[PPT] - Overview overview7.5 Introduction Modelling parallel systems PowerPoint Presentation

SLIDE 1

Overview

verview7.5

Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the bisimulation quotient abstraction stutter steps simulation relations ← − ← − ← −

1 / 336

SLIDE 2

Classification of implementation relations

grm5.5-cl

2 / 336

SLIDE 3

Classification of implementation relations

grm5.5-cl

linear vs. branching time

∗ ∗ ∗ linear time: trace relations ∗ ∗ ∗ branching time: (bi)simulation relations

(nonsymmetric) preorders vs. equivalences:

∗ ∗ ∗ preorders: trace inclusion, simulation ∗ ∗ ∗ equivalences: trace equivalence, bisimulation

strong vs. weak relations

∗ ∗ ∗ strong: reasoning about all transitions ∗ ∗ ∗ weak: abstraction from stutter steps

3 / 336

SLIDE 4

Classification of implementation relations

grm5.5-cl

linear vs. branching time

∗ ∗ ∗ linear time: trace relations ∗ ∗ ∗ branching time: (bi)simulation relations

(nonsymmetric) preorders vs. equivalences:

∗ ∗ ∗ preorders: trace inclusion, simulation ∗ ∗ ∗ equivalences: trace equivalence, bisimulation

strong vs. weak relations

∗ ∗ ∗ strong: reasoning about all transitions ∗ ∗ ∗ weak: abstraction from stutter steps

4 / 336

SLIDE 5

Classification of implementation relations

grm5.5-cl

linear vs. branching time

∗ ∗ ∗ linear time: trace relations ∗ ∗ ∗ branching time: (bi)simulation relations

(nonsymmetric) preorders vs. equivalences:

∗ ∗ ∗ preorders: trace inclusion, simulation ∗ ∗ ∗ equivalences: trace equivalence, bisimulation

strong vs. weak relations

∗ ∗ ∗ strong: reasoning about all transitions ∗ ∗ ∗ weak: abstraction from stutter steps

5 / 336

SLIDE 6

The simulation preorder

grm5.5-0

6 / 336

SLIDE 7

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

7 / 336

SLIDE 8

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

plays of central role for abstraction

8 / 336

SLIDE 9

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

plays of central role for abstraction
the BT-analogue to trace inclusion

9 / 336

SLIDE 10

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

plays of central role for abstraction
the BT-analogue to trace inclusion
“unidirected” version of bisimulation:

10 / 336

SLIDE 11

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

plays of central role for abstraction
the BT-analogue to trace inclusion
“unidirected” version of bisimulation:

if T1 T1 T1 is simulated by T2 T2 T2 then T2 T2 T2 can mimick all steps of T1 T1 T1, but possibly has more behaviors

11 / 336

SLIDE 12

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

plays of central role for abstraction
the BT-analogue to trace inclusion
“unidirected” version of bisimulation:

if T1 T1 T1 is simulated by T2 T2 T2 then T2 T2 T2 can mimick all steps of T1 T1 T1, but possibly has more behaviors

relies on a coinductive definition

(as bisimulation equivalence)

12 / 336

SLIDE 13

The simulation preorder

grm5.5-0

is a nonsymmetric branching time relation

plays of central role for abstraction
the BT-analogue to trace inclusion
“unidirected” version of bisimulation:

if T1 T1 T1 is simulated by T2 T2 T2 then T2 T2 T2 can mimick all steps of T1 T1 T1, but possibly has more behaviors

relies on a coinductive definition

(as bisimulation equivalence) here: just strong simulation, i.e., no abstraction from stutter steps

13 / 336

SLIDE 14

Simulation for two TS

bseqor5.1-9a

14 / 336

SLIDE 15

Simulation for two TS

bseqor5.1-9a

let T1 T1 T1 = = = (S1, Act1, →1, S0,1, AP, L1) (S1, Act1, →1, S0,1, AP, L1) (S1, Act1, →1, S0,1, AP, L1) T2 T2 T2 = = = (S2, Act2, →2, S0,2, AP, L2) (S2, Act2, →2, S0,2, AP, L2) (S2, Act2, →2, S0,2, AP, L2) be two transition systems

15 / 336

SLIDE 16

Simulation for two TS

bseqor5.1-9a

let T1 T1 T1 = = = (S1, Act1, →1, S0,1, AP, L1) (S1, Act1, →1, S0,1, AP, L1) (S1, Act1, →1, S0,1, AP, L1) T2 T2 T2 = = = (S2, Act2, →2, S0,2, AP, L2) (S2, Act2, →2, S0,2, AP, L2) (S2, Act2, →2, S0,2, AP, L2) be two transition systems

ver the same set AP

AP AP of atomic propositions

possibly with terminal states

16 / 336

SLIDE 17

Simulation for a pair of TS

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): binary relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t.

17 / 336

SLIDE 18

Simulation for a pair of TS

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): binary relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2)

18 / 336

SLIDE 19

Simulation for a pair of TS

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): binary relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2) (2) for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: ∀s′

1 ∈ Post(s1)

∀s′

1 ∈ Post(s1)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∃s′

2 ∈ Post(s2)

∃s′

2 ∈ Post(s2) s.t. (s′ 1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

19 / 336

SLIDE 20

Simulation for a pair of TS

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): binary relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2) (2) for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: ∀s′

1 ∈ Post(s1)

∀s′

1 ∈ Post(s1)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∃s′

2 ∈ Post(s2)

∃s′

2 ∈ Post(s2) s.t. (s′ 1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

s1 s1 s1 –R R R– s2 s2 s2 



s′

1

s′

1

s′

1

can be completed to s1 s1 s1 –R R R– s2 s2 s2 






s′

1

s′

1

s′

1

–R R R– s′

2

s′

2

s′

2

20 / 336

SLIDE 21

Simulation for a pair of TS

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): binary relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2) (2) for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: ∀s′

1 ∈ Post(s1)

∀s′

1 ∈ Post(s1)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∃s′

2 ∈ Post(s2)

∃s′

2 ∈ Post(s2) s.t. (s′ 1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

s1 s1 s1 –R R R– s2 s2 s2 



s′

1

s′

1

s′

1

can be completed to s1 s1 s1 –R R R– s2 s2 s2 






s′

1

s′

1

s′

1

–R R R– s′

2

s′

2

s′

2

(I) for all initial states s1 s1 s1 of T1 T1 T1 there is an initial state s2 s2 s2 of T2 T2 T2 with (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R

21 / 336

SLIDE 22

Simulation preorder

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) labeling condition (2) stepwise simulation condition (I) initial condition simulation preorder

for TS:

T1 T2 T1 T2 T1 T2

22 / 336

SLIDE 23

Simulation preorder

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) labeling condition (2) stepwise simulation condition (I) initial condition simulation preorder

for TS:

T1 T2 T1 T2 T1 T2 iff

there exists a simulation R

R R for (T1, T2) (T1, T2) (T1, T2)

23 / 336

SLIDE 24

Simulation preorder

bseqor5.1-10

simulation for (T1, T2) (T1, T2) (T1, T2): relation R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) labeling condition (2) stepwise simulation condition (I) initial condition simulation preorder

for TS:

