Nominal Process Calculi and Modal Logics Johannes Borgstrm Uppsala - - PowerPoint PPT Presentation
Nominal Process Calculi and Modal Logics Johannes Borgstrm Uppsala University Based on joint work since 2015 with Ram nas Gutkovas Lars-Henrik Eriksson Joachim Parrow Tjark Weber 1 Introduction to Nominal Process Calculi CCS with
Johannes Borgström Uppsala University
1
Based on joint work since 2015 with Ramūnas Gutkovas Lars-Henrik Eriksson Joachim Parrow Tjark Weber
CCS with restriction
2
communicating processes.
3
What is nominal process algebra?
4
(νa)P Restriction P + Q Choice P | Q Parallel Nil a.P Input a.P Output
Beverage machine M(tea, coffee, coin) M(tea, coffee, coin) := coin.tea.M(tea, coffee, coin) + coin.coin.coffee.M(tea, coffee, coin)
5
Dining philosophers Philo(left,right,eat) Philo(left,right,eat) := left.right.eat.left.right.Philo(…) (ν cs1)(ν cs2)(ν cs3)(Philo(cs1,cs2,eat1)|Philo(cs2,cs3,eat2)| Philo(cs3,cs1,eat3) | cs1 | cs2 | cs3)
6
We write a for a.0, and a for a.0
7
Com-L P
a
− → P 0 Q
a
− → Q0 P | Q
τ
− → P 0 | Q0
− → − →
Sum-L
P
α
− → P 0 P + Q
α
− → P 0
Par-L
P
α
− → P 0 P | Q
α
− → P 0 | Q
Scope
P
α
− → P 0 (νb)P
α
− → (νb)P 0 b#α
In
a.P
a
− → P
Out
a.P
a
− → P
Dining philosophers Philo(left,right,eat) Philo(left,right,eat) := left.right.eat.left.right.Philo(…) (ν cs1)(ν cs2)(ν cs3)(Philo(cs1,cs2,eat1)|Philo(cs2,cs3,eat2)| Philo(cs3,cs1,eat3) | cs1 | cs2 | cs3) Philo2(left,right,eat) := left.(right.eat.(left |right|Philo(…) + left.Philo(…))
8
distinguish between two systems?
distinguished from the new state of the first system.
9
10
A symmetric relation R on processes satisfying: if R(P,Q) then If P
α
→ P 0 an
DEFINITION (Strong Bisimulation) Simulation
P
·
∼ Q if R(P, Q) for some bisimulation R n ∃Q0. Q
α
→ Q0 and R(P 0, Q0) if then
and M2(tea, coffee, coin) below are not bisimilar.
Spec(eat1,eat2,eat3) := eat1.Spec(…) + eat2.Spec(…) + eat3.Spec(…)
11
(ν cs1)(ν cs2)(ν cs3)(Philo2(cs1,cs2,eat1) | Philo2(cs2,cs3,eat2) | Philo2(cs3,cs1,eat3) | cs1 | cs2 | cs3) M2(tea, coffee, coin) := coin.(tea.M2(tea, coffee, coin) + coin.coffee.M2(tea, coffee, coin))
and a congruence for all operators
context: compositional reasoning
containing commutative monoid laws for | (parallel) and + (choice) with 0 as unit.
12
Scope extension, scope extrusion, and residuals Milner, Parrow, Walker: A calculus of mobile processes. Information and Computation 100(1) 1992.
13
summation
not finitely supported!
lambda-calculus
14
Nil a(x).P Input a b.P Output
15
(νa)P Restriction P + Q Choice P | Q Parallel
Truth values (at location l) True(l) := l(t,f).(t | True(l)) False(l) := l(t,f).(f | False(l)) Let’s do lists! Nil(l) := l(n,c).(n | Nil(l)) Cons(l,value,tail) := l(n,c).(c value,tail | Cons(…)) What does do?
16
t (νb)a b.P?
