Concurrency Theory: Lecture 18, 28 March 2017 --------------------------------------------- Recall, the definition of failures and testing: Failures(TS) = { (w,X) | q_in ---w-->* q and for all a in X, q--/-a--> } TS and TS' are failures equivalent if Failures(TS) = Failures(TS') A "test" is a transition system E (for Experiment) over an alphabet Act U { sigma } where sigma is a special action local to E indicating success of the experiment. - TS must pass E if every execution of (E || TS) leads to sigma being enabled - TS may pass E if some execution of (E || TS) leads to sigma being enabled - TS <=_may TS' if for every test E, if TS may pass E then TS' may pass E. - TS <=_must TS' if for every test E, if TS must pass E then TS' must pass E - TS is testing equivalent to TS' if TS =_may TS' and TS =_must TS' Theorem: TS and TS' are testing equivalent iff Failures(TS) = Failures(TS'). Proof Sketch (one direction): It is not difficult to see that TS <=_may TS' iff L(TS) is a subset of L(TS'). So, if TS =/=_may TS', they are not language equivalent and vice versa. Assume TS =_may TS' but TS =/=_must TS'. Then, without loss of generality, there is a maximal failure pair (w,X) in Failures(TS) such that there is no maximal failure (w,Y) in Failures(TS') with Y subset of X. Then each state reached via w in TS' has at least one action from X enabled after it. Let X = {a1,a2,..,ak}. Design a test E that performs w as a sequence followed by a k-way branch on a1,...,ak each followed by sigma. Clearly TS may fail E but TS' must pass E. ---------------------------------------------------------------------- Decidability of failure equivalence ----------------------------------- Failure equivalence is decidable for finite-state systems. Given finite state systems TS = (Q,q_in,->) and TS' = (Q',q'_in,->') it suffices to find a pair (w,X) such that, without loss of generality, (w,X) is in Failures(TS) but not in Failures(TS'). Since TS is finite-state, we can effectively calculate for each q in Q L(q) = { w | q_in --w--> q }. Likewise for each q' in Q'. Use these facts to compute a witness that shows failure inequivalence. ---------------------------------------------------------------------- Decidability of bisimulation ---------------------------- An alternative presentation of bisimulation is in terms of observational equivalence. Recall that we normally define bisimulations on a single set of states Q. Observational equivalence is defined inductively. 1. q ~_0 q' for all q,q' in Q 2. For k > 0, q ~_k q' if the following hold - For each q --a--> q1, there exists q' --a--> q'_1 with q_1 ~_{k-1} q'_1 - For each q' --a--> q'1, there exists q --a--> q_1 with q_1 ~_{k-1} q'_1 q and q' are observationally equivalent, written q ~ q', iff q ~_n q' for all n >= 0. Theorem: Observational equivalence coincides with bisimulation for finitely branching systems (and hence for finite-state systems) From this, we get an algorithm based on partition refinement to compute the largest bisimulation on a set of states Q, similar to the one for computing the minimum DFA for a language. 1. Initially, put all of Q in a single partition 2. Split Q based on enabled actions: if q and q' have different sets of actions enabled, they go into different partitions. 3. Refine repeatedly: if {q,q'} are in the same partition, but there is some move q --a--> q1 that cannot be matched by a move q'--a-->q'1 where {q1,q'1} are in the same partition (or vice versa), split the partition containing {q,q'} Since each split creates a new partition and this process must terminate. There are only a finite number of states and the number of partitions is bounded by the number of states. ----------------------------------------------------------------------