Summer School Verification Technology, Systems & Applications

Similar documents
Strong Bisimulation. Overview. References. Actions Labeled transition system Transition semantics Simulation Bisimulation

Exercises with (Some) Solutions

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

Bisimulation. R.J. van Glabbeek

Finite Automata. Informatics 2A: Lecture 3. John Longley. 22 September School of Informatics University of Edinburgh

Hennessy-Milner Logic 1.

Coalgebra, Lecture 15: Equations for Deterministic Automata

11.1 Finite Automata. CS125 Lecture 11 Fall Motivation: TMs without a tape: maybe we can at least fully understand such a simple model?

Convert the NFA into DFA

Process Algebra CSP A Technique to Model Concurrent Programs

CMPSCI 250: Introduction to Computation. Lecture #31: What DFA s Can and Can t Do David Mix Barrington 9 April 2014

Chapter 2 Finite Automata

More on automata. Michael George. March 24 April 7, 2014

1 Nondeterministic Finite Automata

1.2. Linear Variable Coefficient Equations. y + b "! = a y + b " Remark: The case b = 0 and a non-constant can be solved with the same idea as above.

Formal Methods in Software Engineering

Bisimulation, Games & Hennessy Milner logic

Finite Automata. Informatics 2A: Lecture 3. Mary Cryan. 21 September School of Informatics University of Edinburgh

THE EXISTENCE-UNIQUENESS THEOREM FOR FIRST-ORDER DIFFERENTIAL EQUATIONS.

CS 275 Automata and Formal Language Theory

CS:4330 Theory of Computation Spring Regular Languages. Equivalences between Finite automata and REs. Haniel Barbosa

Concepts of Concurrent Computation Spring 2015 Lecture 9: Petri Nets

Theory of Computation Regular Languages. (NTU EE) Regular Languages Fall / 38

On Determinisation of History-Deterministic Automata.

Non-Deterministic Finite Automata. Fall 2018 Costas Busch - RPI 1

1 From NFA to regular expression

CS 330 Formal Methods and Models Dana Richards, George Mason University, Spring 2016 Quiz Solutions

Temporal logic CTL : syntax. Communication and Concurrency Lecture 6. Φ ::= tt ff Φ 1 Φ 2 Φ 1 Φ 2 [K]Φ K Φ AG Φ EF Φ AF Φ EG Φ A formula can be

MAA 4212 Improper Integrals

Petri Nets and Regular Processes

Semantic reachability for simple process algebras. Richard Mayr. Abstract

Theory of Computation Regular Languages

This lecture covers Chapter 8 of HMU: Properties of CFLs

1. For each of the following theorems, give a two or three sentence sketch of how the proof goes or why it is not true.

CISC 4090 Theory of Computation

Good-for-Games Automata versus Deterministic Automata.

AUTOMATA AND LANGUAGES. Definition 1.5: Finite Automaton

CS 311 Homework 3 due 16:30, Thursday, 14 th October 2010

Refined interfaces for compositional verification

Lecture 1. Functional series. Pointwise and uniform convergence.

Anatomy of a Deterministic Finite Automaton. Deterministic Finite Automata. A machine so simple that you can understand it in less than one minute

Finite state automata

Non Deterministic Automata. Linz: Nondeterministic Finite Accepters, page 51

1 Introduction. Abstract

Deterministic Finite Automata

Handout: Natural deduction for first order logic

378 Relations Solutions for Chapter 16. Section 16.1 Exercises. 3. Let A = {0,1,2,3,4,5}. Write out the relation R that expresses on A.

Introduction to spefication and verification Lecture Notes, autumn 2011

DFA Minimization and Applications

Semantic Reachability. Richard Mayr. Institut fur Informatik. Technische Universitat Munchen. Arcisstr. 21, D Munchen, Germany E. N. T. C. S.

Introduction to ω-autamata

5. (±±) Λ = fw j w is string of even lengthg [ 00 = f11,00g 7. (11 [ 00)± Λ = fw j w egins with either 11 or 00g 8. (0 [ ffl)1 Λ = 01 Λ [ 1 Λ 9.