T1 T2 T1 T2 T1 T2 iff

there exists a simulation R

R R for (T1, T2) (T1, T2) (T1, T2) If s1 s1 s1 is a state of T1 T1 T1 and s2 s2 s2 a state of T2 T2 T2 then s1 s2 s1 s2 s1 s2 iff there exists a simulation R R R for (T1, T2) (T1, T2) (T1, T2) such that (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R

24 / 336

SLIDE 25

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select

25 / 336

SLIDE 26

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}:

26 / 336

SLIDE 27

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2

27 / 336

SLIDE 28

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2 simulation for (T1, T2) (T1, T2) (T1, T2):

28 / 336

SLIDE 29

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2 simulation for (T1, T2) (T1, T2) (T1, T2):

(pay, pay),

(pay, pay), (pay, pay), (paid1, select), (paid1, select), (paid1, select), (paid2, select), (paid2, select), (paid2, select), (coke, coke), (coke, coke), (coke, coke), (soda, soda) (soda, soda) (soda, soda)

29 / 336

SLIDE 30

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2, but T2 T1 T2 T1 T2 T1 simulation for (T1, T2) (T1, T2) (T1, T2):

(pay, pay),

(pay, pay), (pay, pay), (paid1, select), (paid1, select), (paid1, select), (paid2, select), (paid2, select), (paid2, select), (coke, coke), (coke, coke), (coke, coke), (soda, soda) (soda, soda) (soda, soda)

30 / 336

SLIDE 31

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2, but T2 T1 T2 T1 T2 T1 for AP = {pay, drink} : AP = {pay, drink} : AP = {pay, drink} :

31 / 336

SLIDE 32

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2, but T2 T1 T2 T1 T2 T1 for AP = {pay, drink} : AP = {pay, drink} : AP = {pay, drink} :

32 / 336

SLIDE 33

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2, but T2 T1 T2 T1 T2 T1 for AP = {pay, drink} : AP = {pay, drink} : AP = {pay, drink} : T1 T2 T1 T2 T1 T2, and T2 T1 T2 T1 T2 T1

33 / 336

SLIDE 34

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2, but T2 T1 T2 T1 T2 T1 for AP = {pay, drink} : AP = {pay, drink} : AP = {pay, drink} : T1 T2 T1 T2 T1 T2, and T2 T1 T2 T1 T2 T1 simulation for (T1, T2) (T1, T2) (T1, T2): as before

34 / 336

SLIDE 35

Two beverage machines

bseqor5.1-8

T1 T1 T1 pay paid1 paid2 coke soda T2 T2 T2 pay coke soda select for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}: T1 T2 T1 T2 T1 T2, but T2 T1 T2 T1 T2 T1 for AP = {pay, drink} : AP = {pay, drink} : AP = {pay, drink} : T1 T2 T1 T2 T1 T2, and T2 T1 T2 T1 T2 T1 simulation for (T2, T1) (T2, T1) (T2, T1):

(pay, pay), (select, paid1), (select, paid2),
(pay, pay), (select, paid1), (select, paid2),
(pay, pay), (select, paid1), (select, paid2),

(coke, coke), (soda, soda)

(coke, coke), (soda, soda)
(coke, coke), (soda, soda)
35 / 336

SLIDE 36

Simulation condition

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s′

1

s′

1

s′

1

can be completed to s1 s1 s1 s1 s1 s1 s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ s′

1

s′

1

s′

1

–R R R– s′

2

s′

2

s′

2

36 / 336

SLIDE 37

Path fragment lifting for simulation R R R

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s1,1 s1,1 s1,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n

37 / 336

SLIDE 38

Path fragment lifting for simulation R R R

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s1,1 s1,1 s1,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n can be completed to

38 / 336

SLIDE 39

Path fragment lifting for simulation R R R

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s1,1 s1,1 s1,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n can be completed to s1 s1 s1 s1 s1 s1 s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ s1,1 s1,1 s1,1 –R R R– s2,1 s2,1 s2,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n

39 / 336

SLIDE 40

Path fragment lifting for simulation R R R

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s1,1 s1,1 s1,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n can be completed to s1 s1 s1 s1 s1 s1 s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ s1,1 s1,1 s1,1 –R R R– s2,1 s2,1 s2,1 ↓ ↓ ↓ ↓ ↓ ↓ s1,2 s1,2 s1,2 –R R R– s2,2 s2,2 s2,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n

40 / 336

SLIDE 41

Path fragment lifting for simulation R R R

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s1,1 s1,1 s1,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n can be completed to s1 s1 s1 s1 s1 s1 s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ s1,1 s1,1 s1,1 –R R R– s2,1 s2,1 s2,1 ↓ ↓ ↓ ↓ ↓ ↓ s1,2 s1,2 s1,2 –R R R– s2,2 s2,2 s2,2 ↓ ↓ ↓ ↓ ↓ ↓ s1,3 s1,3 s1,3 –R R R– s2,3 s2,3 s2,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n

41 / 336

SLIDE 42

Path fragment lifting for simulation R R R

bseqor5.1-9

s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ s1,1 s1,1 s1,1 ↓ ↓ ↓ s1,2 s1,2 s1,2 ↓ ↓ ↓ s1,3 s1,3 s1,3 ↓ ↓ ↓ . . . . . . . . . ↓ ↓ ↓ s1,n s1,n s1,n can be completed to s1 s1 s1 s1 s1 s1 s1 s1 s1 –R R R– s2 s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ s1,1 s1,1 s1,1 –R R R– s2,1 s2,1 s2,1 ↓ ↓ ↓ ↓ ↓ ↓ s1,2 s1,2 s1,2 –R R R– s2,2 s2,2 s2,2 ↓ ↓ ↓ ↓ ↓ ↓ s1,3 s1,3 s1,3 –R R R– s2,3 s2,3 s2,3 ↓ ↓ ↓ ↓ ↓ ↓ . . . . . . . . . . . . . . . . . . ↓ ↓ ↓ ↓ ↓ ↓ s1,n s1,n s1,n –R R R– s2,n s2,n s2,n

42 / 336

SLIDE 43

Correct or wrong?

bseqor5.1-12

43 / 336

SLIDE 44

Correct or wrong?

bseqor5.1-12

s1 s1 s1 s′

1

s′

1

s′

1

s2

s2 s2 s′

2

s′

2

s′

2

correct.

44 / 336

SLIDE 45

Correct or wrong?

bseqor5.1-12

s1 s1 s1 s′

1

s′

1

s′

1

s2

s2 s2 s′

2

s′

2

s′

2

correct. simulation:

(s1, s2), (s′

1, s′ 2)

(s1, s2), (s′

1, s′ 2)

(s1, s2), (s′

1, s′ 2)

45 / 336

SLIDE 46

Correct or wrong?

bseqor5.1-12

s1 s1 s1 s′

1

s′

1

s′

1

s2

s2 s2 s′

2

s′

2

s′

2

correct. simulation:

(s1, s2), (s′

1, s′ 2)

(s1, s2), (s′

1, s′ 2)

(s1, s2), (s′

1, s′ 2)

46 / 336

SLIDE 47

Correct or wrong?

bseqor5.1-12

s1 s1 s1 s′

1

s′

1

s′

1

s2

s2 s2 s′

2

s′

2

s′

2

correct. simulation:

(s1, s2), (s′

1, s′ 2)

(s1, s2), (s′

1, s′ 2)

(s1, s2), (s′

1, s′ 2)

s1

s1 s1 s′

1

s′

1

s′

1

s2

s2 s2 s′

2

s′

2

s′

2

wrong. there is no path fragment in T2 T2 T2 corresponding to the path fragment s1 s′

