Concurrency Theory: Lecture 17, 27 March 2018 --------------------------------------------- Decidability of failure equivalence ----------------------------------- Failure equivalence is decidable for finite-state systems. Given finite state systems TS = (Q,q_in,->) and TS' = (Q',q'_in,->') it suffices to find a pair (w,X) such that, without loss of generality, (w,X) is in Failures(TS) but not in Failures(TS'). Since TS is finite-state, we can effectively calculate for each q in Q L(q) = { w | q_in --w--> q }. Likewise for each q' in Q'. Use these facts to compute a witness that shows failure inequivalence. ---------------------------------------------------------------------- Decidability of bisimulation ---------------------------- An alternative presentation of bisimulation is in terms of observational equivalence. Recall that we normally define bisimulations on a single set of states Q. Observational equivalence is defined inductively. 1. q ~_0 q' for all q,q' in Q 2. For k > 0, q ~_k q' if the following hold - For each q --a--> q1, there exists q' --a--> q'_1 with q_1 ~_{k-1} q'_1 - For each q' --a--> q'1, there exists q --a--> q_1 with q_1 ~_{k-1} q'_1 q and q' are observationally equivalent, written q ~ q', iff q ~_n q' for all n >= 0. Theorem: Observational equivalence coincides with bisimulation for finitely branching systems (and hence for finite-state systems) (As a counterexample when the system has infinite branching, consider TS which has a single state with a self loop on action a and TS' which an infinitely branching tree with paths a, aa, aaa, ..., a^i, ... for every i hanging off the root. These are observationally equivalent but not bisimilar.) From this, we get an algorithm based on partition refinement to compute the largest bisimulation on a set of states Q, similar to the one for computing the minimum DFA for a language. 1. Initially, put all of Q in a single partition 2. Split Q based on enabled actions: if q and q' have different sets of actions enabled, they go into different partitions. 3. Refine repeatedly: if {q,q'} are in the same partition, but there is some move q --a--> q1 that cannot be matched by a move q'--a-->q'1 where {q1,q'1} are in the same partition (or vice versa), split the partition containing {q,q'} Since each split creates a new partition, this process must terminate. There are only a finite number of states and the number of partitions is bounded by the number of states. ---------------------------------------------------------------------- Silent actions -------------- Our definitions of equivalence have been motivated by observations we can make in parallel in contexts such as TS_1 || TS_2. We have implicitly assumed that all actions of TS_1 and TS_2 are visible. However, if TS_2 is itself composed of sub-components, these may make internal transitions that TS_1 cannot "see". This motivates us to explore equivalences on transition systems with silent actions. Let TS = (Q,q_in,->) be a transition system over actions Act union {tau}, where tau is a silent action, not in Act. tau is like an epsilon transition in an NFA --- only the notation is different. When we observe TS, we assume we cannot see tau actions. This gives rise to a "weak" transition relation labelled by visible actions in Act only. - q ==epsilon==> q, for all q in Q - q --tau--q' ==epsilon==> q" implies q ==epsilon==>q" - q ==a==>q' if q ==epsilon==> q0 --a--> q1 ==epsilon==> q' As usual, q ==w==> q' for w = a1 a2 ... ak if q = q0 ==a1==> q1 ==a2==> q2 ==a3==> .... ==ak==> qk = q' We can now define languages, failures and bisimulation with respect to this weak transition relation. WL(TS) = { w | q_in ===w==> q for some q in Q} WF(TS) = { (w,X) | q_in ==w==> q and q =/=a==> for any a in X} Note that the failure set X is defined with respect to weak a-transitions enabled at q. A weak bisimulation relation is a relation R subset of Q x Q such that - if (q1,q1') in R and q1 == mu ==> q1', for mu in Act union {epsilon}, then there exists q2' such that q1' == mu ==> q2' and (q1',q2') is also in R - if (q1,q1') in R and q1' == mu ==> q2', for mu in Act union {epsilon}, then there exists q2 such that q1 == mu ==> q2 and (q1',q2') is also in R Note that weak bisimulation also covers silent moves from the current state. To check (Assignment 3): Are weak language equivalence, weak failure equivalence and weak bisimulation congruences wrt ||? ---------------------------------------------------------------------- Bisimulation and concurrency ---------------------------- Bisimulation is defined using single actions. Thus, bisimulation cannot distinguish between independent actions a || b and nondeterministic interleaving ab + ba. One solution is to augment the transition relation with steps and ask for bisimulation with respect to both single action and step transitions. However, one has to be careful. Consider the following two systems where a and b are independent, but c,d,e are not. The initial state is the centre of the square. ^ ^ \ | \ | e c e c \ | \ | q1<--b--q2--b-->q3 q'1<--b--q'2--b-->q'3 ^ ^ ^ ^ ^ ^ | | | | | | a a a a a a | | | | | | <--d--q4<--b--q5--b-->q6 q'4<--b--q'5--b-->q'6--d--> | | | | | | a a a a a a | | | | | | v v v v v v q7<--b--q8--b-->q9 q'7<--b--q'8--b-->q'9 \ \ e e \ \ Here, starting from (q5,q'5), we would simulate a b-move to q4 on the left by a b move to q'6 on the right and a b-move to q6 on the left by a b-move to q'4 on the right. The a moves up and down are matched by corresponding a moves up and down. However, we now see that a linearization of a step q5-b->q4->q7 on the left, for instance, is matched by a linearization q'5-b->q'6-a->q'3. But, the other linearization of the same steps, q5-a->q8-b->q7 and q'5-a->q'2->q'3 are not bisimilar because q'2 has c enabled whereas q8 does not. In other words, we can match single actions and steps across these two systems, but the relation that matches the steps is not compatible with the one that matches the single steps. A bisimulation can be viewed as a game, like EF-games in first order logic, where the Spoiler picks one system to explore and the Duplicator matches each move. In the usual bisimulation game, the only moves allowed are forward moves. In a concurrent system with independent actions, one can add negative moves, where the Spoiler takes back a maximal action in the current trace. In a sequential setting, this adds no power because there is always only one maximal action, which is the last action executed. However, in a concurrent setting, one can explore an {a,b} step via the path ab, then retract the maximal a to present the Duplicator with the state after b on the "other side of the diamond", which must now match. In the example above, after the Duplicator matches matching q5-b->q4->q7 by q'5-b->q'6-a->q'3, the Spoiler can undo the b, leaving the left hand system in q8 and the right hand system in q'2, which are not bisimilar. Thus, for concurrent systems, we can define bisimulation that respects steps in a strong way by working with single steps but allowing negative moves of maximal events. This is called hereditary history preserving bisimulation. Unfortunately, it is undecidable even for finite-state systems. ======================================================================