###### Lemma 13 (Decidability).

On  terms, is decidable.

###### Proof of Lemma 13.

We decide whether by induction on .

Induction basis.  In this case is or . The case is , i.e., is , is trivial because no action is possible from and it has no free variables. If is , i.e., is or , then no action is possible from . One simply checks that is also or respectively.

Induction step.  We perform a (finite) check of each clause of in an inductive way.

(1) If is a non-abstraction, then check that is also a non-abstraction.

(2) If is a process-abstraction , then check that is also a process-abstraction (up-to -conversion), and continue with checking using induction hypothesis since the depth of decreases with respect to , i.e., .

(3) If is a name-abstraction , then check that is also a name-abstraction (up-to -conversion), and continue with checking using induction hypothesis since the depth of decreases with respect to , i.e., .

(4) If , we check that and . There might be a few (but finite) possibilities concerning . If all such checks fail, then we conclude that and are not strong HO-IO bisimilar. For each possible check, we know by Lemma 12 that and . Since the depth of the terms decrease, i.e., , we use induction hypothesis to continue checking .

(5) If , we check that with and . There might be a few (but finite) possibilities concerning and . If all such checks fail, then we conclude that and are not strong HO-IO bisimilar. For each possible check, we know by Lemma 12 that . Since the depth of the terms decrease, i.e., and , we use induction hypothesis to continue checking and .

(6) If , we check that and . There might be a few (but finite) possibilities concerning . If all such checks fail, then we conclude that and are not strong HO-IO bisimilar. For each possible check, since the depth of the terms decrease, i.e., , we use induction hypothesis to continue checking .

(7) If , we check that with and . There might be a few (but finite) possibilities concerning and . If all such checks fail, then we conclude that and are not strong HO-IO bisimilar. For each possible check, since the depth of the terms decrease, i.e., and , we use induction hypothesis to continue checking and .

(8) If , we check that