We write a for a a.0 and a b,c for a b.a c and a(b,c) for a(b).a(c)
17
Com-L P
a
− → P 0 Q
a
− → Q0 P | Q
τ
− → P 0 | Q0
In
a(x).P
a b
− − → P b/
x
Out
a b.P
a b
− − → P
P
α
− → P 0 P + Q
α
− → P 0
Par-L
P
α
− → P 0 P | Q
α
− → P 0 | Q
In
a.P
a
− → P
Out
a.P
a
− → P
− → | − → |
Com-L P
a b
− − → P 0 Q
a b
− − → Q0 P | Q
τ
− → P 0 | Q0
Scope
P
α
− → P 0 (νb)P
α
− → (νb)P 0 b#α
But what about (νb)a b.P?
| (parallel) and + (choice) with 0 as unit;
18
P | (νb)Q ≡ (νb)(P | Q) when b#P P + (νb)Q ≡ (νb)(P + Q) when b#P (νa)(νb)P ≡ (νb)(νa)P
19
≡ |
Struct P ≡ P 0
P 0 → Q Q ≡ Q0 P → Q0 →
Ctx-Par
P → P 0 P | Q → P 0 | Q
Ctx-Res
P → P 0 (νb)P → P 0
| → | →
Red (a(x).P + P 0) | (a b.Q + Q0) → P
b/
x
| Q
if true then P else Q (ν l)(ν t)(ν f)(True(l) | l(t,f) | t.P | f.Q) case l of Nil -> P | Cons(v,l’) -> Q (ν n)(ν c)( l(n,c) | n.P | c(v,l’).Q)
20
Urban, Kaliszyk: General Bindings and Alpha-Equivalence in Nominal Isabelle. ESOP 2011
21
R, fa, p (bs, y)
def
22
But what about (νb)a b.P?
In a(x).P ! h;i(a b, P
b/
x
)
Out a b.P ! h;i(a b, P) Sum-L
P ! S P + Q ! S
Par-L
P ! hCi(α, P 0) P | Q ! hCi(α, P 0 | Q)
C#Q Com-L P ! h;i(a b, P 0)
Q ! h;i(a b, Q0) P | Q ! h;i(τ, P 0 | Q0)
Scope
P ! hCi(α, P 0) (νb)P ! hCi(α, (νb)P 0)
b#α
Sum-L
P ! S P + Q ! S
Par-L
P ! hCi(α, P 0) P | Q ! hCi(α, P 0 | Q)
C#Q Com-L P ! h;i(a b, P 0)
Q ! h;i(a b, Q0) P | Q ! h;i(τ, P 0 | Q0)
Scope
P ! hCi(α, P 0) (νb)P ! hCi(α, (νb)P 0)
b#α Close-L P ! h;i(a b, P 0)
Q ! h{b}i(a b, Q0) P | Q ! h;i(τ, (νb)(P 0 | Q0))
b#P Open
P ! h;i(a b, P 0) (νb)P ! h{b}i(a b, P 0)
b#a
23
Based on Gabbay: The 𝜌-Calculus in FM, in "Thirty Five Years of Automating Mathematics", Kluwer 2004
24
if true then a else b (ν l)(ν t)(ν f)(True(l) | l(t,f) | t.a | f.b) Connect(c,P(l)) := (ν l)c l.P(l) Connect(c,(l a)(l)) | c(b).b(x).x What are the transitions of (νa)c a | (νc)c a ?
A symmetric relation R on processes satisfying: if R(P,Q) then If P
α
→ P 0 and bn(α)#Q then
DEFINITION (Strong Bisimulation) Simulation
P
·
∼ Q if R(P, Q) for some bisimulation R
25
n ∃Q0. Q
α
→ Q0 and R(P 0, Q0)
26
and a congruence for all operators except input
non-input context: compositional reasoning
27
Based on slides by Joachim Parrow, OPCT 2017 (I omit predicates for now.)
28
What are NTS? Why? NTS are a general framework that fits almost all advanced process algebras, by generalising standard transition systems to include binders in actions
29
30
31
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
32
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
33
STATES: A nominal set P, Q
34
ACT: A nominal set
bn(α) ⊆ supp(α) bn : act → Pfin(N) equivariant
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
→ ⊆ states × [Pfin(N)](act × states) equivariant (P, <˜ b> (α, Q)) ∈ → implies ˜ b = bn(α)
35
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
We write P
α
A symmetric relation R on processes satisfying: if R(P,Q) then If P
α
→ P 0 and bn(α)#Q then
DEFINITION (Strong Bisimulation) Simulation
P
·
∼ Q if R(P, Q) for some bisimulation R
36
n ∃Q0. Q
α
→ Q0 and R(P 0, Q0)
37
Jesper Bengtson, Magnus Johansson, Joachim Parrow, Björn Victor, Johannes Åman Pohjola, et al.