Lecture 08: Feb. 08, 2019

Exercises Chapter 1. Exercise 1.1. Let Σ be an alphabet. Prove wv = w + v for all strings w and v.

Grammar. Languages. Content 5/10/16. Automata and Languages. Regular Languages. Regular Languages

Finite-State Automata: Recap

CS 330 Formal Methods and Models

An Introduction to Bisimulation and Coinduction

80 CHAPTER 2. DFA S, NFA S, REGULAR LANGUAGES. 2.6 Finite State Automata With Output: Transducers

CS 301. Lecture 04 Regular Expressions. Stephen Checkoway. January 29, 2018

CS375: Logic and Theory of Computing

Let's start with an example:

Chapter Five: Nondeterministic Finite Automata. Formal Language, chapter 5, slide 1

1 Online Learning and Regret Minimization

Fundamentals of Computer Science

Formal Languages and Automata

arxiv: v2 [cs.fl] 23 Apr 2018

Intermediate Math Circles Wednesday, November 14, 2018 Finite Automata II. Nickolas Rollick a b b. a b 4

3 Regular expressions

Types of Finite Automata. CMSC 330: Organization of Programming Languages. Comparing DFAs and NFAs. Comparing DFAs and NFAs (cont.) Finite Automata 2

Designing finite automata II

State space systems analysis (continued) Stability. A. Definitions A system is said to be Asymptotically Stable (AS) when it satisfies

CS 267: Automated Verification. Lecture 8: Automata Theoretic Model Checking. Instructor: Tevfik Bultan

Java II Finite Automata I

CSC 473 Automata, Grammars & Languages 11/9/10

63. Representation of functions as power series Consider a power series. ( 1) n x 2n for all 1 < x < 1

CM10196 Topic 4: Functions and Relations

CS 275 Automata and Formal Language Theory

Automata Theory 101. Introduction. Outline. Introduction Finite Automata Regular Expressions ω-automata. Ralf Huuck.

CHAPTER 1 Regular Languages. Contents

Nondeterminism. Nondeterministic Finite Automata. Example: Moves on a Chessboard. Nondeterminism (2) Example: Chessboard (2) Formal NFA

Minimal DFA. minimal DFA for L starting from any other

Automata and Languages

Expressiveness modulo Bisimilarity of Regular Expressions with Parallel Composition (Extended Abstract)

CS 330 Formal Methods and Models

Types of Finite Automata. CMSC 330: Organization of Programming Languages. Comparing DFAs and NFAs. NFA for (a b)*abb.

Harvard University Computer Science 121 Midterm October 23, 2012

Decidability of Weak Bisimilarity for a Subset of Basic Parallel Processes

Jim Lambers MAT 169 Fall Semester Lecture 4 Notes

First Midterm Examination

Second Lecture: Basics of model-checking for finite and timed systems

Lecture 09: Myhill-Nerode Theorem

Stuttering for Abstract Probabilistic Automata

CSCI FOUNDATIONS OF COMPUTER SCIENCE

Designing and Understanding the Behaviour of Systems

CMSC 330: Organization of Programming Languages. DFAs, and NFAs, and Regexps (Oh my!)

Parse trees, ambiguity, and Chomsky normal form

Mathematics Number: Logarithms

CMSC 330: Organization of Programming Languages

CS5371 Theory of Computation. Lecture 20: Complexity V (Polynomial-Time Reducibility)

Transcription:

VTSA 2011 Summer School Verifiction Technology, Systems & Applictions 4th edition since 2008: Liège (Belgium), Sep. 19 23, 2011 free prticiption, limited number of prticipnts ppliction dedline: July 22, 2011 Overll theme: decision procedures A. Armndo: Rewriting Approch to Decision Procedures F. Bder: Resoning in Description Logics B. Blnchet: Automtic Verifiction of Security Protocols F. Jcquemrd: Tree utomt techniques in verifiction J.-P. Ktoen: Verifiction of Continuous-Time Mrkov Models http://www.mpi-inf.mpg.de/vtsa11/ S. Merz (LORIA) Behviorl equivlences VINO 2011 1 / 27