1 s′ 1

s1 s′

1 s′ 1

s1 s′

1 s′ 1

47 / 336

SLIDE 48

Correct or wrong?

bseqor5.1-13

48 / 336

SLIDE 49

Correct or wrong?

bseqor5.1-13

s1 s1 s1 s′

1

s′

1

s′

1

s′′

2

s′′

2

s′′

2

s2 s2 s2 s′

2

s′

2

s′

2

correct. simulation:

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

49 / 336

SLIDE 50

Correct or wrong?

bseqor5.1-13

s1 s1 s1 s′

1

s′

1

s′

1

s′′

2

s′′

2

s′′

2

s2 s2 s2 s′

2

s′

2

s′

2

correct. simulation:

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

50 / 336

SLIDE 51

Correct or wrong?

bseqor5.1-13

s1 s1 s1 s′

1

s′

1

s′

1

s′′

2

s′′

2

s′′

2

s2 s2 s2 s′

2

s′

2

s′

2

correct. simulation:

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′′ 2)

s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

t′

2

t′

2

t′

2

wrong. s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2 and s′ 1 t′ 2

s′

1 t′ 2

s′

1 t′ 2

51 / 336

SLIDE 52

Simulation preorder ...

bseqor5.1-29

as a relation that compares two transition systems

52 / 336

SLIDE 53

Simulation preorder ...

bseqor5.1-29

as a relation that compares two transition systems

T1 T1 T1 T2 T2 T2

53 / 336

SLIDE 54

Simulation preorder ...

bseqor5.1-29

as a relation that compares two transition systems
as a relation on the states of one transition system

54 / 336

SLIDE 55

Simulation preorder ...

bseqor5.1-29

as a relation that compares two transition systems
as a relation on the states of one transition system

T T T s1 s1 s1 s2 s2 s2 s1 T s2 s1 T s2 s1 T s2 iff ?

55 / 336

SLIDE 56

Simulation preorder ...

bseqor5.1-29

as a relation that compares two transition systems
as a relation on the states of one transition system

T T T s1 s1 s1 s2 s2 s2 s1 s1 s1 Ts1 Ts1 Ts1 Ts2 Ts2 Ts2 s2 s2 s2 s1 T s2 s1 T s2 s1 T s2 iff Ts1 Ts2 Ts1 Ts2 Ts1 Ts2

56 / 336

SLIDE 57

Simulation preorder ...

bseqor5.1-29

as a relation that compares two transition systems
as a relation on the states of one transition system

T T T s1 s1 s1 s2 s2 s2 s1 s1 s1 Ts1 Ts1 Ts1 Ts2 Ts2 Ts2 s2 s2 s2 s1 T s2 s1 T s2 s1 T s2 iff Ts1 Ts2 Ts1 Ts2 Ts1 Ts2 iff there exists a simulation R R R for T T T with (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R

57 / 336

SLIDE 58

Simulation preorder for a single TS

bseqor5.1-30

Let T = (S, Act, →, . . .) T = (S, Act, →, . . .) T = (S, Act, →, . . .) be a transition system. The simulation preorder T T T is the coarsest relation

n S

S S such that for all states s1 s1 s1, s2 ∈ S s2 ∈ S s2 ∈ S with s1 T s2 s1 T s2 s1 T s2:

58 / 336

SLIDE 59

Simulation preorder for a single TS

bseqor5.1-30

Let T = (S, Act, →, . . .) T = (S, Act, →, . . .) T = (S, Act, →, . . .) be a transition system. The simulation preorder T T T is the coarsest relation

n S

S S such that for all states s1 s1 s1, s2 ∈ S s2 ∈ S s2 ∈ S with s1 T s2 s1 T s2 s1 T s2: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) . . . . . . . . .

59 / 336

SLIDE 60

Simulation preorder for a single TS

bseqor5.1-30

Let T = (S, Act, →, . . .) T = (S, Act, →, . . .) T = (S, Act, →, . . .) be a transition system. The simulation preorder T T T is the coarsest relation

n S

S S such that for all states s1 s1 s1, s2 ∈ S s2 ∈ S s2 ∈ S with s1 T s2 s1 T s2 s1 T s2: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) each transition of s1 s1 s1 can be mimicked by a transition of s2 s2 s2

60 / 336

SLIDE 61

Simulation preorder for a single TS

bseqor5.1-30

Let T = (S, Act, →, . . .) T = (S, Act, →, . . .) T = (S, Act, →, . . .) be a transition system. The simulation preorder T T T is the coarsest relation

n S

S S such that for all states s1 s1 s1, s2 ∈ S s2 ∈ S s2 ∈ S with s1 T s2 s1 T s2 s1 T s2: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) each transition of s1 s1 s1 can be mimicked by a transition of s2 s2 s2 s1 s1 s1 T T T s2 s2 s2 



s′

1

s′

1

s′

1

can be completed to s1 s1 s1 T T T s2 s2 s2 






s′

1

s′

1

s′

1

T T T s′

2

s′

2

s′

2

61 / 336

SLIDE 62

Simulation preorder for a single TS

bseqor5.1-30

Let T = (S, Act, →, . . .) T = (S, Act, →, . . .) T = (S, Act, →, . . .) be a transition system. The simulation preorder T T T is the coarsest relation

n S

S S such that for all states s1 s1 s1, s2 ∈ S s2 ∈ S s2 ∈ S with s1 T s2 s1 T s2 s1 T s2: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) each transition of s1 s1 s1 can be mimicked by a transition of s2 s2 s2 T T T is a preorder, i.e., transitive and reflexive.

62 / 336

SLIDE 63

Simulation for a TS

bseqor5.1-10a

Let T T T be a transition system with state space S S S. A simulation for T T T is a binary relation R ⊆ S × S R ⊆ S × S R ⊆ S × S s.t.

63 / 336

SLIDE 64

Simulation for a TS

bseqor5.1-10a

Let T T T be a transition system with state space S S S. A simulation for T T T is a binary relation R ⊆ S × S R ⊆ S × S R ⊆ S × S s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) . . . . . . . . .

64 / 336

SLIDE 65

Simulation for a TS

bseqor5.1-10a

Let T T T be a transition system with state space S S S. A simulation for T T T is a binary relation R ⊆ S × S R ⊆ S × S R ⊆ S × S s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: ∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2) s.t. (s′ 1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

65 / 336

SLIDE 66

Simulation for a TS

bseqor5.1-10a

Let T T T be a transition system with state space S S S. A simulation for T T T is a binary relation R ⊆ S × S R ⊆ S × S R ⊆ S × S s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: ∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2) s.t. (s′ 1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

s1 s1 s1 –R R R– s2 s2 s2 



s′

1

s′

1

s′

1

can be completed to s1 s1 s1 –R R R– s2 s2 s2 






s′

1

s′

1

s′

1

–R R R– s′

2

s′

2

s′

2

66 / 336

SLIDE 67

Simulation preorder T T T

bseqor5.1-10a

Let T T T be a transition system with state space S S S. A simulation for T T T is a binary relation R ⊆ S × S R ⊆ S × S R ⊆ S × S s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: ∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2)

∀s′

1 ∈ Post(s1) ∃s′ 2 ∈ Post(s2) s.t. (s′ 1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

