Process AlgebraCalculus of Communicating Systems
Daniel ChoiProvable Software Lab.
KAIST
Content
• Introduction
• Calculus of Communicating Systems
• Equivalence for CCS
• Discussions
23年 4月 21日 2/59Provable Software Laboratory Seminar
Why are we going to study Process Algebra?
• Need– Mathematical models for
concurrent communicating processes?
• How– How can we define a mathematical
models for concurrent communicating process?
23年 4月 21日 3/59Provable Software Laboratory Seminar
Why are we going to study Process Algebra?
• Need– Mathematical models for
concurrent communicating processes?
• How– How can we define a mathematical
models for concurrent communicating process?
23年 4月 21日 4/59Provable Software Laboratory Seminar
The reason why we study Process Algebra
23年 4月 21日 Provable Software Laboratory Seminar
5 /59
• Need– Mathematical models for
concurrent communicating processes?
– Process Algebra, Petri Net, etc.
• How– How can we define a mathematical
models for concurrent communicating process?
– By defining structured operational semantics
Families of Algebraic Approaches
• Milner’s Calculus of Communicating Systems (CCS)
• Hoare’s theory of Communicating Sequential Processes
• The Algebra of Communicating Processes (ACP) of Bergstra & Klop
23年 4月 21日 6 /59Provable Software Laboratory Seminar
Content
• Introduction – Why are we going to study Process Algebra?
• Calculus of Communicating Systems– Definitions– Operational Semantic of CCS Terms– Examples
• Equivalence for CCS
• Discussions
23年 4月 21日 7 /59Provable Software Laboratory Seminar
DefinitionsTheoretical definitions
• Assume a non-empty set S of states, together with a finite, non-empty set of transition labels A and a finite set of predicate symbols
• Signature– Consist of a finite set of function symbols f, g, … where each function symbol f has an arity ar(f), being its number of
arguments.– Symbol of arity zero : constant (a, b, c, …)– Countably infinite set of variables (x, y, z, …)
• Finite non-empty set A of (atomic) actions– Each atomic action a is a constant that can execute itself, after which it terminates successfully.
• Term– Set T(∑) of open terms, s, t, u, … over ∑ is defined as the least set satisfying
• Each variable is T(∑);• If f ∈ ∑ and t1, …, tar(f) ∈ T(∑), then f(t1, …, tar(f)) ∈ T(∑)
– A term is closed if it does not contain variables. The set of closed terms is denoted by T(∑)
• Labeled transition system – A transition is a triple (s, a, s’) with a ∈ A, or a pair (s, P) with P a predicate, where s, s’ ∈ S. A labeled transition system (LTS)
is a possibly infinite set of transitions. An LTS is finitely branching if each of its states has only finitely many outgoing transitions
– The states of an LTS are always the closed terms over a signature ∑. – In view of the syntactic structure of closed terms over a signature, such transitions can be derived by means of inductive proof
rules, where the validity of a number of transitions (the premises) may imply the validity of some other transition (the conclusion)
• Process graph – A Process (graph) p is an LTS in which one state s is elected to be the root. If the LTS contains a transition s – a -> s’, then p –
a -> p’ where p’ has root state s’. Moreover, if the LTS contains a transition sP, then pP.
23年 4月 21日 8 /59Provable Software Laboratory Seminar
DefinitionsTheoretical definitions
• Assume a non-empty set S of states, together with a finite, non-empty set of transition labels A and a finite set of predicate symbols
• Signature– Consist of a finite set of function symbols f, g, … where each function symbol f has an arity ar(f), being its number of
arguments.– Symbol of arity zero : constant (a, b, c, …)– Countably infinite set of variables (x, y, z, …)
• Finite non-empty set A of (atomic) actions– Each atomic action a is a constant that can execute itself, after which it terminates succefully.