Behviorl equivlences Stephn Merz INRIA Nncy & LORIA VINO 2011 S. Merz (LORIA) Behviorl equivlences VINO 2011 2 / 27

Outline Notions for compring process specifictions IMPL relizes ( is t lest s good s ) SPEC SPEC 1 nd SPEC 2 re essentilly equivlent Subject to notion of observbility Enjoy robust mthemticl properties Approprite proof techniques S. Merz (LORIA) Behviorl equivlences VINO 2011 3 / 27

Pln 1 Introduction to behviorl equivlence 2 Strong bisimilrity 3 Wek bisimilrity S. Merz (LORIA) Behviorl equivlences VINO 2011 4 / 27

Wht to expect from process equivlences Ide: processes indistinguishble to ny observer equivlence notions differ in notion of observer sme output, sme trces, modulo hidden ctions,... S. Merz (LORIA) Behviorl equivlences VINO 2011 5 / 27

Wht to expect from process equivlences Ide: processes indistinguishble to ny observer equivlence notions differ in notion of observer sme output, sme trces, modulo hidden ctions,... Indistinguishbility must be n equivlence reflexive: symmetric: trnsitive: support refinement Spec 0 R Spec 1 R... R Spec n S. Merz (LORIA) Behviorl equivlences VINO 2011 5 / 27

Wht to expect from process equivlences Ide: processes indistinguishble to ny observer equivlence notions differ in notion of observer sme output, sme trces, modulo hidden ctions,... Indistinguishbility must be n equivlence reflexive: symmetric: trnsitive: support refinement Spec 0 R Spec 1 R... R Spec n Indistinguishbility should be congruence P R Q = C[P] R C[Q] for ny context C substitutivity of indistinguishble components in ny context S. Merz (LORIA) Behviorl equivlences VINO 2011 5 / 27

Exmple: trce equivlence Definition (trces, trce equivlences) Assume trnsition system T = (Proc, Act, { : α α Act}). A trce of P Proc is sequence α 1 α k Act such tht there exists sequence of trnsitions P α 1 α P 2 1 α k Pk. Trces(P) denotes the set of ll trces of P. Processes P, Q re trce equivlent (P Q) if Trces(P) = Trces(Q). Nturl notion of process equivlence trces re nlogous to lnguges of utomt trce equivlence is necessry for indistinguishbility S. Merz (LORIA) Behviorl equivlences VINO 2011 6 / 27

Trce equivlence: exmple CTM : CTM : te te coffee coffee Observe: CTM CTM Trces(CTM) = Trces(CTM ) = ( te + coffee) S. Merz (LORIA) Behviorl equivlences VINO 2011 7 / 27

Trce equivlence: exmple CTM : CTM : te te coffee coffee Observe: CTM CTM Trces(CTM) = Trces(CTM ) = ( te + coffee) CA : But: CTM nd CTM re not indistinguishble coffee CTM chooses internlly whether to serve te or coffee CTM CA my dedlock, but CTM CA does not S. Merz (LORIA) Behviorl equivlences VINO 2011 7 / 27

Pln 1 Introduction to behviorl equivlence 2 Strong bisimilrity 3 Wek bisimilrity S. Merz (LORIA) Behviorl equivlences VINO 2011 8 / 27

Need for stronger equivlence Trce equivlence is not stisfctory for rective systems should tke into ccount brnching behvior of processes potentil evolution from intermedite sttes mtters lso note: is not congruence, cf. CTM CA Ide: P, Q re equivlent iff... they offer the sme ctions to the environment nd whenever P α P then Q α Q for some Q equivlent to P Observe: ductive definition [Prk 1981, Milner 1989] S. Merz (LORIA) Behviorl equivlences VINO 2011 9 / 27