(s′

1, s′ 2) ∈ R

simulation preorder T T T : s1 T s2 s1 T s2 s1 T s2 iff there exists a simulation R R R for T T T s.t. (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R

67 / 336

SLIDE 68

Path fragment lifting for T T T

bseqor5.1-23

s1 s1 s1 T T T s2 s2 s2 



s1,1

s1,1 s1,1 



s1,2

s1,2 s1,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n

68 / 336

SLIDE 69

Path fragment lifting for T T T

bseqor5.1-23

s1 s1 s1 T T T s2 s2 s2 



s1,1

s1,1 s1,1 



s1,2

s1,2 s1,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n can be completed to

69 / 336

SLIDE 70

Path fragment lifting for T T T

bseqor5.1-23

s1 s1 s1 T T T s2 s2 s2 



s1,1

s1,1 s1,1 



s1,2

s1,2 s1,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n can be completed to s1 s1 s1 T T T s2 s2 s2 






s1,1

s1,1 s1,1 T T T s2,1 s2,1 s2,1 



s1,2

s1,2 s1,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n

70 / 336

SLIDE 71

Path fragment lifting for T T T

bseqor5.1-23

s1 s1 s1 T T T s2 s2 s2 



s1,1

s1,1 s1,1 



s1,2

s1,2 s1,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n can be completed to s1 s1 s1 T T T s2 s2 s2 






s1,1

s1,1 s1,1 T T T s2,1 s2,1 s2,1 






s1,2

s1,2 s1,2 T T T s2,2 s2,2 s2,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n

71 / 336

SLIDE 72

Path fragment lifting for T T T

bseqor5.1-23

s1 s1 s1 T T T s2 s2 s2 



s1,1

s1,1 s1,1 



s1,2

s1,2 s1,2 



s1,3

s1,3 s1,3 



.

. . . . . . . . 



s1,n

s1,n s1,n can be completed to s1 s1 s1 T T T s2 s2 s2 






s1,1

s1,1 s1,1 T T T s2,1 s2,1 s2,1 






s1,2

s1,2 s1,2 T T T s2,2 s2,2 s2,2 






s1,3

s1,3 s1,3 T T T s2,3 s2,3 s2,3 






.

. . . . . . . . . . . . . . . . . 






s1,n

s1,n s1,n T T T s2,n s2,n s2,n

72 / 336

SLIDE 73

Example: simulation preorder T T T

bseqor5.1-33

s1 s1 s1 s2 s2 s2 s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

{a} {a} {a} {a} {a} {a} ∅ ∅ ∅ ∅ ∅ ∅ s1 T s2 s1 T s2 s1 T s2

73 / 336

SLIDE 74

Example: simulation preorder T T T

bseqor5.1-33

s1 s1 s1 s2 s2 s2 s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

{a} {a} {a} {a} {a} {a} ∅ ∅ ∅ ∅ ∅ ∅ s1 T s2 s1 T s2 s1 T s2 as

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

is a simulation for T

T T

74 / 336

SLIDE 75

Example: simulation preorder T T T

bseqor5.1-33

s1 s1 s1 s2 s2 s2 s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

{a} {a} {a} {a} {a} {a} ∅ ∅ ∅ ∅ ∅ ∅ Ts1 Ts1 Ts1 Ts2 Ts2 Ts2

s1 T s2

s1 T s2 s1 T s2 as

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

is a simulation for T

T T

75 / 336

SLIDE 76

Example: simulation preorder T T T

bseqor5.1-33

s1 s1 s1 s2 s2 s2 s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

{a} {a} {a} {a} {a} {a} ∅ ∅ ∅ ∅ ∅ ∅ Ts1 Ts1 Ts1 Ts2 Ts2 Ts2

s1 T s2

s1 T s2 s1 T s2 as

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

(s1, s2), (s′

1, s′ 2), (s′ 1, s′ 1)

is a simulation for T

T T s1 → s′

1 → s′ 1 → s′ 1 → ...

s1 → s′

1 → s′ 1 → s′ 1 → ...

s1 → s′

1 → s′ 1 → s′ 1 → ...

is simulated by s2 → s′

2 → s′ 1 → s′ 1 → ...

s2 → s′

2 → s′ 1 → s′ 1 → ...

s2 → s′

2 → s′ 1 → s′ 1 → ...

76 / 336

SLIDE 77

Abstraction and simulation

grm5.5-6

77 / 336

SLIDE 78

Abstraction and simulation

grm5.5-6

transition system T T T with state space S S S

78 / 336

SLIDE 79

Abstraction and simulation

grm5.5-6

transition system T T T with state space S S S “small” abstract state space S′ S′ S′

79 / 336

SLIDE 80

Abstraction and simulation

grm5.5-6

transition system T T T with state space S S S s s s f (s) f (s) f (s) abstraction function f f f abstract transition system Tf Tf Tf with state space S′ S′ S′

80 / 336

SLIDE 81

Abstraction and simulation

grm5.5-6

transition system T T T with state space S S S s s s f (s) f (s) f (s) abstraction function f f f abstract transition system Tf Tf Tf with state space S′ S′ S′ lifting of transitions: s − → s′ f (s) − → f (s′) s − → s′ f (s) − → f (s′) s − → s′ f (s) − → f (s′)

81 / 336

SLIDE 82

Abstraction and simulation

grm5.5-6

transition system T T T with state space S S S s s s f (s) f (s) f (s) abstraction function f f f s′ s′ s′ f (s′) f (s′) f (s′) abstract transition system Tf Tf Tf with state space S′ S′ S′ lifting of transitions: s − → s′ f (s) − → f (s′) s − → s′ f (s) − → f (s′) s − → s′ f (s) − → f (s′)

82 / 336

SLIDE 83

Abstraction and simulation

grm5.5-6a

given: transition system T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) set S′ S′ S′ and abstraction function f : S → S′ f : S → S′ f : S → S′ s.t. L(s) = L(t) L(s) = L(t) L(s) = L(t) if f (s) = f (t) f (s) = f (t) f (s) = f (t) for all s, t ∈ S s, t ∈ S s, t ∈ S

83 / 336

SLIDE 84

Abstraction and simulation

grm5.5-6a

given: transition system T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) set S′ S′ S′ and abstraction function f : S → S′ f : S → S′ f : S → S′ s.t. L(s) = L(t) L(s) = L(t) L(s) = L(t) if f (s) = f (t) f (s) = f (t) f (s) = f (t) for all s, t ∈ S s, t ∈ S s, t ∈ S goal: define abstract transition system Tf Tf Tf with state space S′ S′ S′ s.t. T Tf T Tf T Tf

84 / 336

SLIDE 85

Abstraction and simulation

grm5.5-6a

abstraction function f : S → S′ f : S → S′ f : S → S′ s.t. L(s) = L(t) L(s) = L(t) L(s) = L(t) if f (s) = f (t) f (s) = f (t) f (s) = f (t) for all s, t ∈ S s, t ∈ S s, t ∈ S transition system T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L)

abstract transition system

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

85 / 336

SLIDE 86

Abstraction and simulation

grm5.5-6a

abstraction function f : S → S′ f : S → S′ f : S → S′ s.t. L(s) = L(t) L(s) = L(t) L(s) = L(t) if f (s) = f (t) f (s) = f (t) f (s) = f (t) for all s, t ∈ S s, t ∈ S s, t ∈ S transition system T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L)

abstract transition system

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

where S′

0 =

f (s0) : s0 ∈ S0
S′

0 =

f (s0) : s0 ∈ S0
S′

0 =

f (s0) : s0 ∈ S0
and L′(f (s)) = L(s)

L′(f (s)) = L(s) L′(f (s)) = L(s) s − → s′ f (s) − →f f (s′) s − → s′ f (s) − →f f (s′) s − → s′ f (s) − →f f (s′)

86 / 336

SLIDE 87

Abstraction and simulation

grm5.5-6a

abstraction function f : S → S′ f : S → S′ f : S → S′ s.t. L(s) = L(t) L(s) = L(t) L(s) = L(t) if f (s) = f (t) f (s) = f (t) f (s) = f (t) for all s, t ∈ S s, t ∈ S s, t ∈ S transition system T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L)

abstract transition system

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Then T Tf T Tf T Tf

87 / 336

SLIDE 88

Abstraction and simulation

grm5.5-6a

abstraction function f : S → S′ f : S → S′ f : S → S′ s.t. L(s) = L(t) L(s) = L(t) L(s) = L(t) if f (s) = f (t) f (s) = f (t) f (s) = f (t) for all s, t ∈ S s, t ∈ S s, t ∈ S transition system T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L) T = (S, Act, − →, S0, AP, L)

abstract transition system

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Tf = (S′, Act′, − →f , S′

0, AP, L′)

Then T Tf T Tf T Tf ← − ← − ← − R =

s, f (s) : s ∈ S
R =
s, f (s) : s ∈ S
R =
s, f (s) : s ∈ S
is a

simulation for (T , Tf ) (T , Tf ) (T , Tf )

88 / 336

SLIDE 89

Data abstraction

grm5.5-7

WHILE x > 0 x > 0 x > 0 DO x := x−1; x := x−1; x := x−1; y := y+1 y := y+1 y := y+1 OD IF even(y) even(y) even(y) THEN return “1 1 1” ELSE return “0 0” FI x ∈ N x ∈ N x ∈ N y ∈ N y ∈ N y ∈ N

89 / 336

SLIDE 90

Data abstraction

grm5.5-7

WHILE x > 0 x > 0 x > 0 DO x := x−1; x := x−1; x := x−1; y := y+1 y := y+1 y := y+1 OD IF even(y) even(y) even(y) THEN return “1 1 1” ELSE return “0 0” FI data abstr.

− → − → − →

x ∈ N x ∈ N x ∈ N y ∈ N y ∈ N y ∈ N − → − → − → − → − → − → x x x ∈ ∈ ∈ {gzero, zero} {gzero, zero} {gzero, zero} y y y ∈ ∈ ∈ {even, odd} {even, odd} {even, odd}

90 / 336

SLIDE 91

Data abstraction

grm5.5-7

WHILE x > 0 x > 0 x > 0 DO x := x−1; x := x−1; x := x−1; y := y+1 y := y+1 y := y+1 OD IF even(y) even(y) even(y) THEN return “1 1 1” ELSE return “0 0” FI data abstr.

− → − → − →

WHILE x = gzero x = gzero x = gzero DO x := gzero x := gzero x := gzero or x := zero x := zero x := zero IF y = even y = even y = even THEN y := odd y := odd y := odd ELSE y := even y := even y := even FI OD IF y = even y = even y = even THEN return “1 1 1” ELSE return “0 0” FI x ∈ N x ∈ N x ∈ N y ∈ N y ∈ N y ∈ N − → − → − → − → − → − → x x x ∈ ∈ ∈ {gzero, zero} {gzero, zero} {gzero, zero} y y y ∈ ∈ ∈ {even, odd} {even, odd} {even, odd}

91 / 336

SLIDE 92

Data abstraction

grm5.5-7

WHILE x > 0 x > 0 x > 0 DO x := x−1; x := x−1; x := x−1; y := y+1 y := y+1 y := y+1 OD IF even(y) even(y) even(y) THEN return “1 1 1” ELSE return “0 0” FI data abstr.

− → − → − →

WHILE x = gzero x = gzero x = gzero DO x := gzero x := gzero x := gzero or x := zero x := zero x := zero IF y = even y = even y = even THEN y := odd y := odd y := odd ELSE y := even y := even y := even FI OD IF y = even y = even y = even THEN return “1 1 1” ELSE return “0 0” FI concrete operation

abstract operation

92 / 336

SLIDE 93

Data abstraction

grm5.5-7

WHILE x > 0 x > 0 x > 0 DO x := x−1; x := x−1; x := x−1; y := y+1 y := y+1 y := y+1 OD IF even(y) even(y) even(y) THEN return “1 1 1” ELSE return “0 0” FI data abstr.

− → − → − →

WHILE x = gzero x = gzero x = gzero DO x := gzero x := gzero x := gzero or x := zero x := zero x := zero IF y = even y = even y = even THEN y := odd y := odd y := odd ELSE y := even y := even y := even FI OD IF y = even y = even y = even THEN return “1 1 1” ELSE return “0 0” FI concrete operation x := x−1 x := x−1 x := x−1

abstract operation, e.g.,

gzero → gzero or zero gzero → gzero or zero gzero → gzero or zero

93 / 336

SLIDE 94

Abstraction and simulation

grm5.5-8

abstract TS simulates the concrete one

94 / 336

SLIDE 95

WHILE x > 0 x > 0 x > 0 DO x := x−1 x := x−1 x := x−1 y := y+1 y := y+1 y := y+1 OD IF even(y) even(y) even(y) THEN return 1 1 1 ELSE return 0 WHILE x = gzero x = gzero x = gzero DO x := gzero x := gzero x := gzero or x := zero x := zero x := zero IF y = even y = even y = even THEN y := odd y := odd y := odd ELSE y := even y := even y := even FI OD IF y = even y = even y = even THEN return 1 1 1 ELSE return 0 FI

95 / 336

SLIDE 96

ℓ0 ℓ0 ℓ0 WHILE x > 0 x > 0 x > 0 DO ℓ1 ℓ1 ℓ1 x := x−1 x := x−1 x := x−1 ℓ2 ℓ2 ℓ2 y := y+1 y := y+1 y := y+1 OD ℓ3 ℓ3 ℓ3 IF even(y) even(y) even(y) ℓ4 ℓ4 ℓ4 THEN return 1 1 1 ℓ5 ℓ5 ℓ5 ELSE return 0 ℓ0 ℓ0 ℓ0 WHILE x = gzero x = gzero x = gzero DO ℓ1 ℓ1 ℓ1 x := gzero x := gzero x := gzero or x := zero x := zero x := zero ℓ2 ℓ2 ℓ2 IF y = even y = even y = even THEN y := odd y := odd y := odd ELSE y := even y := even y := even FI OD ℓ3 ℓ3 ℓ3 IF y = even y = even y = even ℓ4 ℓ4 ℓ4 THEN return 1 1 1 ℓ5 ℓ5 ℓ5 ELSE return 0 FI ℓ0 ℓ0 ℓ0 x=2 x=2 x=2 y=0 y=0 y=0 ℓ1 ℓ1 ℓ1 x=2 x=2 x=2 y=0 y=0 y=0 ℓ2 ℓ2 ℓ2 x=1 x=1 x=1 y=0 y=0 y=0 ℓ0 ℓ0 ℓ0 x=1 x=1 x=1 y=1 y=1 y=1 ℓ1 ℓ1 ℓ1 x=1 x=1 x=1 y=1 y=1 y=1 ℓ0 ℓ0 ℓ0 gzero gzero gzero even even even ℓ1 ℓ1 ℓ1 gzero gzero gzero even even even ℓ2 ℓ2 ℓ2 gzero gzero gzero even even even ℓ0 ℓ0 ℓ0 gzero gzero gzero odd

dd
dd

ℓ1 ℓ1 ℓ1 gzero gzero gzero odd

dd
dd

... ... ... ℓ2 ℓ2 ℓ2 zero zero zero even even even ℓ0 ℓ0 ℓ0 zero zero zero odd

dd
dd

ℓ3 ℓ3 ℓ3 ......

96 / 336

SLIDE 97

ℓ0 ℓ0 ℓ0 WHILE x > 0 x > 0 x > 0 DO ℓ1 ℓ1 ℓ1 x := x−1 x := x−1 x := x−1 ℓ2 ℓ2 ℓ2 y := y+1 y := y+1 y := y+1 OD ℓ3 ℓ3 ℓ3 IF even(y) even(y) even(y) ℓ4 ℓ4 ℓ4 THEN return 1 1 1 ℓ5 ℓ5 ℓ5 ELSE return 0 ℓ0 ℓ0 ℓ0 WHILE x = gzero x = gzero x = gzero DO ℓ1 ℓ1 ℓ1 x := gzero x := gzero x := gzero or x := zero x := zero x := zero ℓ2 ℓ2 ℓ2 IF y = even y = even y = even THEN y := odd y := odd y := odd ELSE y := even y := even y := even FI OD ℓ3 ℓ3 ℓ3 IF y = even y = even y = even ℓ4 ℓ4 ℓ4 THEN return 1 1 1 ℓ5 ℓ5 ℓ5 ELSE return 0 FI ℓ0 ℓ0 ℓ0 x=2 x=2 x=2 y=0 y=0 y=0 ℓ1 ℓ1 ℓ1 x=2 x=2 x=2 y=0 y=0 y=0 ℓ2 ℓ2 ℓ2 x=1 x=1 x=1 y=0 y=0 y=0 ℓ0 ℓ0 ℓ0 x=1 x=1 x=1 y=1 y=1 y=1 ℓ1 ℓ1 ℓ1 x=1 x=1 x=1 y=1 y=1 y=1 ℓ0 ℓ0 ℓ0 gzero gzero gzero even even even ℓ1 ℓ1 ℓ1 gzero gzero gzero even even even ℓ2 ℓ2 ℓ2 gzero gzero gzero even even even ℓ0 ℓ0 ℓ0 gzero gzero gzero odd

dd
dd

ℓ1 ℓ1 ℓ1 gzero gzero gzero odd

dd
dd

... ... ... ℓ2 ℓ2 ℓ2 zero zero zero even even even ℓ0 ℓ0 ℓ0 zero zero zero odd

dd
dd

ℓ3 ℓ3 ℓ3 ......

97 / 336

SLIDE 98

Simulation preorder vs. and trace inclusion

bseqor5.1-25

98 / 336

SLIDE 99

Simulation preorder vs. and trace inclusion

bseqor5.1-25

T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2)

99 / 336

SLIDE 100

Simulation preorder vs. and trace inclusion

bseqor5.1-25

T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) reason: path fragment lifting for

100 / 336

SLIDE 101

Simulation preorder vs. and trace inclusion

bseqor5.1-25

T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) if T1 T1 T1 does not have terminal states, then: T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2)

101 / 336

SLIDE 102

Simulation preorder vs. and trace inclusion

bseqor5.1-25

T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) if T1 T1 T1 does not have terminal states, then: T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) ... does not hold if T1 T1 T1 has terminal states ... T1 T1 T1 ∅ ∅ ∅ ∅ ∅ ∅ T2 T2 T2 ∅ ∅ ∅

102 / 336

SLIDE 103

Simulation preorder vs. and trace inclusion

bseqor5.1-25

T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) if T1 T1 T1 does not have terminal states, then: T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) ... does not hold if T1 T1 T1 has terminal states ... T1 T1 T1 ∅ ∅ ∅ ∅ ∅ ∅ T1 T2 T1 T2 T1 T2 T2 T2 T2 ∅ ∅ ∅

103 / 336

SLIDE 104

Simulation preorder vs. and trace inclusion

bseqor5.1-25

T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) T1 T2 = ⇒ Tracesfin(T1) ⊆ Tracesfin(T2) if T1 T1 T1 does not have terminal states, then: T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) T1 T2 = ⇒ Traces(T1) ⊆ Traces(T2) ... does not hold if T1 T1 T1 has terminal states ... T1 T1 T1 ∅ ∅ ∅ ∅ ∅ ∅ T1 T2 T1 T2 T1 T2 T2 T2 T2 ∅ ∅ ∅ Traces(T1) = { ∅ ∅ } = { ∅ω } = Traces(T2) Traces(T1) = { ∅ ∅ } = { ∅ω } = Traces(T2) Traces(T1) = { ∅ ∅ } = { ∅ω } = Traces(T2)

104 / 336

SLIDE 105

Path fragment lifting

bseqor5.1-26

105 / 336

SLIDE 106

simulation preorder s1 s1 s1

s2

s2 s2 s1 s1 s1

s2

s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ s11 s11 s11 s11 s11 s11 ↓ ↓ ↓ ↓ ↓ ↓ s12 s12 s12 s12 s12 s12 ↓ ↓ ↓ ↓ ↓ ↓ . . . . . . . . . s13 s13 s13 ↓ ↓ ↓ ↓ ↓ ↓ s1n s1n s1n s14 s14 s14 . . . . . . . . . terminal finite path infinite path

106 / 336

SLIDE 107

simulation preorder s1 s1 s1

s2

s2 s2 s1 s1 s1

s2

s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ s11 s11 s11

s21

s21 s21 s11 s11 s11

s21

s21 s21 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ s12 s12 s12

s22

s22 s22 s12 s12 s12

s22

s22 s22 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ . . . . . . . . . . . . . . . . . . s13 s13 s13

s23

s23 s23 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ s1n s1n s1n

s2n

s2n s2n s14 s14 s14

s24

s24 s24 . . . . . . . . . . . . . . . . . . terminal finite path not necessarily terminal infinite path infinite path

107 / 336

SLIDE 108

simulation preorder bisimulation s1 s1 s1

s2

s2 s2 s1 s1 s1 ∼ ∼ ∼ s2 s2 s2 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ s11 s11 s11

s21

s21 s21 s11 s11 s11 ∼ ∼ ∼ s21 s21 s21 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ s12 s12 s12

s22

s22 s22 s12 s12 s12 ∼ ∼ ∼ s22 s22 s22 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ s1n s1n s1n

s2n

s2n s2n s1n s1n s1n ∼ ∼ ∼ s2n s2n s2n terminal finite path not necessarily terminal terminal finite path terminal finite path

108 / 336

SLIDE 109

Simulation equivalence ≃ ≃ ≃

bseqor5.1-16

109 / 336

SLIDE 110

Simulation equivalence ≃ ≃ ≃

bseqor5.1-16

kernel of the simulation preorder, i.e., ≃ = ∩ −1 ≃ = ∩ −1 ≃ = ∩ −1

110 / 336

SLIDE 111

Simulation equivalence ≃T ≃T ≃T

bseqor5.1-16

kernel of the simulation preorder, i.e., ≃ = ∩ −1 ≃ = ∩ −1 ≃ = ∩ −1 For TS T1 T1 T1 and T2 T2 T2 over the same set of atomic propositions: T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 iff T1 T2 T1 T2 T1 T2 and T2 T1 T2 T1 T2 T1

