Logical Characterisations of Probabilistic Bisimilarity Yuxin Deng - - PowerPoint PPT Presentation

logical characterisations of probabilistic bisimilarity
SMART_READER_LITE
LIVE PREVIEW

Logical Characterisations of Probabilistic Bisimilarity Yuxin Deng - - PowerPoint PPT Presentation

Apr 09, 2023 252 likes •556 views

Logical Characterisations of Probabilistic Bisimilarity Yuxin Deng East China Normal University (Based on joint work with Hengyang Wu and Yuan Feng) IFIP Working Group 2.2 meeting, Bordeaux, September 18, 2017 1 Preliminaries 2 Labelled

slide-1
SLIDE 1

Logical Characterisations of Probabilistic Bisimilarity

Yuxin Deng East China Normal University

(Based on joint work with Hengyang Wu and Yuan Feng) IFIP Working Group 2.2 meeting, Bordeaux, September 18, 2017

1

slide-2
SLIDE 2

Preliminaries

2

slide-3
SLIDE 3

Labelled transition systems

  • Def. A labelled transition system (LTS) is a triple ⟨S, Act, →⟩, where
  • 1. S is a set of states
  • 2. Act is a set of actions
  • 3. → ⊆

S × Act × S is the transition relation Write s

α

− → s′ for (s, α, s′) ∈ →.

3

slide-4
SLIDE 4

Bisimulation s

a

− → s′ R R t

a

− → t′ s and t are bisimilar if there exists a bisimulation R with s R t.

4

slide-5
SLIDE 5

Probabilistic labelled transition systems

  • Def. A probabilistic labelled transition system (pLTS) is a triple

⟨S, Act, →⟩, where

  • 1. S is a set of states
  • 2. Act is a set of actions
  • 3. → ⊆

S × Act × D(S). We usually write s

α

− → ∆ in place of (s, α, ∆) ∈ →.

5

slide-6
SLIDE 6

Example

s s1 s2 s3 s4 t t1 t2 t3 t4 t5 a b

1 2 1 2

c d a

1 2 1 2

b b c d

6

slide-7
SLIDE 7

Probabilistic Bisimulation s

a

− → ∆ R R† t

a

− → Θ Write ∼ for probabilistic bisimilarity.

7

slide-8
SLIDE 8

Lifting relations

  • Def. Let S, T be two countable sets and R ⊆ S × T be a binary relation.

The lifted relation R† ⊆ D(S) × D(T) is the smallest relation satisfying

  • 1. s R t implies sR†t
  • 2. ∆iR†Θi for all i ∈ I implies (

i∈I pi · ∆i)R†( i∈I pi · Θi)

There are alternative formulations; related to the Kantorovich metric and the network flow problem. See e.g. http://www.springer.com/978-3-662-45197-7

8

slide-9
SLIDE 9

The first modal characterisation

9

slide-10
SLIDE 10

The logic L1 The language L1 of formulas: ϕ ::= ⊤ | ϕ1 ∧ ϕ2 | ⟨a⟩pϕ. where p is rational number in [0, 1].

10

slide-11
SLIDE 11

Semantics

  • s |

= ⊤ always;

  • s |

= ϕ1 ∧ ϕ2, if s | = ϕ1 and s | = ϕ2;

  • s |

= ⟨a⟩pϕ iff s

a

− → ∆ and ∆([ [ϕ] ]) ≥ p, where [ [ϕ] ] = {s ∈ S | s | = ϕ}. Logical equivalence: s =1 t if s | = ϕ ⇔ t | = ϕ for all ϕ ∈ L1.

11

slide-12
SLIDE 12

Modal characterisation Modal characterisation (s ∼ t iff s =1 t) for the continuous case given by [Desharnais et al. Inf. Comput. 2003], using the machinery of analytic spaces.

12

slide-13
SLIDE 13

The π-λ theorem Let P be a family of subsets of a set X. P is a π-class if it is closed under finite intersection; P is a λ-class if it is closed under complementations and countable disjoint unions.

  • Thm. If P is a π-class, then σ(P) is the smallest λ-class containing P,

where σ(P) is a σ-algebra containing P.

13

slide-14
SLIDE 14

An application of the π-λ theorem

  • Prop. Let A0 = {[

[ϕ] ] | ϕ ∈ L}. For any ∆, Θ ∈ D(S), if ∆(A) = Θ(A) for any A ∈ A0, then ∆(B) = Θ(B) for any B ∈ σ(A0).

14

slide-15
SLIDE 15

Soundness and completeness of the logic

  • Lem. Given the logic L, and let (S, A, −

→) be a reactive pLTS with countably many states. Then for any two states s, t ∈ S, s ∼ t iff s =1 t.

  • Proof. Use the π-λ theorem. See [Deng and Wu. ICFEM 2014].

15

slide-16
SLIDE 16

The second modal characterisation

16

slide-17
SLIDE 17

The logic L2 The language L2 of formulas: ϕ ::= ⊤ | ϕ1 ∧ ϕ2 | ⟨a⟩ϕ. Modal characterisation for the continuous case given by [van Breugel et al. TCS 2005], using the machinery of probabilistic powerdomains and Banach algebra. We will see the discrete case can be much simplified.

17

slide-18
SLIDE 18

Semantics Pr(s, ⊤) = 1 Pr(s, ⟨a⟩ϕ) = ⎧ ⎨ ⎩

  • t∈⌈∆⌉ ∆(t) · Pr(t, ϕ)

if s

a

− → ∆

  • therwise.