Strong simultion Definition (strong simultion) Assume trnsition system T = (Proc, Act, { α : α Act}). A reltion R Proc Proc is strong simultion for T if whenever P R Q nd Q α Q then there exists P Proc such tht P α P nd P R Q. P strongly simultes Q if there exists strong simultion R with P R Q. Strong simultion is pre-order, not n equivlence ide: P is t lest s good s Q P cn mtch ny behvior of Q S. Merz (LORIA) Behviorl equivlences VINO 2011 10 / 27

Simultion: pictoril representtion P R Q P Q R If P R Q then... ny move Q α Q of Q cn be mtched by move P α P...... tht leds to mtching stte P, i.e. P R Q Observe: simultion refers to single trnsition system in prctice, often compre two different systems formlly, tke their (disjoint) union to form single system S. Merz (LORIA) Behviorl equivlences VINO 2011 11 / 27

Coffee mchine exmple Q1 CTM : P0 te P1 P2 CTM : Q0 te Q1 Q2 coffee coffee P 0 simultes Q 0 : CTM is t lest s good s CTM strong simultion R = {(P 0, Q 0 ), (P 1, Q 1 ), (P 1, Q 1 ), (P 2, Q 2 )} S. Merz (LORIA) Behviorl equivlences VINO 2011 12 / 27

Coffee mchine exmple Q1 CTM : P0 te P1 P2 CTM : Q0 te Q1 Q2 coffee coffee P 0 simultes Q 0 : CTM is t lest s good s CTM strong simultion R = {(P 0, Q 0 ), (P 1, Q 1 ), (P 1, Q 1 ), (P 2, Q 2 )} Q 0 does not simulte P 0 : CTM cnnot replce CTM cnnot find mtching stte for P 1 in CTM S. Merz (LORIA) Behviorl equivlences VINO 2011 12 / 27

Strong simultion: second exmple b P1 Q0 P0 b P2 Q2 b Q1 S. Merz (LORIA) Behviorl equivlences VINO 2011 13 / 27

Strong simultion: second exmple b P1 Q0 P0 b P2 Q2 b Q1 P 0 simultes Q 0 : consider reltion R = {(P 0, Q 0 ), (P 0, Q 2 ), (P 1, Q 1 ), (P 2, Q 1 )} S. Merz (LORIA) Behviorl equivlences VINO 2011 13 / 27

Strong simultion: second exmple b P1 Q0 P0 b P2 Q2 b Q1 P 0 simultes Q 0 : consider reltion R = {(P 0, Q 0 ), (P 0, Q 2 ), (P 1, Q 1 ), (P 2, Q 1 )} Also, Q 0 simultes P 0 : the inverse reltion R 1 = {(Q 0, P 0 ), (Q 2, P 0 ), (Q 1, P 1 ), (Q 1, P 2 )} is gin strong simultion S. Merz (LORIA) Behviorl equivlences VINO 2011 13 / 27

Strong bisimultion & bisimilrity Definition Assume trnsition system T = (Proc, Act, { α : α Act}). A reltion R Proc Proc is strong bisimultion for T if R nd R 1 re strong simultions for T. Processes P nd Q re strongly bisimilr, written P Q, if P R Q for some strong bisimultion R. Exercise: mutul simultion does not imply bisimultion P1 P0 Q0 Q1 Q2 P2 P3 Show tht P0 simultes Q0 nd vice vers, but not P0 Q0. S. Merz (LORIA) Behviorl equivlences VINO 2011 14 / 27

Key properties of bisimilrity Theorem 1 The reltion of strong bisimilrity is n equivlence reltion. 2 Bisimilrity is strong bisimultion, nd it is the lrgest such. Proof. 1 Reflexivity nd symmetry: esy. Trnsitivity: if R 1 nd R 2 re bisimultions, then so is R 1 R 2 = {(p, r) : q : (p, q) R 1, (q, r) R 2 }. 2 Assume P Q, so P R Q for some bisimultion R. If Q Q then there is P with P P nd P R Q, hence P Q. Simultion of P by Q is symmetricl. By definition, it follows tht is the lrgest strong bisimultion. Q.E.D. S. Merz (LORIA) Behviorl equivlences VINO 2011 15 / 27