38
(νz)(az) | a(x). [x = b]P (νz)(aM) | a(λ˜ x)N. [x = b]P (νz)(KM) | L(λ˜ x)N. [x = b]P Ordinary pi-calculus Data structures can be sent Pattern matching Channels can be arbitrary structures Tests can be arbitrary predicates (νz)(KM) | L(λ˜ x)N. if ϕ then P arbitrary set of data (νz)(aM) | a(x). [x = b]P arbitrary logic (νz)(KM). ( |Ψ| ) | L(λ˜ x)N. if ϕ then P Facts about data
new construct
Ψ
Define terms T (data terms, channels) and conditions C (used in case stmt) and assertions A (facts about data) can be any nominal set (not syntactic)
ϕ M, N
40
Define term substitution, and operators: . ↔: T × T → C ⊗ : A × A → A 1 : A ` ✓ A ⇥ C
Channel equivalence Composition Unit assertion Entailment (practically anything)
41
1: if ˜ a ⊆ n(X) and b ∈ n(˜ T) then b ∈ n(X[˜ a := ˜ T]) 2: if ˜ b#X, ˜ a then X[˜ a := ˜ T] = ((˜ b ˜ a) · X)[˜ b := ˜ T]
˜
Assume all the distinct, all the distinct.
((˜
b
˜
b ˜ a
˜
In
Ψ ⇧ M . ⌅ K Ψ B M(λe y)N.P
K N[e y:=e L]
y := e L]
Out
Ψ ⇧ M . ⌅ K Ψ B M N.P
K N
Case Ψ B Pi
α
Ψ ⇧ ϕi Ψ B case e ϕ : e P
α
Com
Ψ⇥ΨP ⇥ΨQ ⇧ M . ⌅ K ΨQ⇥Ψ B P
M (νe a)N
ΨP ⇥Ψ B Q
K N
Ψ B P | Q
τ
a)(P | Q)
e a#Q Par ΨQ⇥Ψ B P
α
Ψ B P|Q
α
bn(α)#Q Scope
Ψ B P
α
Ψ B (νb)P
α
Open
Ψ B P
M (νe a)N
Ψ B (νb)P
M (νe a⇥{b})N
b#e a, Ψ, M b ∈ n(N) Rep Ψ B P | !P
α
Ψ B !P
α
42
Machine-checked proofs
LICS’09 LICS’10 LMCS 2011 SOS’09 JLAP 2012
43
) P . ∼Ψ Q = ⇒ P | R . ∼Ψ Q | R. . .
P | (νa)Q ∼ (νa)(P | Q) if a#P
The usual structural laws, in particular Scope extension Compositionality, congruence The usual congruence properties, in particular
(∀e
a := e L] . ∼Ψ Q[e a := e L]) = ⇒ M(λe a)N . P . ∼Ψ M(λe a)N . Q
Machine-checked proofs
44
45
Mainly by Jesper Bengtson and Johannes Åman Pohjola
“obviously right”
Easy to get worried!
46
with Nominal package
development, produces readable proofs
47
Old-Case
Ψ ⌅ ϕi Ψ ⇤ case ϕ : P
τ
Original rule, tau action: easy induction proofs With Isabelle: took a day
e
α
Ψ ⌦ ϕi Ψ ⇤ case ϕ : P
α
New rule: more standard, can express the above
48
Change requires re-checking all proofs!
{M ⇐ P
run M
tion Ψ ` M ( P
Ψ ⇤ P
α
Ψ ⇤ run M
α
∧ n(M) ⊇ n(P)
Clauses Invocation agent Invocation rule Now prove all meta-theory again!