• Term– Set T(∑) of open terms, s, t, u, … over ∑ is defined as the least set satisfying
• Each variable is T(∑);• If f ∈ ∑ and t1, …, tar(f) ∈ T(∑), then f(t1, …, tar(f)) ∈ T(∑)
– A term is closed if it does not contain variables. The set of closed terms is denoted by T(∑)
• Labeled transition system – A transition is a triple (s, a, s’) with a ∈ A, or a pair (s, P) with P a predicate, where s, s’ ∈ S. A labeled transition system (LTS)
is a possibly infinite set of transitions. An LTS is finitely branching if each of its states has only finitely many outgoing transitions
– The states of an LTS are always the closed terms over a signature ∑. – In view of the syntactic structure of closed terms over a signature, such transitions can be derived by means of inductive proof
rules, where the validity of a number of transitions (the premises) may imply the validity of some other transition (the conclusion)
• Process graph – A Process (graph) p is an LTS in which one state s is elected to be the root. If the LTS contains a transition s – a -> s’, then p –
a -> p’ where p’ has root state s’. Moreover, if the LTS contains a transition sP, then pP.
23年 4月 21日 9 /59Provable Software Laboratory Seminar
DefinitionsDefinitions in CCS
• Actions– Atomic – uninterruptible execution steps
(with some other internal computation steps(τ))– Representing potential interactions with its environment
(inputs/outputs on ports)
23年 4月 21日 Provable Software Laboratory Seminar
10 /59
action not vaild is α, α
}{} α|α{ A
step.n computatio internalan represents
αport on signal a emitting ofact therepresents , α where,α
αport on signal a receiving ofact therepresents , α whereα,
CCS
DefinitionsOperator of CCS
• nil – terminated process that has finished execution
• a.p– Capable first of a and then behaves like p
• + – Choice construct– p1 + p2 offers the potential of behaving like either p1 or p2, depending on the interactions offered by the
environment
• | – parallel composition– p1 | p2 offers interleaves the execution of p1 and p2 – Permitting complementary actions of p1 and p2 to synchronize (τ)
• Restriction operator– Permits actions to be localized within a system
• [f]– Actions in a process to be renamed– P[f] behaves exactly like p except that f is applied to each action that p wishes to engage in
• Defining equation– C represents a valid system
23年 4月 21日 11 /59Provable Software Laboratory Seminar
DefinitionsLabeled transition Systems
• Labeled transition system (LTS) – Triple <Q, A,→>
• Q : a set of states • A : a set of actions• → : transition relation →⊆Qⅹ A ⅹ Q
– B = ((a.(b.B + c.0) + b.0)|a’.0 )\a
23年 4月 21日 12 /59Provable Software Laboratory Seminar
B
((b.B + c.0)|0)\a
(0|a’.0)\a
(0|0)\a
(B|0)\a …
τ
b
c
b
Temporal Structure
Operation Semantics of CCS Terms
23年 4月 21日 13 /59Provable Software Laboratory Seminar
Referenced from lecture note of Prof. Kim
ExamplesLovers
• Assume that there is a man and a woman in the society• Man and Woman can manifest their emotion independently
(concurrently)
• M = ‘man.(acc.M‘+ rej.M) • W = man.(‘acc.W’ + ‘rej.W)
• M’ = lov.M’ + ‘lov.M’ + ‘neg_man.M• W’ = lov.W’ + ‘lov.W’ + neg_man.W
• Does L = (M|W) is a model of happy lovers?