111 / 336

SLIDE 112

Simulation equivalence ≃T ≃T ≃T

bseqor5.1-16

kernel of the simulation preorder, i.e., ≃ = ∩ −1 ≃ = ∩ −1 ≃ = ∩ −1 For TS T1 T1 T1 and T2 T2 T2 over the same set of atomic propositions: T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 iff T1 T2 T1 T2 T1 T2 and T2 T1 T2 T1 T2 T1 for states s1 s1 s1 and s2 s2 s2 of a TS T T T : s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 iff s1 T s2 s1 T s2 s1 T s2 and s2 T s1 s2 T s1 s2 T s1

112 / 336

SLIDE 113

Two beverage machines

bseqor5.1-17

T1 T1 T1: pay pay pay coke coke coke soda soda soda s1 s1 s1 T2 T2 T2: pay pay pay s2 s2 s2 s′

2

s′

2

s′

2

coke coke coke soda soda soda for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda}

113 / 336

SLIDE 114

Two beverage machines

bseqor5.1-17

T1 T1 T1: pay pay pay coke coke coke soda soda soda s1 s1 s1 T2 T2 T2: pay pay pay s2 s2 s2 s′

2

s′

2

s′

2

coke coke coke soda soda soda for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda} T2 T1 T2 T1 T2 T1, but T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

114 / 336

SLIDE 115

Two beverage machines

bseqor5.1-17

T1 T1 T1: pay pay pay coke coke coke soda soda soda s1 s1 s1 T2 T2 T2: pay pay pay s2 s2 s2 s′

2

s′

2

s′

2

coke coke coke soda soda soda for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda} T2 T1 T2 T1 T2 T1, but T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 ← − ← − ← − since T1 T2 T1 T2 T1 T2

115 / 336

SLIDE 116

Two beverage machines

bseqor5.1-17

T1 T1 T1: pay pay pay coke coke coke soda soda soda s1 s1 s1 T2 T2 T2: pay pay pay s2 s2 s2 s′

2

s′

2

s′

2

coke coke coke soda soda soda for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda} T2 T1 T2 T1 T2 T1, but T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 ← − ← − ← − since T1 T2 T1 T2 T1 T2 for AP = {pay, drink} AP = {pay, drink} AP = {pay, drink}:

116 / 336

SLIDE 117

Two beverage machines

bseqor5.1-17

T1 T1 T1: pay pay pay coke coke coke soda soda soda s1 s1 s1 T2 T2 T2: pay pay pay s2 s2 s2 s′

2

s′

2

s′

2

coke coke coke soda soda soda for AP = {pay, coke, soda} AP = {pay, coke, soda} AP = {pay, coke, soda} T2 T1 T2 T1 T2 T1, but T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 ← − ← − ← − since T1 T2 T1 T2 T1 T2 for AP = {pay, drink} AP = {pay, drink} AP = {pay, drink}: T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

117 / 336

SLIDE 118

Example: simulation equivalent TS

bseqor5.1-16a

T1 T1 T1: s1 s1 s1 t1 t1 t1 u1 u1 u1 T2 T2 T2: s2 s2 s2 t3 t3 t3 t2 t2 t2 u2 u2 u2

118 / 336

SLIDE 119

Example: simulation equivalent TS

bseqor5.1-16a

T1 T1 T1: s1 s1 s1 t1 t1 t1 u1 u1 u1 T2 T2 T2: s2 s2 s2 t3 t3 t3 t2 t2 t2 u2 u2 u2 simulation for (T1, T2) (T1, T2) (T1, T2): {(s1, s2), (t1, t2), (u1, u2)} {(s1, s2), (t1, t2), (u1, u2)} {(s1, s2), (t1, t2), (u1, u2)}

119 / 336

SLIDE 120

Example: simulation equivalent TS

bseqor5.1-16a

T1 T1 T1: s1 s1 s1 t1 t1 t1 u1 u1 u1 T2 T2 T2: s2 s2 s2 t3 t3 t3 t2 t2 t2 u2 u2 u2 simulation for (T1, T2) (T1, T2) (T1, T2): {(s1, s2), (t1, t2), (u1, u2)} {(s1, s2), (t1, t2), (u1, u2)} {(s1, s2), (t1, t2), (u1, u2)} simulation for (T2, T1) (T2, T1) (T2, T1): {(s2, s1), (t2, t1), (t3, t1), (u2, u1)} {(s2, s1), (t2, t1), (t3, t1), (u2, u1)} {(s2, s1), (t2, t1), (t3, t1), (u2, u1)}

120 / 336

SLIDE 121

Bisimulation vs. simulation equivalence

bseqor5.1-21

121 / 336

SLIDE 122

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃

122 / 336

SLIDE 123

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃ That is:

1. T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 2. there exist TS T1 T1 T1 and T2 T2 T2 s.t. T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 and T1 ∼ T2 T1 ∼ T2 T1 ∼ T2

123 / 336

SLIDE 124

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃ That is:

1. T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 Proof: Let R R R is a bisimulation for (T1, T2) (T1, T2) (T1, T2). 2. there exist TS T1 T1 T1 and T2 T2 T2 s.t. T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 and T1 ∼ T2 T1 ∼ T2 T1 ∼ T2

124 / 336

SLIDE 125

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃ That is:

1. T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 Proof: Let R R R is a bisimulation for (T1, T2) (T1, T2) (T1, T2).

R

R R is a simulation for (T1, T2) (T1, T2) (T1, T2) 2. there exist TS T1 T1 T1 and T2 T2 T2 s.t. T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 and T1 ∼ T2 T1 ∼ T2 T1 ∼ T2

125 / 336

SLIDE 126

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃ That is:

1. T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 Proof: Let R R R is a bisimulation for (T1, T2) (T1, T2) (T1, T2).

R

R R is a simulation for (T1, T2) (T1, T2) (T1, T2) = ⇒ = ⇒ = ⇒ T1 T2 T1 T2 T1 T2 2. there exist TS T1 T1 T1 and T2 T2 T2 s.t. T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 and T1 ∼ T2 T1 ∼ T2 T1 ∼ T2

126 / 336

SLIDE 127

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃ That is:

1. T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 Proof: Let R R R is a bisimulation for (T1, T2) (T1, T2) (T1, T2).

R

R R is a simulation for (T1, T2) (T1, T2) (T1, T2) = ⇒ = ⇒ = ⇒ T1 T2 T1 T2 T1 T2

R−1

R−1 R−1 is a simulation for (T2, T1) (T2, T1) (T2, T1) 2. there exist TS T1 T1 T1 and T2 T2 T2 s.t. T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 and T1 ∼ T2 T1 ∼ T2 T1 ∼ T2

127 / 336

SLIDE 128

Bisimulation vs. simulation equivalence

bseqor5.1-21

Bisimulation equivalence ∼ ∼ ∼ is strictly finer than simulation equivalence ≃ ≃ ≃ That is:

1. T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 Proof: Let R R R is a bisimulation for (T1, T2) (T1, T2) (T1, T2).