To get higher-order psi-calculi, just add the following:
With Isabelle: meta-theory took a day and a night More effort: locales, canonical instances, encodings
Parrow, Borgström, Raabjerg, Åman Pohjola, MSCS 2016
49
To get broadcast communication: , M . K,
, K . M,
Output connectivity Input connectivity
BrOut Ψ ` M . K Ψ ⇤ M N . P !K NFive new semantics rules, two new actions Quite some work getting it right! Adds about 12700 lines of Isabelle proofs, reuses entire Psi codebase of about 20500 lines.
SEFM’11 SoSyM 2015
Even with Isabelle: two years, seven coauthors
50
What about combining higher-order and broadcast?
With Isabelle: took HALF a day, mostly waiting!
Re-prove all the meta-theory…
“could be done by a clever shell script”
51
proofs – most time spent elsewhere
It must take a lot of time to use Isabelle, surely?
No worries!
52
Based on slides by Joachim Parrow, OPCT 2017
53
What are NTS? Why? NTS are a general framework that fits almost all advanced process algebras, by generalising standard transition systems to include binders in actions
54
55
x=1 y>z x=2 c=encrypt(m,k) prime(x)
8m, k. c 6= encrypt(m, k)
56
57
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
58
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
59
STATES: A nominal set P, Q
60
ACT: A nominal set
bn(α) ⊆ supp(α) bn : act → Pfin(N) equivariant
τ a b ab a(x) ahf(g(a), b)i a(νb) a(x, y, z) ch(i)M
PRED: A nominal set
ϕ
` ✓ states ⇥ pred equivariant
x = 1 y > z x = 2 c = encrypt(m,k) prime(x)
8m, k. c 6= encrypt(m, k)
→ ⊆ states × [Pfin(N)](act × states) equivariant (P, <˜ b> (α, Q)) ∈ → implies ˜ b = bn(α)
61
τ a b ab a(x) ahf(g(a), b)i a(νb) a(νb, c, d) a(x, y, z) ch(i)M
We write P
α
A symmetric relation R on processes satisfying: if R(P,Q) then If P
α
→ P 0 and bn(α)#Q then
DEFINITION (Strong Bisimulation) Simulation
P
·
∼ Q if R(P, Q) for some bisimulation R
62
n ∃Q0. Q
α
→ Q0 and R(P 0, Q0) If P ` ϕ then Q ` ϕ
Static implication
63
Based on CONCUR 2015 paper with Ramūnas Gutkovas Lars-Henrik Eriksson Joachim Parrow Tjark Weber Presentation based on slides by Joachim Parrow
64
Our objectives: A set of formulas A, B A satisfaction relation between states and formulas Expressive wrt existing work
Not objectives: decidability, model checking
P | = A
Fully formal Simple
65
Four basic constructors
A := ϕ | hαiA | ¬A | ^
i∈I
Ai
66
P | = ϕ P ` ϕ
holds if
P satisfies the formula the state predicate holds in P
67
P | = hαiA
holds if
∃P 0. P
α
→ P 0 and P 0 | = A
we consider formulas up to alpha equivalence, ie
If a ∈ bn(α), b#α, A then hαiA = (a b) · (hαiA) P can do α and then satisfy A
68
P | = ¬A
holds if
not P | = A
69
P | = ^
i∈I
Ai Assume Ai a formula for each i ∈ I if for all i ∈ I it holds P | = Ai
The million dollar question: which such conjunctions should be allowed?
70
P | = ^
i∈I
Ai
Allowed only for finite I Same as binary conjunction A1 ∧ A2 Easy to make fully formal Quite limited expressiveness (suitable only for finite-branching transition systems) S a f e b u t n
e n
g h
As in Hennessy Milner 1985
71
P | = ^
i∈I
Ai
Allowed for any I Enormous expressiveness: greater than the systems we study! Formulas might not be finitely supported, alpha-conversion might be impossible Needs substantial restrictions
As in Milner 1989
72
P | = ^
i∈I
Ai
Allowed for any I such that conjuncts have common finite support for some finite set of names S
∀i ∈ I. supp(Ai) ⊆ S
OK to make fully formal Still of limited expressiveness S t a n d a r d b u t n
e n
g h
As in Abramsky 1991
73
holds if
some substitution function
Can this be represented as ?
P | = ∀x ∈ N. A for all z ∈ N it holds P | = A[x := z] ∀x ∈ N. A = ^
z∈N
A[x := z]
74
Is this conjunction uniformly bounded?
if
Quantification cannot be expressed by uniformly bounded conjunction!