23年 4月 21日 14 /59Provable Software Laboratory Seminar
ExamplesLTS of Unhappy lovers
23年 4月 21日 15 /59Provable Software Laboratory Seminar
M|W
(acc.M‘+ rej.M) |W M|(’acc.W’ + ‘rej.W)
‘man man
(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
M’|W M|W’ M’|(’acc.W’ + ‘rej.W)
acc‘rej
‘acc
acc‘acc
rej
‘rej
rej
(acc.M‘+ rej.M)|W’
M‘|W’
τ
τ
τ
man ‘man
‘acc
acc
τ,lov,’lov
τ
neg_man‘neg_man
lov,’lov
lov,’lov
‘neg_man
neg_man
ExamplesLTS of Unhappy lovers
23年 4月 21日 16 /59Provable Software Laboratory Seminar
M|W
(acc.M‘+ rej.M) |W M|(’acc.W’ + ‘rej.W)
‘man man
(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
M’|W M|W’ M’|(’acc.W’ + ‘rej.W)
acc‘rej
‘acc
acc‘acc
rej
‘rej
rej
(acc.M‘+ rej.M)|W’
M‘|W’
τ
τ
τ
man ‘man
‘acc
acc
τ,lov,’lov
τ
neg_man‘neg_man
lov,’lov
lov,’lov
‘neg_man
neg_man
One sided Love
ExamplesLTS of Happy lovers
23年 4月 21日 17 /59Provable Software Laboratory Seminar
HL = (M|W) \{man, lov, acc, rej}
M|W
(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
M‘|W’
τ
τ
τ
ExamplesLTS of Happy lovers
23年 4月 21日 18 /59Provable Software Laboratory Seminar
HL = (M|W) \{man, lov, acc, rej}
M|W
(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
M‘|W’
τ
τ
τ
proc HL = (M|W)\{manifest,love,neg_manifest,accept,reject}proc UHL = (M|W)
proc M = 'manifest.(accept.M1 + reject.M) proc W = manifest.('accept.W1 + 'reject.W) proc M1 = love.M1 + 'love.M1 + 'neg_manifest.Mproc W1 = 'love.W1 + love.W1 + neg_manifest.W
ExamplesProof
• Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej}
23年 4月 21日 19 /59Provable Software Laboratory Seminar
(M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej}
ExamplesProof
• Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej}
23年 4月 21日 20 /59Provable Software Laboratory Seminar
(M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej}
Res
ExamplesProof
• Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej}
23年 4月 21日 21 /59Provable Software Laboratory Seminar
(M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej}
‘man.(acc.M‘+ rej.M) | man.(‘acc.W’ + ‘rej.W) -τ->(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
Res
ExamplesProof
• Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej}
23年 4月 21日 22 /59Provable Software Laboratory Seminar
(M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej}
‘man.(acc.M‘+ rej.M) | man.(‘acc.W’ + ‘rej.W) -τ->(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
Parτ
Res
ExamplesProof
• Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej}
23年 4月 21日 23 /59Provable Software Laboratory Seminar
(M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej}
‘man.(acc.M‘+ rej.M) | man.(‘acc.W’ + ‘rej.W) -τ->(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)
‘man.(acc.M‘+ rej.M) – ‘man-> (acc.M‘+ rej.M) man.(‘acc.W’ + ‘rej.W) – man-> (‘acc.W’ + ‘rej.W)
Act Act
Parτ
Res
ExamplesProof
• Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej}
23年 4月 21日 24 /59Provable Software Laboratory Seminar
((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} -τ-> (M’|W’) \{man, lov, acc, rej}
(acc.M‘+ rej.M) | (‘acc.W’ + ‘rej.W) -τ-> (M’|W’)
(acc.M‘+ rej.M) - acc-> M’ (‘acc.W’ + ‘rej.W) – ‘acc -> W’
acc.M‘ – acc -> M’ ‘acc.W‘ – ‘acc -> W’
Act Act
ChoiceL ChoiceL
Parτ
Res
Content• Introduction
– Why are we going to study Process Algebra?