Further properties of strong bisimultions Bisimultions re closed under unions Let (R i ) i I be fmily of strong bisimultions. Then i I R i is itself strong bisimultion. Mutul simultion generlizes to sequences of ctions Let σ = α 1 α k Act be sequence of ctions. If P Q nd P σ P then Q σ Q for some Q with P Q. Bisimilrity is stronger thn trce equivlence If P Q then P Q. Some prticulr strong bisimultions {(P Q, Q P) : P, Q CCS processes} {(P 0, P) : P CCS process} {((P Q) R, P (Q R)) : P, Q, R CCS processes} S. Merz (LORIA) Behviorl equivlences VINO 2011 16 / 27

Strong bisimilrity is congruence in CCS Theorem Let P, Q be CCS processes where P Q. Then: 1 α.p α.q, for ny ction α 2 P + R Q + R nd R + P R + Q, for ny CCS process R 3 P R Q R nd R P R Q, for ny CCS process R 4 P[f ] Q[f ], for ny relbeling f 5 P \ L Q \ L, for ny set of lbels L Proof (ide). By constructing suitble bisimultion reltions, such s R = {(P R, Q R ) : P Q } nd tedious cse nlysis ccording to which process is responsible for the trnsition. Q.E.D. S. Merz (LORIA) Behviorl equivlences VINO 2011 17 / 27

Exmple: buffers Specifiction of one-plce buffer in CCS B 1 0 def = in.b 1 1 B 1 def 1 = out.b 1 0 (bstrcting from stored vlues) S. Merz (LORIA) Behviorl equivlences VINO 2011 18 / 27

Exmple: buffers Specifiction of one-plce buffer in CCS B 1 0 def = in.b 1 1 B 1 def 1 = out.b 1 0 (bstrcting from stored vlues) More generlly: n-plce buffer in CCS B n 0 B n i B n n def = in.b n 1 def = in.b n i+1 + out.bn i 1 (0 < i < n) def = out.b n n 1 interprettion B k i : buffer with k plces holding i vlues Wht reltions cn we estblish between these buffers? S. Merz (LORIA) Behviorl equivlences VINO 2011 18 / 27

Bisimultions between buffers Two one-plce buffers re s good s two-plce buffer dotted lines indicte bisimultion contining (B 2 0, B1 0 B1 0 ) More generlly: B n 0 B1 0 B 1 0 }{{} n times the following reltion is strong bisimultion: { (B n i, B1 i 1 B 1 i n ) : i 1,..., i n {0, 1}, n k=1 } i k = i S. Merz (LORIA) Behviorl equivlences VINO 2011 19 / 27

Pln 1 Introduction to behviorl equivlence 2 Strong bisimilrity 3 Wek bisimilrity S. Merz (LORIA) Behviorl equivlences VINO 2011 20 / 27

Bisimilrity nd τ trnsitions Strong bisimilrity is good cndidte for indistinguishbility refines trce equivlence from utomt theory tkes into ccount brnching structure congruence reltion w.r.t. ll CCS primitives elegnt proof techniques (co-induction, bisimultion modulo) S. Merz (LORIA) Behviorl equivlences VINO 2011 21 / 27

Bisimilrity nd τ trnsitions Strong bisimilrity is good cndidte for indistinguishbility refines trce equivlence from utomt theory tkes into ccount brnching structure congruence reltion w.r.t. ll CCS primitives elegnt proof techniques (co-induction, bisimultion modulo) But cn sometimes be too strong uniform definition w.r.t. ll trnsitions, including τ trnsitions... but the ltter re supposed to be unobservble for exmple,.0.τ.0 S. Merz (LORIA) Behviorl equivlences VINO 2011 21 / 27

Cn we simply drop τ trnsitions? Exmple: computer scientist nd flwed coffee mchine CS CM b def = pub..coffee.cs def =.coffee.cm b +.CM b Consider behvior of Strt def = (CS CM b ) \ {, coffee} S. Merz (LORIA) Behviorl equivlences VINO 2011 22 / 27

