Constructive Logical Characterizations of Bisimilarity for Reactive - PowerPoint PPT Presentation

Constructive Logical Characterizations of Bisimilarity for Reactive Probabilistic Systems Marco Bernardo University of Urbino – Italy joint work with: Marino Miculan c � June 2017

Process Model A reactive probabilistic labeled transition system (RPLTS) is a triple ( S, A, � ! ) where: S is a countable set of states . A is a countable set of actions . � ! ✓ S ⇥ A ⇥ Distr ( S ) is a transition relation such that, a a whenever s � ! ∆ 1 and s � ! ∆ 2 , then ∆ 1 = ∆ 2 . No internal nondeterminism. Rabin probabilistic automata (as opposed to Segala ones) . Distr ( S ) is the set of discrete probability distributions over S having finite support, i.e., supp ( ∆ ) , { s 2 S | ∆ ( s ) > 0 } is finite. Probabilistic counterpart of image finiteness.

Process Semantics Larsen & Skou defined probabilistic bisimilarity ⇠ PB over RPLTS. An equivalence relation B over S is a probabilistic bisimulation i ff , whenever ( s 1 , s 2 ) 2 B , then for all actions a 2 A : a a If s 1 � ! ∆ 1 then there exists s 2 � ! ∆ 2 such that ∆ 2 ( C ) = ∆ 1 ( C ) for all equivalence classes C 2 S/ B . a a � ! ∆ 2 then there exists s 1 � ! ∆ 1 such that ∆ 1 ( C ) = ∆ 2 ( C ) If s 2 for all equivalence classes C 2 S/ B . States s 1 , s 2 2 S are probabilistically bisimilar, written s 1 ⇠ PB s 2 , i ff there exists a probabilistic bisimulation including ( s 1 , s 2 ) . Probabilistic extension of Milner strong bisimilarity. Ordinary lumpability for (discrete-time) Markov chains.

Process Logic Larsen & Skou defined probabilistic modal logic PML over RPLTS. Probabilistic extension of Hennessy & Milner logic ( > , ¬ , ^ , h a i ) in which h a i p is decorated with a probabilistic lower bound p 2 R [0 , 1] . ! ∆ s.t. ∆ ( { s 0 2 S | s 0 | a s | = h a i p φ i ff there exists s � = φ } ) � p . Variants of PML: PML ¬ ^ φ ::= > | ¬ φ | φ ^ φ | h a i p φ PML ¬ _ φ ::= > | ¬ φ | φ _ φ | h a i p φ PML ^ φ ::= > | φ ^ φ | h a i p φ PML _ φ ::= > | φ _ φ | h a i p φ Which equivalences are induced by these logics? Do they coincide with known behavioral equivalences?

Logical Characterization Results for ⇠ PB over RPLTS Larsen & Skou showed that PML ¬ ^ characterizes ⇠ PB . Minimal deviation assumption: the probability associated with any state in the support of the target distribution of a transition is a multiple of some value (stronger than finite support, no irrationals) . Desharnais, Edalat & Panangaden showed that also the logic PML ^ characterizes ⇠ PB , i.e., negation is not necessary over RPLTS. Surprising! The elimination of negation in a nondeterministic setting results in the characterization of simulation equivalence. Bisimilarity and simulation equivalence coincide over RPLTS. No assumptions: neither finite branching, nor infinitary conjunctions. Measure theory: continuous states in the form of analytic spaces . Category theory: bisimilarity defined via spans of zig-zag morphisms .

Generalizations and Specializations Danos, Desharnais, Laviolette & Panangaden extended the result based on PML ^ to general measure spaces by introducing event bisimilarity in terms of cospans of morphisms . Jacobs & Sokolova proved this generalized result again in the coalgebraic framework of dual adjunctions between spaces and logics. Desharnais, Edalat & Panangaden proved their result also directly over finite-state RPLTS by keeping measure theory to a minimum: only the π - λ theorem of Dynkin is employed. Deng & Wu provided a simplified proof over discrete state spaces that still uses only the π - λ theorem of Dynkin. Unpublished note by Worrell mentioning the possibility of avoiding the use of measure theory altogether in the discrete case.

Summary of New Results in the Discrete Case Also PML _ characterizes ⇠ PB , i.e., (negation is not necessary and) disjunction is enough for reactive probabilistic processes. In a nondeterministic setting, this characterizes trace equivalence! Therefore ^ and _ are interchangeable for probabilistic (bi)similarity, while they are both necessary for probabilistic simulation preorder . An alternative proof that PML ¬ ^ characterizes ⇠ PB , where the minimal deviation assumption is relaxed to finite support. An alternative proof that PML ^ characterizes ⇠ PB , which directly addresses discrete state spaces without measure theory. All proofs are based on a coalgebraic representation of RPLTS that allows us to work with finite acyclic models and thus to use induction. All proofs are constructive because build distinguishing formulas and hence lead to algorithms for automatically explaining ⇠ PB -inequivalence inspired by Cleaveland algorithm.

