Behavioral Equivalence

Hossein HojjatFormal Lab

University of Tehran

Equivalence

A concurrent system shouldn’t just be a single model (Petri net, process expression,…)

Instead it is represented by an equivalence class of such objects

The models give a representation that isn’t abstract enough

For this purpose many equivalence notions have been proposed in the literature

Implementation Correctness

Often equivalence relations are used to establish the correctness of implementations with respect to specifications of concurrent systemsSuppose that

P represents a specificationQ represents an implementation

P ~ Q states that the implementation is correct

~

Equivalence Notions

Many different equivalence notions have been proposed in the literature

Which aspects of system are crucial and which of them can be avoided

We shall introduce bisimulation equivalence, which is an important semantic equivalence over CCS processes

Vending machine

Consider a tea/coffee vending machine

A = coin. (tea.A + coin.coffee.A)

coin

coin

coffeetea

A

B

C

Non-det vending machine

Now consider a non deterministic vending machine

A’ = coin. (tea.A’ + coin.coffee.A’) + coin.tea.A’

coin

coincoffee

teaB’

C’

A’

B0’

tea

coin

Equivalence

coin

coin

coffeetea

A

B

C

coin

coincoffee

teaB’

C’

A’

B0’

tea

coin

These two systems are language equivalent (why?)

Equivalence

coin

coin

coffeetea

A

B

C

coin

coincoffee

teaB’

C’

A’

B0’

tea

coin

These two systems are language equivalent (why?)

But the machines are different

When we supply a coin to the second machine, it can non-deterministically go to a state as before, or to a state that we can only obtain tea!

What’s wrong?

The reactive behavior of the system is changed

If every input and output seen as an interaction with the environment, they are not equivalent

We need a different notion of equivalency

Strong simulation

A Relation R on the states of an LTS is a strong simulation if p R q implies

if p p’ then there exists q’ such that q q’ and p’Rq’

If such a relation exists, we say Q strongly simulates P

α

α

p q

p’ q’

R

R

α α

Strong simulation in vending machine

coin

coin

coffeetea

A

B

C

coin

coincoffee

teaB’

C’

A’

B0’

tea

coin

We claim that the first system strongly simulates the second

A’ R A

B’ R B B0’R B

C’ R C

Proof- Step1

coin

coin

coffeetea

A

B

C

coin

coincoffee

tea

C’

A’

B0’

tea

coin

B’

coin

Proof- Step2

coin

coin

coffeetea

A

B

C

coin

coincoffee

tea

C’

A’

B0’

tea

coin

B’

coin

Proof- Step3

coin

coin

coffeetea

A

B

C

coin

coincoffee

tea

C’

A’

B0’

tea

coin

coin

B’tea

Proof- Step4

coin

coin

coffeetea

A

B

C

coin

coincoffee

tea

A’

B0’

tea

coin

coin

B’

C’

coin

Proof- Step5

coin

coin

coffeetea

A

B

C

coin

coincoffee

tea

C’

A’

B0’

tea

coin

coin

B’tea

Proof- Step6

coin

coin

coffeetea

A

B

coin

coincoffee

tea

A’

B0’

tea

coin

coin

B’

C’C

coffee

The opposite direction

The second system also strongly simulates the first one

A R A’

B R B’

C R C’

Intuitively it is correct

Thee second machine can simulate every step the first machine can take

Problem

It seems that we have defeated our original purpose

The two machines should not be observationally equivalent

But each one can strongly simulates the other

We need a new idea

Strong bisimulation

In 1981 David Park proposed a new approach to define the equivalence of automatons: bisimulation

Strong Bisimulation: There is a single relation that both the relation and its converse are strong simulation

Under this definition the two vending machines are not equivalent

Exercise

Prove that these systems are bisimilar:

A = a.A

B = a.B + a.a.B

def

def

τedges

The original definition of bisimulation holds in LTS without τ

Milner introduced a new kind of bisimulationWeak bisimulation equivalence

It permits arbitrary sequences of τsteps to precede or follow corresponding atomic actions

Definition

We define

P P’ iff P … P’τ* τ τ

P P’ iff P P1 P2 P’τ*λ τ* τ* λ τ*

Weak simulation

We say R is a weak simulation if the following two satisfied:

1. If PRQ and P P’ then there exists a Q’ such that Q Q’ and P’RQ’

2. If PRQ and P P’ then there exists a Q’ such that Q Q’ and P’RQ’P and Q are weakly bisimilar

if there is a relation R such that both R and inverse are weak bisimulation

τ

τ*

λ

τ*λ τ*

Weak simulation- graphically

p q

p’ q’

R

R

τ

p q

p’ q’

R

R

λ

τ*λ

τ*τ*