• Calculus of Communicating Systems– Definitions– Operational Semantic of CCS Terms– Examples
• Equivalence for CCS– Trace Equivalence – Strong Bisimulation Equivalence– Weak Bisimulation Equivalence
• Discussions
23年 4月 21日 25 /59Provable Software Laboratory Seminar
Trace EquivalenceDefinition
• Language Equivalence – Two machines are equivalent if they accept the same sequences
of symbol
• Can we directly apply language equivalence to rooted LTS? No– Identify every state in a rooted LTS as being accepting
• Definition Let <Q, A,→> be a labeled transition system– Let A* consists of the set of finite sequences of elements of A– Let s = a1 … an ∈A* be a sequence of actions. Then q – s-> q’ if there are
states q0, ..., qn such that q = q0, qi –ai-> qi+1 and q’ = qn – s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to
represent the set of all strong traces of q– p ≈s q exactly when S(p) = S(q)
(strong traces do not distinguish between internal and external actions)
• Can we use trace equivalence to decide whether two system are behavioral congruent? No
23年 4月 21日 26 /59Provable Software Laboratory Seminar
Trace Equivalence Definition
• Language Equivalence – Two machines are equivalent if they accept the same sequences
of symbol
• Can we directly apply language equivalence to rooted LTS? No– Identify every state in a rooted LTS as being accepting
• Definition Let <Q, A,→> be a labeled transition system– Let A* consists of the set of finite sequences of elements of A– Let s = a1 … an ∈A* be a sequence of actions. Then q – s-> q’ if there are
states q0, ..., qn such that q = q0, qi –ai-> qi+1 and q’ = qn – s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to
represent the set of all strong traces of q– p ≈s q exactly when S(p) = S(q)
(strong traces do not distinguish between internal and external actions)
• Can we use trace equivalence to decide whether two system are behavioral congruent? No
23年 4月 21日 27 /59Provable Software Laboratory Seminar
Trace EquivalenceDefinition
• Language Equivalence – Two machines are equivalent if they accept the same sequences
of symbol
• Can we directly apply language equivalence to rooted LTS? No– Identify every state in a rooted LTS as being accepting
• Definition Let <Q, A,→> be a labeled transition system– Let A* consists of the set of finite sequences of elements of A– Let s = a1 … an ∈A* be a sequence of actions. Then q – s-> q’ if there are
states q0, ..., qn such that q = q0, qi –ai-> qi+1 and q’ = qn – s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to
represent the smallest set of all strong traces of q (prefix-closed)– p ≈s q exactly when S(p) = S(q)
(strong traces do not distinguish between internal and external actions)
• Can we use trace equivalence to decide whether two system are behavioral congruent? No
23年 4月 21日 28 /59Provable Software Laboratory Seminar
Trace Equivalence Definition
• Language Equivalence – Two machines are equivalent if they accept the same sequences
of symbol
• Can we directly apply language equivalence to rooted LTS? No– Identify every state in a rooted LTS as being accepting
• Definition Let <Q, A,→> be a labeled transition system– Let A* consists of the set of finite sequences of elements of A– Let s = a1 … an ∈A* be a sequence of actions. Then q – s-> q’ if there are
states q0, ..., qn such that q = q0, qi –ai-> qi+1 and q’ = qn – s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to
represent the smallest set of all strong traces of q (prefix-closed)– p ≈s q exactly when S(p) = S(q)
(strong traces do not distinguish between internal and external actions)
• Can we use trace equivalence to decide whether two system are behavioral congruent? No
23年 4月 21日 29 /59Provable Software Laboratory Seminar
ExampleTrace Equivalence
