Concurrency Theory: Lecture 16, 22 March 2018 --------------------------------------------- Recall, the definition of failures: Failures(TS) = { (w,X) | q_in ---w-->* q and for all a in X, q--/-a--> } TS and TS' are failures equivalent if Failures(TS) = Failures(TS') ---------------------------------------------------------------------- Testing ------- We motivated failures equivalence by describing how a process TS" in parallel can "observe" deadlock. This can be formalized as testing equivalence. A "test" is a transition system E (for Experiment) over an alphabet Act U { sigma } where sigma is a special action local to E indicating success of the experiment. For instance, we can reformulate TS" above as E q"_in ---a---> q1" ---b---> q2"---sigma--> q3" Now, (E || TS) always leads to sigma being executed, whereas in (E || TS'), sigma may fail to get enabled. Given a test E and a transtion system TS, we say that - TS must pass E if every execution of (E || TS) leads to sigma being enabled - TS may pass E if some execution of (E || TS) leads to sigma being enabled In our earlier example (below), TS must pass E while TS' may pass E. TS TS' q_in q'_in | / \ a | a / \ a | / \ q1 q1' q2' / \ | | b / \ c b | | c / \ | | q2 q3 q3' q4' We can order transition systems with respect to "may" and "must" as follows: - TS <=_may TS' if for every test E, if TS may pass E then TS' may pass E. We say that TS and TS' are may-equivalent (TS =_may TS') if TS <=_may TS' and TS' <=_may TS. - TS <=_must TS' if for every test E, if TS must pass E then TS' must pass E We say that TS and TS' are must-equivalent (TS =_must TS') if TS <=_must TS' and TS' <=_must TS. - We say that TS and TS' are testing equivalent if they are both may-equivalent and must-equivalent Theorem: TS and TS' are testing equivalent iff Failures(TS) = Failures(TS'). Proof Sketch (one direction): It is not difficult to see that TS <=_may TS' iff L(TS) is a subset of L(TS'). So, if TS =/=_may TS', they are not language equivalent and vice versa. Assume TS =_may TS' but TS =/=_must TS'. Then, without loss of generality, there is a maximal failure pair (w,X) in Failures(TS) such that there is no maximal failure (w,Y) in Failures(TS') with Y subset of X. Then each state reached via w in TS' has at least one action from X enabled after it. Let X = {a1,a2,..,ak}. Design a test E that performs w as a sequence followed by a k-way branch on a1,...,ak each followed by sigma. Clearly TS may fail E but TS' must pass E. ---------------------------------------------------------------------- Simulation ---------- Another way of approaching equivalence is through simulation. TS' simulates TS if TS' can do everything that TS can. If TS' can simulate TS and TS can simulate TS', they ought to be "equivalent". Surprisingly, this notion is quite subtle to capture formally. Let TS = (Q,q_in,->) and TS' = (Q',q'_in,->') be transition systems over the same set of actions Act. A simulation relation is a relation S subset of Q x Q' such that - if (q1,q1') in S and q1 --a--> q1', then there exists q2' such that q1' --a--> q2' and (q1',q2') are also in S In other words, at every pair of states (q,q'), q' can match each move from q in such a way that the simulation continues after the matching move. We say that TS' simulates TS if there is such a simulation relation S with (q_in,q'_in) in S. 2-way simulation ---------------- TS and TS' are 2-way similar if there is a simulation S subset of Q x Q' from TS to TS' and a reverse simulation S' subset of Q' x Q from TS' to TS. ---------------------------------------------------------------------- Surprisingly, 2-way simulation is not the correct way to capture our intuition about two systems being equivalent by being able to simulate each other. Consider the following systems: TS TS' q_in q'_in | |\ a | a | \ a | | \ q1 q1' q4' / \ / \ | b / \ c b / \ c | c / \ / \ | q2 q3 q2' q3' q5' In the forward direction, let S = { (q_in,q'_in), (q1,q1'), (q2,q2'), (q3,q3') } In reverse, S' = { (q'_in,q_in), (q1',q1), (q2',q2), (q3',q3), (q4',q1), (q5',q3) } Clearly, however, there is no state in TS that correponds to TS', which can only do c but not b. Hence it is not sensible to claim these are equivalent. In fact, these systems are not even failures equivalent. ---------------------------------------------------------------------- Bisimulation ------------ The correct notion turns out to be bisimulation, which maintains the two-way simulation capability at every stage. Let TS = (Q,q_in,->) and TS' = (Q',q'_in,->') be transition systems over the same set of actions Act. A bisimulation relation is a relation R subset of Q x Q' such that - if (q1,q1') in R and q1 --a--> q1', then there exists q2' such that q1' --a--> q2' and (q1',q2') is also in R - if (q1,q1') in R and q1' --a--> q2', then there exists q2 such that q1 --a--> q2 and (q1',q2') is also in R We say that TS and TS' are bisimilar if there is such a bisimulation relation R with (q_in,q'_in) in R. Notes: 1. If R1 and R2 are bisimuations between TS and TS', so is R1 union R2. Hence, it makes sense to talk of the largest bisimulation relation between two transition systems. 2. Typically, bisimulation is presented as a relation R subset of Q x Q on a single transition system. In our context, we can treat the disjoint union of TS and TS' as a single transition system with states Q union Q'. We can then look for the largest R on this set and verifiy if (q_in,q'_in) is in R. ======================================================================