Cn we simply drop τ trnsitions? Exmple: computer scientist nd flwed coffee mchine CS CM b def = pub..coffee.cs def =.coffee.cm b +.CM b Consider behvior of Strt def = (CS CM b ) \ {, coffee} The combined system contins dedlocked stte Ersing the τ trnsition, the dedlock would be hidden S. Merz (LORIA) Behviorl equivlences VINO 2011 22 / 27

Extended trnsition reltion Ide: combine visible trnsitions with surrounding τ s Definition Assume trnsition system T = (Proc, Act, { : α α Act}). For P, Q Proc nd α Act, write P = α Q iff if α = τ, we hve P τ P if α = τ, we hve P τ Q. α Q τ Q S. Merz (LORIA) Behviorl equivlences VINO 2011 23 / 27

Extended trnsition reltion Ide: combine visible trnsitions with surrounding τ s Definition Assume trnsition system T = (Proc, Act, { : α α Act}). For P, Q Proc nd α Act, write P = α Q iff if α = τ, we hve P τ P if α = τ, we hve P τ Q. α Q τ Q Previous exmple Strt pub = Good Strt pub = Bd Strt pub = Strt Define wek bisimultion in terms of α α = insted of S. Merz (LORIA) Behviorl equivlences VINO 2011 23 / 27

Wek bisimultion nd bisimilrity Definition Assume trnsition system T = (Proc, Act, { α : α Act}). A reltion R Proc Proc is wek bisimultion iff, whenever P R Q nd α Act: if P α P then Q = α Q for some Q with P R Q, if Q α Q then P = α P for some P with P R Q. P nd Q re wekly bisimilr, written P Q, if P R Q for some wek bisimultion R. Exmples.0.τ.0 Strt Spec for Spec def = pub.spec S. Merz (LORIA) Behviorl equivlences VINO 2011 24 / 27

Wek bisimilrity nd divergence Exmple: polling loop for two input signls A? def =.0 + τ.b? B? def = b.0 + τ.a? process tht my receive input on or b, then termintes Hve: A? B?.0 + b.0 S. Merz (LORIA) Behviorl equivlences VINO 2011 25 / 27

Wek bisimilrity nd divergence Exmple: polling loop for two input signls A? def =.0 + τ.b? B? def = b.0 + τ.a? process tht my receive input on or b, then termintes Hve: A? B?.0 + b.0 However, A? my diverge: A? τ τ B? A? Wek bisimilrity ssumes progress Beten, Bergstr & Klop 1987 similrly: Div 0 for Div def = τ.div dedlock nd livelock re equivlent w.r.t. S. Merz (LORIA) Behviorl equivlences VINO 2011 25 / 27

Key properties of wek bisimilrity Theorem 1 The reltion of wek bisimilrity is n equivlence reltion. 2 Wek bisimilrity is wek bisimultion, nd it is the lrgest such. Theorem Let P, Q be CCS processes where P Q. Then: 1 α.p α.q, for ny ction α 2 P R Q R nd R P R Q, for ny CCS process R 3 P[f ] Q[f ], for ny relbeling f 4 P \ L Q \ L, for ny set of lbels L However, P Q does not imply P + R Q + R exmple: 0 τ.0 but 0 +.0 τ.0 +.0 τ τ.0 +.0 0 cnnot be mtched by left-hnd process S. Merz (LORIA) Behviorl equivlences VINO 2011 26 / 27

Summry bisimultions: elegnt description of identicl processes clrify semntics of rective systems: brnching behvior mtters supported by proof techniques such s co-induction finite-stte LTS (n sttes, m trnsitions): P Q decidble in O(m log n) however, LTS cn be of size exponentil in length of CCS description deciding wek bisimultion vi sturtion: pre-compute α = mny extensions for certin infinite-stte systems (BPP nd PDA decidble, Petri nets not) S. Merz (LORIA) Behviorl equivlences VINO 2011 27 / 27

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback