Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Semantics Q1 2007 S EMANTICS (Q1,’07) Week 6 Jacob Andersen PhD student

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Semantics Q1 2007 S EMANTICS (Q1,’07) Week 6 Jacob Andersen PhD student"— Presentation transcript:

1 1 Semantics Q1 2007 S EMANTICS (Q1,’07) Week 6 Jacob Andersen PhD student andersen@daimi.au.dk

2 2 Semantics Q1 2007 Week 6 - Outline A Tale of Two Coca-Cola Dispensers About Equivalences Strong + Weak Bisimulation Bisimulation Games CCS Tools

3 3 Semantics Q1 2007 CCS Syntax CCS Syntax: “0”// inaction “ .P ”// action prefix,   Act “ P+P ”// non-deterministic choice “ P|P ”// parallel composition “ P\L ”// restriction (private name), L ⊆ L “ P[f] ”// action relabelling “ K ”// process variable, K  K P ::= 0 | .P | P+P | P|P | P\L | P[f] | K K 1 = P 1, K 2 = P 2, … def  a: f(a) = f(a)  f(  ) =  f:Act  Act … where Note: restrictions on f

4 4 Semantics Q1 2007 SOS for CCS Structural Operational Semantics: Q: why  (tau) in communication “ P|Q ” (instead of propagating a or a ) ?  ~ “the unobservable hand-shake” [ RES ] [ REL ] [ COM 1 ] [ COM 2 ] [ COM 3 ] [ ACT ] [ SUM j ][ CON ]

5 5 Semantics Q1 2007 A T ALE OF TWO C OCA -C OLA D ISPENSERS

6 6 Semantics Q1 2007 Once upon a time... Dispenser: Dispenser’: ’ ’ Would you consider them equal ‘=’ ? coin. (coke + sprite) coin.coke + coin.sprite Would you consider them equivalent ‘  ’ ? What does it at all mean for them to be equivalent ‘  ’ ?!?

7 7 Semantics Q1 2007 Equal vs. Equivalent Equal (concrete identity): 3 = 3 Equivalent (abstract): 3  003 3 10  0x03 16  \003 8  0011 2 3  three 3  3  1+2 3  let n=2 in n*(n-1)+(n-2)  i i i=0 2 more abstract

8 8 Semantics Q1 2007 Trace Equivalence Definition: Trace Equivalence: Two processes P and Q are trace equivalent “  tr ” iff: »They can produce the same traces: » Example: Traces( ) = { , coin, coin;coke, coin;sprite } Traces( ) = { , coin, coin;coke, coin;sprite } coin. (coke + sprite) coin.coke + coin.sprite ’ ’ ’ ’  tr Hence: Traces(P) = {  Act* |  Q : P  * Q } 

9 9 Semantics Q1 2007 Contextual Composition…? Recall: "Coke-only-drinker": Contextual composition: coin. (coke + sprite) coin.coke + coin.sprite ’ ’ ’ ’  tr What the.. !? coin. coke. drink The coke drinker is certainly able to to distinguish the two dispensers !! Idea (can we…?): put the two dispensers in a context where they can be differentiated ! problematic equality(!) Trace equivalence cannot distinguish the two dispensers.

10 10 Semantics Q1 2007 A BOUT E QUIVALENCES

11 11 Semantics Q1 2007 Purpose of equivalences Recall examples from the homepage: Specification and (model of) program equivalent ? Two (models of) programs equivalent ?

12 12 Semantics Q1 2007 CCS: “Single-Language Formalism” CCS is a so-called “Single-lang. formalism”; i.e. one may specify both: »implementation( ) »and specification( ) We would like to check via some (reasonable) equivalence, R, that: “The implementation has the intended behavior”: » R the spec. and impl. are “equivalent” IMPL = def... SPEC = def... IMPL SPEC

13 13 Semantics Q1 2007 Equivalence “wish list” …so we would like: reflexitivity : »SYS R SYS (same behavior as itself) ! transitivity (for stepwise modelling/refinement) !!! : »S 0 R S 1 R... R S n R IMPL => S 0 R IMPL symmetry (just a nice property to have): »S R S’  S’ R S

14 14 Semantics Q1 2007 Def: Equivalence Relation Let R be a binary relation over set A: R  A  A R is an equivalence relation iff: Reflexive: » Symmetric: » Transitive: »  x  A: x R x  x,y  A: x R y  y R x  x,y,z  A: x R y  y R z  x R z Q: is trace equivalence “  tr ” an equivalence relation ? Yes

15 15 Semantics Q1 2007 Equivalence “wish list” (cont’d)… Furthermore, we would like these properties: P+Q R Q+P // ‘ + ’ commutative (P+Q)+R R P+(Q+R) // ‘ + ’ associative P|Q R Q|P // ‘ | ’ commutative (P|Q)|R R P|(Q|R) // ‘ | ’ associative 0+P R P // ‘ 0 ’ is neutral wrt. ‘+’ 0|P R P // ‘ 0 ’ is neutral wrt. ‘ | ’... Trace equivalence ‘  tr ’ ? Yes

16 16 Semantics Q1 2007 …and (congruence wrt. CCS) Definition: “ R ” congruence (wrt. CCS): P R Q  C[P] R C[Q], for all contexts C[] »“relation is preserved under contextual substitution” A context = a process with a gap: Examples: P R Q  P+R R Q+R P R Q  P|S R Q|S P R Q  a.P R a.Q P R Q  ((a.P|R)+S)\x R ((a.Q|R)+S)\x C : .[] | []+P | P+[] | []|P | P|[] | [][f] | []\a []+R []|S a.[] Congruence ‘  tr ’ ?

17 17 Semantics Q1 2007 Congruence (cont’d) Trace equivalence, ‘  tr ’, and contexts? Recall the two Coca-cola machines: » » Now take the “Coke-only drinker”: » –Although, we have that: ’ ’  tr What the.. !? coin. (coke + sprite) coin.coke + coin.sprite coin. coke. drink ’ ’ problematic equality The coke drinker is certainly able to to distinguish the two dispensers !! Idea (can we…?): put the two dispensers in a context where they can be differentiated !

18 18 Semantics Q1 2007 Trace Equiv. ~ DFM Acceptance Recall: a deterministic finite automaton, A: is completely identified by its set of traces: L (A) Trace equivalence ~ DFA acceptance: (without accept states - by construction) P  tr Q iff they can produce the same traces This point of view is totally justified and natural if we view our LTSs as non- deterministic devices that may generate or accept sequences of actions. However, is it still a reasonable one if we view our automata as reactive machines that interact with their environment ? -- [Aceto, Larsen, Ingólfsdóttir, p. 41]

19 19 Semantics Q1 2007 S TRONG B ISIMULATION: ( ~ )

20 20 Semantics Q1 2007 Def: A Strong Bisimulation Let (Proc, Act,  ) be a LTS Def: a bin. rel. R  Proc  Proc is a strong bisimulation iff whenever ( s, t )  R :  a  Act : if s  s’ then t  t’ for some t’ such that ( s’, t’ )  R if t  t’ then s  s’ for some s’ such that ( s’, t’ )  R Note: 1. Definition on LTS (not necessarily wrt. processes) 2. Definition relative to a (SOS) semantics (via LTS) a a a a a Intuition: “Only equate as consistently allowed by the semantics”

21 21 Semantics Q1 2007 Def: Strongly Bisimilar ( ~ ) A Strong Bisimulation: Def: a bin. rel. R  Proc  Proc is a strong bisimulation iff whenever ( s, t )  R :  a  Act : if s  s’ then t  t’ for some t’ such that ( s’, t’ )  R if t  t’ then s  s’ for some s’ such that ( s’, t’ )  R The Strong Bisimilarity relation ( ~ ): Def: two (processes) s and t are strongly bisimilar ( s ~ t ) iff  strong bisimulation R : ( s, t )  R. i.e. a a a a ‘ ~ ’ :=  { R | R is a strong bisimulation }

22 22 Semantics Q1 2007 Basic Properties of ( ~ ) Theorem: ‘ ~ ’ is an equivalence relation (exercise…) Theorem: ‘ ~ ’ is the largest strong bisimulation »i.e. for any bisimulation R we have that: R  ‘ ~ ’ Theorem: –s ~ t iff  a  Act : if s  s’ then t  t’ for some t’ such that s’ ~ t’ if t  t’ then s  s’ for some s’ such that s’ ~ t’ a a a a

23 23 Semantics Q1 2007 How to Prove Strong Bisimilarity ? How to prove strong bisimilarity for two processes ? i.e. ?: Exhibit a (any) bisimulation R, for which: –By definition we get that: » since ‘ ~ ’ was the largest bisimulation ( s, t )  R  ‘ ~ ’ ( s, t )  R s ~ ts ~ t

24 24 Semantics Q1 2007 Example Proof of Bisimilarity Example: Buffer (capacity 1): Buffer (capacity 2): Show that: A 0 = def in. A 1 A 1 = def out. A 0 B 0 = def in. B 1 B 1 = def in. B 2 + out. B 0 B 2 = def out. B 1 B 0 ~ A 0 |A 0 B0B0 B1B1 B2B2 A 0 |A 0 A 1 |A 0 A 0 |A 1 A 1 |A 1 R = { ( B 0, A 0 |A 0 ), ( B 1, A 1 |A 0 ), ( B 1, A 0 |A 1 ), ( B 2, A 1 |A 1 ) }

25 25 Semantics Q1 2007 How to Prove Non-Bisimilarity ? How to prove non-bisimilarity ? i.e. ? Enumerate all binary relations: Check that none are bisimulations and contain (p,q) »However: extremely expensive O(2 |p||q| ) Use “Feynman Problem-Solving Algorithm”: »(1). Write down the problem; »(2). Think very hard; »(3). Write down the answer. Or… s ~ ts ~ t

26 26 Semantics Q1 2007 ( ~ ) B ISIMULATION G AMES

27 27 Semantics Q1 2007 The (Strong) Bisimulation Game Let (Proc, Act,  ) be a LTS and s, t  Proc Define 2-player game: [ attacker v defender ] The game is played in “rounds” and the configurations of the game are (Proc  Proc); »The game starts (first round) in ( s, t )  Proc  Proc Intuition (objectives): The defender wants to show that: The attacker wants to show that: a s ~ ts ~ t s ~ ts ~ t Cf. the note on SI proofs section 6 (p. 4).

28 28 Semantics Q1 2007 Rules of the Bisimulation Game In round k the players change the current configuration ( s k, t k ) as follows: First, the attacker chooses: »1) one of the processes (e.g. t k ); i.e., left or right; »2) a legal action from that process: a  Act; »3) a legal transition according to the LTS: t k  t k+1 Then, the defender chooses: »-) a “counter-move” using same action, a: s k  s k+1 ( s k+1, t k+1 ) becomes the next round’s configuration… Winning: If one player (only) cannot move, the other player wins If the game is infinite (repeats configuration), the defender wins a a

29 29 Semantics Q1 2007 Game Characterization of ( ~ ) Theorem: States (processes) s and t are not strongly bisimilar iff the attacker has a universal winning strategy States (processes) s and t are strongly bisimilar iff the defender has a universal winning strategy ( s ~ t ) basically means that: “the ‘perfect attacker’ always wins” ( s ~ t ) basically means that: “the ‘perfect defender’ always wins”

30 30 Semantics Q1 2007 Let’s Play… Let’s play…: ~ / ~ ? show of hands… ~ ’ ’ ? coin. (coke + sprite) coin.coke + coin.sprite ’ ’ coin ’ ’ sprite coke

31 31 Semantics Q1 2007 Another Game… Are the following two LTS(/processes) s and t strongly bisimilar: s ~ t ? There’s a universal attack strategy  hence, they are not strongly bisimilar : s ~ t

32 32 Semantics Q1 2007 ( ~ ) C ONGRUENCE

33 33 Semantics Q1 2007 ( ~ ) is a Congruence for CCS Theorem: Let P and Q be processes such that P ~ Q ; then: » .P ~ .Q   Act »P+R ~ Q+R  R  Proc »R+P ~ R+Q  R  Proc »P|R ~ Q|R  R  Proc »R|P ~ R|Q  R  Proc »P[f] ~ Q[f]  f : P(Act)  P(Act) relabellings »P\a ~ Q\a  a  Act \ {  } i.e. ‘ ~ ’ is a congruence for CCS

34 34 Semantics Q1 2007 Other Properties of ( ~ ) The following properties hold  P, Q, R : P+Q ~ Q+P // ‘ + ’ commutative (P+Q)+R ~ P+(Q+R) // ‘ + ’ associative P|Q ~ Q|P // ‘ | ’ commutative (P|Q)|R ~ P|(Q|R) // ‘ | ’ associative P+0 ~ P // ‘ 0 ’ neutral wrt. ‘ + ’ P|0 ~ P // ‘ 0 ’ neutral wrt. ‘ | ’...

35 35 Semantics Q1 2007 Summary: Strong Bisimilarity ( ~ ) Properties of ( ~ ): an equivalence relation: »reflexive, symmetric, and transitive the largest strong bisimulation: »for proving bisimilarity (exhibit a bisimulation) strong bisimulation game: »for proving non-bisimilarity (winning attack strategy) a congruence: »P ~ Q => C[P] ~ C[Q] obeys the following algebraic laws: »‘ + ’ and ‘ | ’ commutative, associative, and ‘ 0 ’ neutrality, … should we look any further ?!?