23年 4月 21日 30 /59Provable Software Laboratory Seminar
q0
q1
q1
’
q2 q3
p0
p2 p3
p1
P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac}
a
cb
a
cb
a
Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac}
ExampleTrace Equivalence
23年 4月 21日 31 /59Provable Software Laboratory Seminar
q0
q1
q1
’
q2 q3
p0
p2 p3
p1
P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac}
a
cb
a
cb
a
Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac}
S(P) = S(Q)S(P) = S(Q)
ExampleTrace Equivalence
23年 4月 21日 32 /59Provable Software Laboratory Seminar
q0
q1
q1
’
q2 q3
p0
p2 p3
p1
P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac}
a
cb
a
cb
a
Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac}Trace EquivalentTrace Equivalent
S(P) = S(Q)S(P) = S(Q)
ExampleTrace Equivalence
23年 4月 21日 33 /59Provable Software Laboratory Seminar
q0
q1
q1
’
q2 q3
p0
p2 p3
p1
P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac}
a
cb
a
cb
a
Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac}Trace EquivalentTrace Equivalent
S(P) = S(Q)S(P) = S(Q)
It is not behavioral congruentIt is not behavioral congruent
Strong Bisimulation Equivalence
Definition• Execution sequences for equivalent systems ought to pass
through equivalent states
• Definition Let <Q, A,→> be an LTS. A relation R ⊆ Q x Q is a bisimulation if whenever <p, q> ∈R, then the following conditions hold for any a, p’ and q’
– If p –a-> p’ then q – a -> q’ for some q’ such that <p’, q’> ∈R– If q –a-> q’ then p – a -> p’ for some p’ such that <p’, q’> ∈R
• Definition System p and q are bisimulation equivalent, or bisimilar, if there exists a bisimulation R containing <p, q>. We write p ~ q whenever p and q are bisimilar
23年 4月 21日 34 /59Provable Software Laboratory Seminar
Strong Bisimulation Equivalence
How to find out P and Q are bisimular?• Strong Simulation
– Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’
• q strongly simulates p if there exists a strong simulation S such that pSq
23年 4月 21日 35 /59Provable Software Laboratory Seminar
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 36 /59Provable Software Laboratory Seminar
q0
q1
q1
’
q2 q3
p0
p2 p3
p1
a
cb
a
cb
a
Suppose, (p0, q0)∈ S
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 37 /59Provable Software Laboratory Seminar
Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0
q1 p1
q0 S p0
a a
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 38 /59Provable Software Laboratory Seminar
Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0
q1 p1
q0 S p0
a a
q1 S p1
q1' p1
q0 S p0
a a
q1' S p1
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 39 /59Provable Software Laboratory Seminar
Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0
q1 p1
q0 S p0
a a
q1 S p1
q1' p1
q0 S p0
a a
q1' S p1
q2 p2
q1 S p1
b b
q2 S p2
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 40 /59Provable Software Laboratory Seminar
Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0
q1 p1
q0 S p0
a a
q1 S p1
q1' p1
q0 S p0
a a
q1' S p1
q2 p2
q1 S p1
b b
q2 S p2
q3 p3
q1' S p1
c c
q3 S p3
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 41 /59Provable Software Laboratory Seminar
Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0
q1 p1
q0 S p0
a a
q1 S p1
q1' p1
q0 S p0
a a
q1' S p1
q2 p2
q1 S p1
b b
q2 S p2
q3 p3
q1' S p1
c c
q3 S p3
Therefore S = {(q0, p0), (q1, p1), (q1’, p1), (q2, p2), (q3, p3)}
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 42 /59Provable Software Laboratory Seminar
Suppose q0 strongly simulates p0, (p0, q0)∈ S or p0Sq0
p1 q1
p0 S q0
a a
p1 S q1
p2 q2
p1 S q1
b b
q1' S p1
p3
p1 S q1
c
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 43 /59Provable Software Laboratory Seminar
Suppose q0 strongly simulates p0, (p0, q0)∈ S or p0Sq0
p1 q1’
p0 S q0
a a
p1 S q1’
p3 q3
p1 S q1’
c c