∀x ∈ N. A = ^
z∈N
A[x := z] z ∈ supp(A[x := z])
75
^
i∈I
Ai requires that the set of formulas
has finite support S
{Ai | i ∈ I}
O u r c
t r i b u t i
Assume F is the set of formulas supported by S. Consider the different formulas ∧{A | A ∈ B} where B ranges over the subsets of F.
By Cantor’s Theorem, we have a contradiction.
Solution: cardinality bound on conjunction width
76
? Is this conjunction finitely supported? Yes! Assuming substitution is equivariant.
∀x ∈ N. A = ^
z∈N
A[x := z]
77
Dualities
[α]A = ¬hαi¬A _
i∈I
Ai = ¬ ^
i∈I
¬Ai
78
Quantifiers
∀x. A = ^
z∈V
A[x := z]
Assumes V is finitely supported and substitution is equivariant
∃x. A = _
z∈V
A[x := z]
79
COF is the set of cofinite sets of names
A if for some n#P it holds P | = (x n) · A N
_
S∈cof
^
n∈S
(x n) · A
Fresh Quantifier
There is a cofinite set such that A holds for all its members
P | = N
80
Next step modality Fixpoints minimal fixpoint defined as disjunction of all unfoldings With next and fixpoints we get all of CTL* Emerson 1997
hiA = _
α∈act
hαiA
bn(𝛽)#A
Hennessy, Milner 1985
for concurrent constraint calculus
Buscemi, Montanari 2007
for psi-calculi
Bengtson et al 2011
81
Hennessy-Milner Logic for CCS
Milner 1989 Abramsky 1991
F A U
for value passing
Hennessy, Liu 1995
F + quantifiers
for pi-calculus
Milner, Parrow, Walker 1993 U
for spi-calculus
Frendrup, Huttel, Jensen 2002
A
for applied pi-calculus
Pedersen, 2006 F
for fusion calculus
Haugstad, Terkelsen, Vindum 2006A
for multi-labelled systems
De Nicola, Loreti 2008 F + quantifiers F Finite conjunction A Arbitrary conjunction U Uniformly bounded conjunction
Y e t n
a l l
i c
82
If two states ``behave the same´´ then they satisfy exactly the same formulas A kind of sanity check: If two states do not ``behave the same´´ then there is a formula satisfied by one and not the other Most often: bisimulation
83
A symmetric relation R on states satisfying: if R(P,Q) then
If P
α
→ P 0 and bn(α)#Q then ∃Q0. Q
α
→ Q0 and R(P 0, Q If P | = ϕ then Q | = ϕ P
·
∼ Q if R(P, Q) for some bisimulation Q
THEOREM (Adequacy)
P
·
∼ Q iff for all formulas A: P | = A iff Q | = A
DEFINITION (Bisimulation)
84
P
·
∼ Q iff for all formulas A: P | = A iff Q | = A
In direction ⇐ show that is a bisimulation. Assume not, then P has an 𝛽-transition to P’ that Q cannot simulate: For each 𝛽-derivative Q’ there is a distinguishing formula A between P’ and Q’.
·
= defined as {(P, Q) | ∀A. P | = A iff Q | = A} Let B be the conjunction of all these A (one for each Q0) Then P | = hαiB and not Q | = hαiB
Contradiction!
logical equivalence
85
If all the formulas A have a common finite support then uniformly bounded conjunction suffices If the transition system is finitely branching then there are finitely many Q’ so finite conjunction suffices
Eg CCS with guarded recursion
Let B be the conjunction of all these A (one for each Q0)
Can this conjunction be defined in the logic?
Eg pi- calculus
In general use finitely supported conjunction
Arbitrary nominal transition systems
86
Lemma: Proof idea: Let PERM be the name permutations that fix P’
B = ^
π∈perm
π · A If P 0 | = A ^ Q0 6| = A then
= B ^ Q0 6| = B ^ supp(B) ✓ supp(P 0)
If there is a distinguising formula for P’ and Q’, then there is one with the support bounded by P’
In general use finitely supported conjunction
87
All definitions and the adequacy theorem formalised in Nominal Isabelle (~2700 loc) Significant new ideas for alpha-equivalence and finite support in data types with infinitary constructors. First ever mechanisation of an infinitely branching nominal datatype.