36 36 Semantics Q1 2007 W EAK B ISIMULATION: (  )

37 37 Semantics Q1 2007 Problems with Internal Actions: ‘  ’ Q: a.τ.0 ~ a.0 ? How would you show this? Problem ‘ ~ ’ does not: abstract away from internal actions Example: Disp = def coin. (coke.Disp + sprite.Disp) Stud = def study. coin. coke. Stud Impl = def (Disp | Stud) \ {coin,coke} Spec = def study. Spec Impl ~ Spec ?

38 38 Semantics Q1 2007 Can we just erase tau-actions? Consider: However, notice: i.e. we cannot simply erase tau-actions! D nasty = def coin.coke.D nasty + coin.D nasty Stud = def study. coin. coke. Stud Impl = def (Disp | Stud) \ {coin,coke} (coin.coke.D nasty +coin.D nasty | coin.coke.Stud) \ … (coke.D nasty | coke.Stud) \ …(D nasty | coke.Stud) \ …  

39 39 Semantics Q1 2007 Define Weak Transition Relation Def: the “weak transition relation”: ‘  ’ e.g., P  Q iff P  …  P’  Q’  …  Q –Means that we can perform an action, a, by: »first, “eating” any number of tau actions: »then, performing the a action; »last, “eating” any number of tau actions: This “eating” is precisely what will give the abstraction!       a a    :   ( ‘  ’ )* o ‘  ’ o ( ‘  ’ )*, if    ( ‘  ’ )*, if  =      

40 40 Semantics Q1 2007 Def: A Weak Bisimulation Let (Proc, Act,  ) be a LTS Def: a bin. rel. R  Proc  Proc is a weak bisimulation iff whenever ( s, t )  R :  a  Act : if s  s’ then t  t’ for some t’ such that ( s’, t’ )  R if t  t’ then s  s’ for some s’ such that ( s’, t’ )  R Note: 1. Definition on LTS (not necessarily wrt. processes) 2. Definition relative to a (SOS) semantics (via LTS) a a a a a Intuition: “Only equate as consistently allowed by the semantics; …abstracting away from tau actions”

41 41 Semantics Q1 2007 Def: Weakly Bisimilar (  ) A Weak Bisimulation: Def: a bin. rel. R  Proc  Proc is a weak bisimulation iff whenever ( s, t )  R :  a  Act : if s  s’ then t  t’ for some t’ such that ( s’, t’ )  R if t  t’ then s  s’ for some s’ such that ( s’, t’ )  R The Weak Bisimilarity relation (  ): Def: two (processes) s and t are weakly bisimilar ( s  t ) iff  weak bisimulation R : ( s, t )  R. i.e. a a a a ‘  ’ :=  { R | R is a weak bisimulation }

42 42 Semantics Q1 2007 Example (from earlier) Example (from earlier): 1. Does it hold? 2. How would you show this? Disp = def coin. (coke.Disp + sprite.Disp) Stud = def study. coin. coke. Stud Impl = def (Disp | Stud)\{coin,coke,sprite} Spec = def study. Spec Impl  Spec ?

43 43 Semantics Q1 2007 (  ) B ISIMULATION G AMES

44 44 Semantics Q1 2007 Weak Game Characterization Let (Proc, Act,  ) be a LTS and s, t  Proc The game is “similar” except: The defender may now use the ‘  ’ relation »…and thus abstract away from  -actions The attacker still uses: ‘  ’ Theorem (  ): s  t iff  winning attack strategy s  t iff  winning defensive strategy a a a

45 45 Semantics Q1 2007 Let’s Play… Example: a. .0  a.0 ? »How would you show this? Example’: 0  .0 ? a.0 + 0  a.0 + .0 ? Any remarks?!? Any consequences of the above? yes no  Thus “  ” not a congruence(!); due to ( P+[] ) yes

46 46 Semantics Q1 2007 Summary: Weak Bisimilarity (  ) Properties of (  ): an equivalence relation: »reflexive, symmetric, and transitive the largest weak bisimulation: »for proving bisimilarity (exhibit a bisimulation) weak bisimulation game: »for proving non-bisimilarity (winning attack strategy) not a congruence: »P  Q => C[P]  C[Q] obeys the following algebraic laws: »‘ + ’ and ‘ | ’ commutative, associative, and ‘ 0 ’ neutrality, … abstracts away from internal tau-actions