p3 S q3
p2
p1 S q1’
b
Strong Bisimulation Equivalence
How to find out P and Q are bisimular?• Strong Simulation
– Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’
• q strongly simulates p if there exists a strong simulation S such that pSq
• S-1 is the set of pairs (y, x) such that (x, y) ∈ S
• Strong bisimulation– A binary relation S over Q is said to be a strong bisimulation over the LTS if both
S and its converse are simulations
23年 4月 21日 44 /59Provable Software Laboratory Seminar
Strong Bisimulation Equivalence
How to find out P and Q are bisimular?• Strong Simulation
– Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’
• q strongly simulates p if there exists a strong simulation S such that pSq
• S-1 is the set of pairs (y, x) such that (x, y) ∈ S
• Strong bisimulation– A binary relation S over Q is said to be a strong bisimulation over the LTS if both
S and its converse are simulations
23年 4月 21日 45 /59Provable Software Laboratory Seminar
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 46 /59Provable Software Laboratory Seminar
p0
p2
p1
a
b
S = {(p0, q0), (p1, q1), (p2, q1), (p0, q2)}
a
a
a
b
q0q1
q2
a
a
a
b
S’ = {(q0, p0), (q1, p1), (q1, p2), (q2, p0)}
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 47 /59Provable Software Laboratory Seminar
p0
p2
p1
a
b
S = {(p0, q0), (p1, q1), (p2, q1), (p0, q2)}
a
a
a
b
q0q1
q2
a
a
a
b
S’ = {(q0, p0), (q1, p1), (q1, p2), (q2, p0)}Strong BisimulationStrong Bisimulation
Strong Bisimulation Equivalence
How to find out P and Q are bisimular? : Example
23年 4月 21日 48 /59Provable Software Laboratory Seminar
p0
p2
p1
P strongly simulates QS = {(q0, p0), (q1, p2), (q2, p3)}
a
a
b
q0q1
q2
a
b
Q strongly simulates PS’ = {(p0, q0), (p1, q1), (p2, q1), (p3, q2)}
p3
It is not Strong BisimulationIt is not Strong Bisimulation
Strong Bisimulation Equivalence
How to find out P and Q are bisimular?• Strong Simulation
– Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’
• q strongly simulates p if there exists a strong simulation S such that pSq
• S-1 is the set of pairs (y, x) such that (x, y) ∈ S
• Strong bisimulation (P ~ Q)– A binary relation S over Q is said to be a strong bisimulation over the LTS if both S and
its converse are simulations– Strong bisimulation equivalence : reflexive, symmetric, transitive
– P ~ Q implies P ≈s Q
• What about internal computation τ ? – Weak bisimulation
23年 4月 21日 49 /59Provable Software Laboratory Seminar
Strong Bisimulation Equivalence
How to find out P and Q are bisimular?• Strong Simulation
– Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’
• q strongly simulates p if there exists a strong simulation S such that pSq
• S-1 is the set of pairs (y, x) such that (x, y) ∈ S
• Strong bisimulation (P ~ Q)– A binary relation S over Q is said to be a strong bisimulation over the LTS if both S and
its converse are simulations– Strong bisimulation equivalence : reflexive, symmetric, transitive
– P ~ Q implies P ≈s Q
• What about internal computation τ ? – Weak bisimulation
23年 4月 21日 50 /59Provable Software Laboratory Seminar
Weak Bisimulation Equivalence
Definition• How are we going to treat internal computation?
– We cannot ignore τ.
• Definition S is a weak simulation (observational simulation) if and only if, whenever PSQ, if P → P’ then there exists Q’∈ P such that Q ⇒ Q’ and P’SQ’if P -λ-> then there exists Q’ ∈ P such that Q = λ => Q’ and P’SQ’
• → : unobservable reactions (like τ) λ : observable actions ⇒ : zero or more reactions= λ => : observation – λ -> accompanied (before and after) by any number of reactions = λ => →* – λ -> →*= τ => : = at least one reaction
23年 4月 21日 51 /59Provable Software Laboratory Seminar
Weak Bisimulation Equivalence
Definition• How are we going to treat internal computation?
– We cannot ignore τ.