Pr(s, ϕ1 ∧ ϕ2) = Pr(s, ϕ1) · Pr(s, ϕ2) Logical equivalence: s =2 t if Pr(s, ϕ) = Pr(t, ϕ) for all ϕ ∈ L2.

18

slide-19
SLIDE 19

Soundness

  • Thm. If s ∼ t then s =2 t.
  • Proof. Easy by structural induction.

19

slide-20
SLIDE 20

Completeness

  • Thm. For finite-state reactive pLTSs, if s =2 t then s ∼ t.

Proof.

  • Observe that =2 is an equivalence relation.
  • Let C1, C2, ..., Cn be all the equivalence classes.
  • Write Pr(Ci, ϕ) for Pr(sij,ϕ), where sij ∈ Ci and ϕ ∈ L2.
  • For any i ̸= j, let ϕij be a distinguishing formula with

Pr(Ci, ϕij) ̸= Pr(Cj, ϕij).

20

slide-21
SLIDE 21

Key lemma

  • Lem. For any I ⊆ {1, · · · , n} with I ̸= ∅, there exist a nonempty I′ ⊆ I

and an enhanced formula ϕ such that (i) for any i ∈ I, i ∈ I′ iff Pr(Ci, ϕ) > 0; (ii) for any i ̸= j ∈ I′, Pr(Ci, ϕ) ̸= Pr(Cj, ϕ).

21

slide-22
SLIDE 22

Algorithm for computing enhanced formulas input : A nonempty subset I of {1, · · · , n} with the distinguishing formula ϕij for all i ̸= j.

  • utput: A nonempty I′ ⊆ I and an enhanced formula ϕ satisfying (i) and (ii) in the key lemma.

begin Ipass ← ∅; Irem ← {(i, j) ∈ I × I : i < j}; I′ ← I; ϕ ← ⊤; while Irem ̸= ∅ do Choose arbitrarily (i, j) ∈ Irem; I′ ← {k ∈ I′ : P r(Ck, ϕij ) > 0}; Idis ← {(k, l) ∈ Irem ∩ I′ × I′ : P r(Ck, ϕij ) ̸= P r(Cl, ϕij )}; Irem ← (Irem ∩ I′ × I′)\Idis; Ipass ← (Ipass ∩ I′ × I′) ∪ Idis; ϕ ← ϕ ∧ ϕij ; Item ← ∅; I ← Ipass; while I ̸= ∅ do I ← {(k, l) ∈ Ipass\Item : P r(Ck, ϕ) = P r(Cl, ϕ)}; if I ̸= ∅ then ϕ ← ϕ ∧ ϕij ; Item ← Item ∪ I; end end end return I′, ϕ; end

22

slide-23
SLIDE 23

Correctness of the algorithm The algorithm has recently been formalized in Coq. Correctness proof relies on four invariants of the outer loop: (a) I′ ̸= ∅; (b) for any i ∈ I, i ∈ I′ iff Pr(Ci, t) > 0 ; (c) Ipass ∪ Irem = {(i, j) ∈ I′ × I′ : i < j}; (d) for any (i, j) ∈ Ipass, Pr(Ci, t) ̸= Pr(Cj, t). Non-trivial proofs at all, with about 1500 lines of Coq code used.

23

slide-24
SLIDE 24

Completeness proof

  • Suppose s =2 t. A transition s

a

− → ∆ has to be matched by t

a

− → Θ. It remains to show ∆(=2)†Θ.

  • It suffices to show ∆(Ci) = Θ(Ci) for all equivalence classes Ci with

i ∈ I.

  • By induction on |I|. The case |I| = 1 trivial.
  • Let ϕ be any formula.

0 = Pr(s, ⟨a⟩ϕ) − Pr(t, ⟨a⟩ϕ) =

  • i∈I

Pr(Ci, ϕ) · (∆(Ci) − Θ(Ci))

  • The key lemma gives some I′ ⊆ I and enhanced formula ϕ0. Let

ai = Pr(Ci, ϕ0) and xi = ∆(Ci) − Θ(Ci).

  • Then a1x1 + a2x2 + · · · + anxn = 0, where I′ = {1, ..., n}.

24

slide-25
SLIDE 25
  • Any formula ∧mϕ0 gives the equation am

1 x1 + am 2 x2 + · · · + am n xn = 0.

  • a1x1 + a2x2 + · · · + anxn

= a2

1x1 + a2 2x2 + · · · + a2 nxn

= . . . an

1x1 + an 2x2 + · · · + an nxn

=

  • Modify the coefficient matrix to get

⎡ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎣ 1 1 1 · · · 1 a1 a2 a3 · · · an a2

1

a2

2

a2

3

· · · a2

n

. . . . . . . . . ... . . . an−1

1

an−1

2

an−1

3

· · · an−1

n

⎤ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎦

25

slide-26
SLIDE 26

— the transpose of a Vandermonde matrix.

  • xi = 0, i.e., ∆(Ci) = Θ(Ci) for all i ∈ I′.

i∈I\I′ Pr(Ci, ϕ) · (∆(Ci) − Θ(Ci)) = 0

  • |I\I′| < |I| and by induction we get ∆(Ci) = Θ(Ci) for all i ∈ I\I′.
  • ∆(=2)†Θ as required.

26

slide-27
SLIDE 27

Summary Two logical characterisation of probabilistic bisimilarity for countable and finite-state reactive processes, respectively, with much simpler proofs than those of Desharnais et al. and van Breugel et al.

27

slide-28
SLIDE 28

Thank you!

28