47 47 Semantics Q1 2007 (  ):“Fair Abstraction from Divergence” Consider: A = def a.0 + .B B = def b.0 + .A –Note that: »A  B  a.0 + b.0 !!!..and even: Div = def .Div »0  Div !!! Intuition: “Fair Abstraction from Divergence”: »  “assumes processes (eventually) escape from loops”

48 48 Semantics Q1 2007 CCS T OOLS

49 49 Semantics Q1 2007 Example: A Protocol Implementation: » Specification: » Verification: » and what does that mean? P spec = def acc. del. P spec P impl = def ( Send | Med | Rec ) \ L L = {send,error,trans,ack} accept deliver P spec ~ P impl P spec  P impl ? ? senderreceiver (transport) medium

50 50 Semantics Q1 2007 The Concurrency Workbench CWB: Recommendation: try it out (before the exam)! Command: eq(Spec,Impl); // weak bisimilarity CWB’s answer Command: strongeq(Spec,Impl); // strong bisimilarity CWB’s answer

51 51 Semantics Q1 2007 The Bisimulation Game Game The Bisimulation Game Game ® Special Family Edition (w/ TV cables & remote control) »Beat your sister at Process Algebra simulation… “Special Family Edition!” “ The Bisimulation Game ” Only $31,95 The Bisimulation Game [ http://www.brics.dk/bisim/ ] http://www.brics.dk/bisim/

52 52 Semantics Q1 2007 "Three minutes paper" Please spend three minutes writing down the most important things that you have learned today (now). After 1 day After 1 week After 3 weeks After 2 weeks Right away

53 53 Semantics Q1 2007 Next week: Program Equivalence, Imperative Blocks, Implementation, and other Semantic formalisms Any Questions? Thanks to Jiří Srba for inspiration to many of the slides

Download ppt "1 Semantics Q1 2007 S EMANTICS (Q1,’07) Week 6 Jacob Andersen PhD student"

Similar presentations

Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.

Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.
Theory of Computation CS3102 – Spring 2014 A tale of computers, math, problem solving, life, love and tragic death Nathan Brunelle Department of Computer.

Theory of Computation CS3102 – Spring 2014 A tale of computers, math, problem solving, life, love and tragic death Nathan Brunelle Department of Computer.
Possible World Semantics for Modal Logic

Possible World Semantics for Modal Logic
Jacob Andersen PhD student

Jacob Andersen PhD student
April 2009 CCS T OOLS Keywords: - Concurrency Workbench - CCS visualizer and simulator - The Bisimulation Game Game.

April 2009 CCS T OOLS Keywords: - Concurrency Workbench - CCS visualizer and simulator - The Bisimulation Game Game.
Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.

Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.
Lecture 7 Surreal Numbers. Lecture 7 Surreal Numbers.

Lecture 7 Surreal Numbers. Lecture 7 Surreal Numbers.
Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.

Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.
Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.

Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.

CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.
Section 7.4: Closures of Relations Let R be a relation on a set A. We have talked about 6 properties that a relation on a set may or may not possess: reflexive,

Section 7.4: Closures of Relations Let R be a relation on a set A. We have talked about 6 properties that a relation on a set may or may not possess: reflexive,
Process Algebra (2IF45) Probabilistic Process Algebra Suzana Andova.

Process Algebra (2IF45) Probabilistic Process Algebra Suzana Andova.
Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.

Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS 15-251 Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.

Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.
Introduction to Computability Theory

Introduction to Computability Theory
School of Computing and Mathematics, University of Huddersfield CAS2545: WEEK 11 LECTURE: n The meaning of Algebraic Specifications TUTORIAL/PRACTICAL:

School of Computing and Mathematics, University of Huddersfield CAS2545: WEEK 11 LECTURE: n The meaning of Algebraic Specifications TUTORIAL/PRACTICAL:
Transparency No. 2-1 Formal Language and Automata Theory Chapter 2 Deterministic Finite Automata (DFA) (include Lecture 3 and 4)

Transparency No. 2-1 Formal Language and Automata Theory Chapter 2 Deterministic Finite Automata (DFA) (include Lecture 3 and 4)
Transparency No. 10-1 Formal Language and Automata Theory Chapter 10 The Myhill-Nerode Theorem (lecture 15,16 and B)

Transparency No Formal Language and Automata Theory Chapter 10 The Myhill-Nerode Theorem (lecture 15,16 and B)

Similar presentations

Ads by Google