Concurrency Theory: Lecture 17, 21 March 2017
---------------------------------------------

Behavioural equivalences for transition systems:

======================================================================

Let TS = (Q,q_in,->) and TS' = (Q',q'_in,->') be transition
systems over the same set of actions Act.  When are TS and TS'
equivalent?

Language equivalence
--------------------

Traditional automata theory says they are equivalent if their
languages L(TS) and L(TS') are the same.

Consider the transition systems below:
                TS                      TS'
 
                q_in                   q'_in
                 |                      / \
               a |                   a /   \ a
                 |                    /     \
                q1                  q1'      q2'
                / \                  |        |
             b /   \ c             b |        | c
              /      \               |        |
             q2      q3             q3'      q4'

These are language equivalent.  However, suppose we place them in
parallel with an agent that does  "a" followed by "b".

   TS"     q"_in ---a---> q1" ---b---> q2"

(TS" || TS) will always execute "ab" and both components will run
to completion.  On the other hand (TS" || TS') may either do
"ab", reaching (q2",q3') or get stuck after "a" in the global
state (q1",q2').   This is usually referred to as a deadlock.

So, in a sense, TS" can "observe" a difference (through
deadlocks) between TS and TS', though they are language
equivalent.

This leads us to question whether we need a finer distinction
between tranistion systems than that of language equivalence.

Failures
--------

In the example above, the difference between TS and TS' is that
TS' can "refuse" to do b after a, if it takes the right branch.
It can also refuse to do c after a by taking the left branch.
TS, on the other hand, is always willing to do both b and c after
a.

This suggests describing behaviours as pairs (w,X), where w is a
sequence of actions that TS can do, and X is a set of actions
that TS can refused after doing w.

Define Failures(TS) = { (w,X) | q_in ---w-->* q and
                                for all a in X, q--/-a--> }

We say that TS and TS' are failures equivalent if Failures(TS) =
Failures(TS').

In the example above, we have (a,{b}) and (a,{c}) in
Failures(TS') but not in Failures(TS), so these are not
equivalent.

Note: If Y subseteq X and (w,X) in Failures(TS) then (w,Y) also
in Failures(TS), so it suffices to record "maximal" failure
pairs.  

Testing
-------

We motivated failures equivalence by describing how a process TS"
in parallel can "observe" deadlock.  This can be formalized as
testing equivalence.

A "test" is a transition system E (for Experiment) over an
alphabet Act U { sigma } where sigma is a special action local to
E indicating success of the experiment.

For instance, we can reformulate TS" above as

   E     q"_in ---a---> q1" ---b---> q2"---sigma--> q3"

Now, (E || TS) always leads to sigma being executed, whereas in
(E || TS'), sigma may fail to get enabled.

Given a test E and a transtion system TS, we say that

- TS must pass E if every execution of (E || TS) leads to sigma
  being enabled

- TS may pass E if some execution of (E || TS) leads to sigma
  being enabled

In the example above, TS must pass E while TS' may pass E.

We can order transition systems with respect to "may" and "must"
as follows:

- TS <=_may TS' if for every test E, if TS may pass E then TS'
  may pass E.

  We say that TS and TS' are may-equivalent (TS =_may TS') if
  TS <=_may TS' and TS' <=_may TS.

- TS <=_must TS' if for every test E, if TS must pass E then TS'
  must pass E

  We say that TS and TS' are must-equivalent (TS =_must TS') if
  TS <=_must TS' and TS' <=_must TS.

- We say that TS and TS' are testing equivalent if they are both
  may-equivalen and must-equivalent

Theorem: TS and TS' are testing equivalent iff Failures(TS) =
Failures(TS'). 

----------------------------------------------------------------------

Simulation
----------

Another way of approaching equivalence is through simulation.
TS' simulates TS if TS' can do everything that TS can.  If TS'
can simulate TS and TS can simulate TS', they ought to be
"equivalent".  Surprisingly, this notion is quite subtle to
capture formally.

Let TS = (Q,q_in,->) and TS' = (Q',q'_in,->') be transition
systems over the same set of actions Act.

A simulation relation is a relation S subset of Q x Q' such that

- if (q1,q1') in S and q1 --a--> q1', then there exists q2' such
  that q1' --a--> q2' and (q1',q2') are also in S

In other words, at every pair of states (q,q'), q' can match
each move from q in such as way that the simulation continues
after the matching move.

We say that TS' simulates TS if there is such a simulation
relation S with (q_in,q'_in) in S.

2-way simulation
----------------

TS and TS' are 2-way similar if there is a simulation S subset of
Q x Q' from TS to TS' and a reverse simulation S' subset of Q' x
Q from TS' to TS.

----------------------------------------------------------------------

Surprisingly, 2-way simulation is not the correct way to capture
our intuition about two systems being equivalent by being able to
simulate each other.

Consider the following systems:

                TS                        TS'

                q_in                    q'_in
                 |                       |\
               a |                     a |  \ a
                 |                       |    \
                q1                      q1'     q4'
                / \                     / \      |
             b /   \ c               b /   \ c   | c
              /      \                /     \    |
             q2      q3              q2'    q3' q5'

In the forward direction, let

  S = { (q_in,q'_in), (q1,q1'), (q2,q2'), (q3,q3') }

In reverse, 

  S' = { (q'_in,q_in), (q1',q1), (q2',q2), (q3',q3), (q4',q1), (q5',q3) }

Clearly, however, there is no state in TS that correponds to TS',
which can only do c but not b.  Hence it is not sensible to claim
these are equivalent.  In fact, these systems are not even
failures equivalent.

----------------------------------------------------------------------

Bisimulation
------------

The correct notion turns out to be bisimulation, which maintains
the two-way simulation capacity at every stage.

Let TS = (Q,q_in,->) and TS' = (Q',q'_in,->') be transition
systems over the same set of actions Act.

A bisimulation relation is a relation R subset of Q x Q' such that

- if (q1,q1') in R and q1 --a--> q1', then there exists q2' such
  that q1' --a--> q2' and (q1',q2') is also in R

- if (q1,q1') in R and q1' --a--> q2', then there exists q2 such
  that q1 --a--> q2 and (q1',q2') is also in R

We say that TS and TS' are bisimilar if there is such a
bisimulation relation R with (q_in,q'_in) in R.

Notes:

1. If R1 and R2 are bisimuations between TS and TS', so is R1
   union R2.  Hence, it makes sense to talk of the largest
   bisimulation relation between two transition systems.

2. Typically, bisimulation is presented as a relation R subset of
   Q x Q on a single transition system.  In our context, we can
   treat the disjoint union of TS and TS' as a single transition
   system with states Q union Q'.  We can then look for the
   largest R on this set and verifiy if (q_in,q'_in) is in R.

======================================================================