• Definition S is a weak simulation (observational simulation) if and only if, whenever PSQ, if P → P’ then there exists Q’∈ P such that Q ⇒ Q’ and P’SQ’if P -λ-> then there exists Q’ ∈ P such that Q = λ => Q’ and P’SQ’
• → : unobservable reactions (like τ) • λ : observable actions • ⇒ : zero or more reactions• = λ => : observation – λ -> accompanied (before and after) by
any number of reactions– = λ => →* – λ -> →*
• = τ => : = at least one reaction
23年 4月 21日 52 /59Provable Software Laboratory Seminar
Weak Bisimulation Equivalence
How to find out weak bisimulation equivalence?• Similar to strong bisimulation
• Definition A binary relation S over P is said to be a weak bisimulation if both S and its converse are weak simulations. We say that P and Q are weakly bisimilar, weakly equivalent, or observation equivalent, written P ≈ Q, if there exists a weak bisimulation S such that P S Q
• q weakly simulates p if there exists a strong simulation S such that pSq
23年 4月 21日 53 /59Provable Software Laboratory Seminar
Weak Bisimulation Equivalence
How to find out weak bisimulation equivalence? : example
23年 4月 21日 54 /59Provable Software Laboratory Seminar
A = a.A’ B = b.B’A’ = ‘b.A B’ = ‘c.B
p0 = (A|B)\{b}p1 = (A’|B)\{b}p2 = (A|B’)\{b}p3 = (A’|B’)\{b}
p0
p1p2
a
a‘c
p3
‘c
τ
E = a.E’E’ = a.E’’ + ‘c.EE’’ = ‘c.E
q0 = Eq1 = E’q2 = E’’
q0q0
q1q1
a‘c
q2q2
a
‘c
Weak Bisimulation Equivalence
How to find out weak bisimulation equivalence? : example
23年 4月 21日 55 /59Provable Software Laboratory Seminar
A = a.A’ B = b.B’A’ = ‘b.A B’ = ‘c.B
p0 = (A|B)\{b}p1 = (A’|B)\{b}p2 = (A|B’)\{b}p3 = (A’|B’)\{b}
p0
p1p2
a
a‘c
p3
‘c
τ
E = a.E’E’ = a.E’’ + ‘c.EE’’ = ‘c.E
q0 = Eq1 = E’q2 = E’’
q0q0
q1q1
a‘c
q2q2
a
‘c
S = {(p0 ,q0), (p1 ,q1), (p2 ,q1), (p3 ,q2)}
Weak Bisimulation Equivalence
How to find out weak bisimulation equivalence? : example
23年 4月 21日 56 /59Provable Software Laboratory Seminar
A = a.A’ B = b.B’A’ = ‘b.A B’ = ‘c.B
p0 = (A|B)\{b}p1 = (A’|B)\{b}p2 = (A|B’)\{b}p3 = (A’|B’)\{b}
p0
p1p2
a
a‘c
p3
‘c
τ
E = a.E’E’ = a.E’’ + ‘c.EE’’ = ‘c.E
q0 = Eq1 = E’q2 = E’’
q0q0
q1q1
a‘c
q2q2
a
‘c
S = {(p0 ,q0), (p1 ,q1), (p2 ,q1), (p3 ,q2)}
Observational BisimulationObservational Bisimulation
Content• Introduction
– Why are we going to study Process Algebra?
• Calculus of Communicating Systems– Definitions– Operational Semantic of CCS Terms– Examples
• Equivalence for CCS– Trace Equivalence – Strong Bisimulation Equivalence– Weak Bisimulation Equivalence
• Discussions
23年 4月 21日 57 /59Provable Software Laboratory Seminar
Discussions
23年 4月 21日 Provable Software Laboratory Seminar
58 /59
Reference• Communicating and mobile systems: the pi-calculus
by Robin Milner, Cambridge,1999
• Communication and Concurrencyby Robin Milner, Prentice Hall, 1989
• Fundamentals of software engineeringby C. Chezzi, M. Jazayeri, D. Mandrioli, Prentice Hall, 2003
• Lecture Notes of Professor Bae, http://se.kaist.ac.kr/~course/DrBae/cs550_2006/
• Lecture Notes of Professor Kim, http://cs.kaist.ac.kr/~moonzoo/cs750b
• Notes on the methodology of CCS and CSPby R.J. van Glabbeek, TCS 177(2), pp. 329-349. Originally appeared as Report CS-R8624, CWI, Amsterdam, 1986
• Operational and algebraic semantics of concurrent processesby R. Milner, in J. van Leeuwen, editor: Handbook of Theoretical Computer Science, Chapter 19, Elsevier Science Publishers B.V. (North-Holland), pp. 1201-1242. (1990)
• Process Algebraby R. Cleaveland and S. Smolka, in J.G. Webster, editor, Encyclopedia of Electrical Engineering, John Wiley & Sons, 1999 (Chap. 1 ~ 3)
23年 4月 21日 Provable Software Laboratory Seminar
59 /59