Coalgebraic Representation of RPLTS Each RPLTS can be given a semantics in a canonical form, which we call reactive probabilistic tree (unfolding & merging) . Probabilistic counterpart of Winskel synchronization trees. Use a coalgebraic construction for probabilistic systems based on results of de Vink & Rutten and Worrell. Extend Distr to functor Distr : Set ! Set with morphisms: Distr ( f : X ! Y ) : Distr ( X ) ! Distr ( Y ) Distr ( f )( ∆ ) = λ y . ∆ ( f � 1 ( y )) Any RPLTS corresponds to a coalgebra of functor B RP : Set ! Set such that: B RP ( X ) = ( Distr ( X ) + 1) A

Fully Abstract Semantics The functor B RP permits the use of the coalgebraic bisimilarity of Aczel and Mendler. In our setting, it coincides with ⇠ PB . The functor B RP has a final coalgebra ( Z, ζ ) , where the elements of Z are canonical representatives of the behavior of any RPLTS. For each RPLTS ( S, A, � ! ) there exists a unique coalgebra morphism J · K : S ! Z , where s 1 ⇠ PB s 2 ( ) J s 1 K = J s 2 K for all s 1 , s 2 2 S . Characterizing ⇠ PB on RPLTS is equivalent to characterizing = on Z . But the elements of Z are possibly infinite objects, so how can we give a more concrete and compact description?

Reactive Probabilistic Trees An A -labeled reactive probabilistic tree (RPT) is a pair ( X, succ ) where X 2 Set and succ : X ⇥ A ! P f ( X ⇥ R ]0 , 1] ) are such that the relation  over X induced by succ : x  y z 2 succ ( y, a ) x  x x  z is a partial order with a least element (root) and for all x, x 1 , x 2 2 X , a 2 A , p 1 , p 2 2 R ]0 , 1] : { y 2 X | y  x } is finite and well-ordered; for all ( x 1 , p 1 ) , ( x 2 , p 2 ) 2 succ ( x, a ) , if x 1 = x 2 then p 1 = p 2 ; for all ( x 1 , p 1 ) , ( x 2 , p 2 ) 2 succ ( x, a ) , if the subtrees rooted at x 1 and x 2 are isomorphic then x 1 = x 2 ; if succ ( x, a ) 6 = ; then P ( y,p ) 2 succ ( x,a ) p = 1 .

Finite Approximations and Compactness The set of RPT is the carrier of the final B RP -coalgebra. Thus J · K maps states to trees. Let t | n be the pruning of the RPT t at height n 2 N . Possible isomorphic subtrees resulting from the truncation process have to be collapsed. t 1 = t 2 ( ) 8 n 2 N . t 1 | n = t 2 | n for all RPT t 1 , t 2 . s 1 ⇠ PB s 2 ( ) 8 n 2 N . J s 1 K | n = J s 2 K | n for all states s 1 , s 2 . Finding a logical characterization of ⇠ PB over RPLTS reduces to finding a logical characterization of = over finite RPT.

Working with Finite RPT in our Proofs If t 1 = t 2 , then they obviously satisfy the same formulas. When t 1 6 = t 2 , build a distinguishing formula by induction on their finite height , but be careful! An additional constraint has to be met to infer a characterization of ⇠ PB over RPLTS from a characterization of = over finite RPT. If a variant of PML characterizes = over finite RPT and for any two finite RPT t 1 and t 2 such that t 1 6 = t 2 there exists a formula φ distinguishing t 1 from t 2 such that: depth ( φ )  max( height ( t 1 ) , height ( t 2 )) then the variant of PML characterizes ⇠ PB over RPLTS.

Depth of Formulas and Height of Trees If depth ( φ ) were greater, then: φ may not distinguish higher finite approximations of s 1 and s 2 ; no shorter formula derivable from φ may still distinguish t 1 and t 2 . f a c e b d ! s 0 ! s 00 ! s 000 ! s 0 ! s 00 ! s 000 s 1 � � � 1 and s 2 � � � 1 1 2 2 2 a b ! t 0 ! t 0 di ff er at height = 1 , so we can focus on t 1 � 1 and t 2 � 2 . a b ! t 0 ! t 0 φ = h a i 1 ¬ h c i 1 , of depth = 2 , distinguishes t 1 � 1 and t 2 � 2 , a c b d ! t 0 ! t 00 ! t 0 ! t 00 but does not distinguish t 1 � � 1 and t 2 � � 1 2 2 because neither of them satisfies it. a b ! t 0 ! t 0 φ = h a i 1 _ h b i 1 h c i 1 , of depth = 2 , tells apart t 1 � 1 and t 2 � 2 , but the derived shorter formula h a i 1 _ h b i 1 of depth = 1 does not because both of them satisfy it.

A New Proof that PML ¬ ^ Characterizes ⇠ PB Given t 1 6 = t 2 , if one enables an action a not possessed by the other, then h a i 1 tells them apart. If they enable the same actions, then there must exist an action a a a such that t 1 � ! ∆ 1 ,a and t 2 � ! ∆ 2 ,a with ∆ 1 ,a 6 = ∆ 2 ,a . Consider t 0 2 supp ( ∆ 1 ,a ) such that ∆ 1 ,a ( t 0 ) > ∆ 2 ,a ( t 0 ) . Let supp ( ∆ 2 ,a ) \{ t 0 } = { t 0 2 , 1 , t 0 2 , 2 , . . . , t 0 2 ,k } , which cannot be empty. For each j = 1 , 2 , . . . , k , by the induction hypothesis there exists φ 0 2 ,j 2 PML ¬ ^ meeting depth ( φ 0 2 ,j )  max( height ( t 0 ) , height ( t 0 2 ,j )) such that t 0 | = φ 0 | t 0 2 ,j 6 = 2 ,j . We can impose direction of φ 0 2 ,j -satisfaction thanks to negation! Therefore: φ 0 t 1 | = h a i ∆ 1 ,a ( t 0 ) V 2 ,j 6 = | t 2 1  j  k The new proof of Larsen & Skou result fits in one single slide!