Out of which 150 loc are definitions and theorems
88
Based on FORTE 2017 paper with Ramūnas Gutkovas Lars-Henrik Eriksson Joachim Parrow Tjark Weber Presentation based on slides by Joachim Parrow
P can evolve to P’ without the environment noticing without interacting with the environment spontaneously silently
89
𝜐 action with empty support (implies bn(𝜐)=∅) representing an unobservable action
P
α
⇒ P 0 P ⇒ P 0 P
ˆ α
⇒ P 0 P ⇒ P 0 P
α
⇒ P 0 if α = τ
P can evolve to P’ through zero or more transitions with observable content 𝛽
defined inductively as
P = P 0 _ P
τ
! ) P 0 P )
α
! ) P 0
defined as defined as
90
A relation R on states satisfying: if R(P,Q) then DEFINITION (simulation)
If P
α
→ P 0 and bn(α)#Q then ∃Q0. Q
α
→ Q0 and R(P 0, Q
91
A relation R on states satisfying: if R(P,Q) then DEFINITION (weak simulation)
If P
α
→ P 0 and bn(α)#Q then ∃Q0. Q
ˆ α
⇒ Q0 and R(P 0, Q0)
92
Should P and Q be equivalent? YES!
If P ` ϕ then Q ` ϕ
Can we re-use the static implication NO!
P Q ϕ τ
Example: transition system with two states,
93
If P ` ϕ then Q ) Q0 ` ϕ
ϕ1 ϕ0 ϕ1 ϕ0 R Q P τ τ
P and Q are weakly similar and satisfy (*) (*)
No Yes
94
Are P and Q observationally equivalent?
S is a weak static implication if S(P,Q) implies
ϕ1 ϕ0 ϕ1 ϕ0 R Q P τ τ
NOT a WSI
{(P, Q), (P, R)} If P ` ϕ then Q ) Q0 ` ϕ and S(P, Q0)
95
P and Q are weakly similar and the relation satisfies (*) (*) No Yes
P P0 P1 Q ϕ ϕ τ α τ α
Not enough by itself!
{(P, Q), (P, P1)} If P ` ϕ then Q ) Q0 ` ϕ and S(P, Q0)
96
Are P and Q observationally equivalent?
is NOT a WSI
P P0 P1 Q ϕ ϕ τ α τ α
{(P, Q), (P0, P0), (P1, P1)}
is a WSI is a weak simulation is NOT a weak simulation
{(P, Q), (P, P1)}
97
A weak bisimulation is a symmetric relation R on states which is both a weak simulation and a weak static implication DEFINITION
If P
α
→ P 0 and bn(α)#Q then ∃Q0. Q
ˆ α
⇒ Q0 and R(P 0, Q0) R(P, Q) implies: If P ` ϕ then Q ) Q0 ` ϕ and R(P, Q0) P
·
≈ Q if R(P, Q) for some weak bisimulation R
98
ϕ1 ϕ0 ϕ1 ϕ0 R Q P τ τ
P Q ϕ τ
P P0 P1 Q ϕ ϕ τ α τ α
P
·
≈ Q P 6
·
⇡ Q P 6
·
⇡ Q No relation is a WSI No relation is both a weak simulation and a WSI {(P, Q), (Q, Q)} is a weak simulation and a WSI
99
P0 P1 ϕ0 ϕ1 τ τ Q ϕ0 ϕ1
Which of the three states are weakly bisimilar? All of them! Let U be the universal relation on all three states U is a weak simulation U is a weak static implication
Note: ϕ0 ∧ ϕ1 is not a state predicate
100
101
α β τ τ ϕ0 ϕ0 ϕ1 ϕ1 T α β τ τ ϕ0 ϕ0 ϕ1 ϕ1
Transformation on transition systems Replace state predicates by self-loop transitions
S(T)
102
THEOREM (State predicate elimination)
P
·
≈T Q iff P
·
≈S(T) Q
For a corresponding transformation on formulas, replacing predicates by actions
P | =S(T) A iff P | =T S−1(A)
103
104
late bisimulation, late congruence,