R

R R is a simulation for (T1, T2) (T1, T2) (T1, T2) = ⇒ = ⇒ = ⇒ T1 T2 T1 T2 T1 T2

R−1

R−1 R−1 is a simulation for (T2, T1) (T2, T1) (T2, T1) = ⇒ = ⇒ = ⇒ T2 T1 T2 T1 T2 T1 2. there exist TS T1 T1 T1 and T2 T2 T2 s.t. T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 and T1 ∼ T2 T1 ∼ T2 T1 ∼ T2

128 / 336

SLIDE 129

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

129 / 336

SLIDE 130

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼

130 / 336

SLIDE 131

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

131 / 336

SLIDE 132

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2

132 / 336

SLIDE 133

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2

T1 T1 T1 T2 T2 T2

133 / 336

SLIDE 134

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2

T1 T1 T1 T2 T2 T2

∼ ∼ ∼

134 / 336

SLIDE 135

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2

T1 T1 T1 T2 T2 T2

≃ ≃ ≃ ∼ ∼ ∼

135 / 336

SLIDE 136

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2

T1 T1 T1 T2 T2 T2

≃ ≃ ≃ ∼ ∼ ∼

T2 T1 T2 T1 T2 T1, as T2 T2 T2 is a “subsystem” of T1 T1 T1

136 / 336

SLIDE 137

bisimulation equivalence s1 s1 s1 s2 s2 s2 ∼ ∼ ∼ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

∼ ∼ ∼ simulation equivalence s1 s1 s1 s2 s2 s2 ≃ ≃ ≃ s′

1

s′

1

s′

1

s′

2

s′

2

s′

2

s′

1 s′ 2

s′

1 s′ 2

s′

1 s′ 2

T1 T1 T1 T2 T2 T2

≃ ≃ ≃ ∼ ∼ ∼

s1 s1 s1 s2 s2 s2 s′

1

s′

1

s′

1

s′′

1

s′′

1

s′′

1

s′

2

s′

2

s′

2

u2 u2 u2 v2 v2 v2 u1 u1 u1 v1 v1 v1 simulation for (T1, T2) (T1, T2) (T1, T2):

(s1, s2), (s′

1, s′ 2), (s′′ 1, s′ 2), (u1, u2), (v1, v2)

(s1, s2), (s′

1, s′ 2), (s′′ 1, s′ 2), (u1, u2), (v1, v2)

(s1, s2), (s′

1, s′ 2), (s′′ 1, s′ 2), (u1, u2), (v1, v2)

137 / 336

SLIDE 138

Simulation vs trace equivalence

bseqor5.1-24 138 / 336

SLIDE 139

Simulation vs trace equivalence

bseqor5.1-24

T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

=

⇒

=

⇒

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

139 / 336

SLIDE 140

Simulation vs trace equivalence

bseqor5.1-24

T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

=

⇒

=

⇒

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) ≃ ≃ ≃ not trace equivalent but simulation equivalent

140 / 336

SLIDE 141

Simulation vs trace equivalence

bseqor5.1-24

T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

=

⇒

=

⇒

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

=

⇒

=

⇒

=

⇒ T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 ≃ ≃ ≃ not trace equivalent but simulation equivalent

141 / 336

SLIDE 142

Simulation vs trace equivalence

bseqor5.1-24

T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

=

⇒

=

⇒

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

=

⇒

=

⇒

=

⇒ T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 ≃ ≃ ≃ not trace equivalent but simulation equivalent ≃ ≃ ≃ trace equivalent not simulation equivalent

142 / 336

SLIDE 143

Simulation vs trace equivalence ← − ← − ← − incomparable T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

=

⇒

=

⇒

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

=

⇒

=

⇒

=

⇒ T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 ≃ ≃ ≃ not trace equivalent but simulation equivalent ≃ ≃ ≃ trace equivalent not simulation equivalent

143 / 336

SLIDE 144

Simulation vs. finite trace equivalence

bseqor5.1-24

T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2)

144 / 336

SLIDE 145

Simulation vs. finite trace equivalence

bseqor5.1-24

T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) while “⇐ = ⇐ = ⇐ =” does not hold

145 / 336

SLIDE 146

Simulation vs. finite trace equivalence

bseqor5.1-24

T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) T1 ≃ T2

=

⇒ Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 Traces(T1) = Traces(T2)

=

⇒ T1 ≃ T2 T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) T1 ≃ T2 = ⇒ Tracesfin(T1) = Tracesfin(T2) while “⇐ = ⇐ = ⇐ =” does not hold If T1 T1 T1, T2 T2 T2 do not have terminal states then: T1 ≃ T2 = ⇒ Traces(T1) = Traces(T2) T1 ≃ T2 = ⇒ Traces(T1) = Traces(T2) T1 ≃ T2 = ⇒ Traces(T1) = Traces(T2)

146 / 336

SLIDE 147

Summary: trace and (bi)simulation relations

bseqor5.1-28

147 / 336

SLIDE 148

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 simulation preorder T1 T2 T1 T2 T1 T2 simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

148 / 336

SLIDE 149

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) finite trace inclusion Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) simulation preorder T1 T2 T1 T2 T1 T2 simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

149 / 336

SLIDE 150

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) finite trace inclusion Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) simulation preorder T1 T2 T1 T2 T1 T2 simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 trace equivalence Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) trace inclusion Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2)

150 / 336

SLIDE 151

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) finite trace inclusion Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) simulation preorder T1 T2 T1 T2 T1 T2 simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 trace equivalence Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) trace inclusion Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) without terminal states

151 / 336

SLIDE 152

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) finite trace inclusion Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) Tracesfin(T1) ⊆ Tracesfin(T2) simulation preorder T1 T2 T1 T2 T1 T2 simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 trace equivalence Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) trace inclusion Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) without terminal states AP AP AP-determinism

152 / 336

SLIDE 153

AP-determinism

grm5.5-AP-det.tex

153 / 336

SLIDE 154

AP-determinism

grm5.5-AP-det.tex

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS.

154 / 336

SLIDE 155

AP-determinism

grm5.5-AP-det.tex

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. T T T is called AP AP AP-deterministic iff (1) for all states s s s and all subsets A A A of AP AP AP:

t ∈ S : s → t ∧ L(t) = A
1
t ∈ S : s → t ∧ L(t) = A
1
t ∈ S : s → t ∧ L(t) = A
1

155 / 336

SLIDE 156

AP-determinism

grm5.5-AP-det.tex

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. T T T is called AP AP AP-deterministic iff (1) for all states s s s and all subsets A A A of AP AP AP:

t ∈ S : s → t ∧ L(t) = A
1
t ∈ S : s → t ∧ L(t) = A
1
t ∈ S : s → t ∧ L(t) = A
1

(2) for all subsets A A A of AP AP AP:

{ s0 ∈ S0 : L(s0) = A
1
{ s0 ∈ S0 : L(s0) = A
1
{ s0 ∈ S0 : L(s0) = A
1

156 / 336

SLIDE 157

Trace relations in AP-deterministic TS

grm5.5-AP-det1.tex

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) then Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2)

157 / 336

SLIDE 158

Trace relations in AP-deterministic TS

grm5.5-AP-det1.tex

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) then Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) mainly because:

158 / 336

SLIDE 159

Trace relations in AP-deterministic TS

grm5.5-AP-det1.tex

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) then Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) mainly because:

each (finite or infinite) word σ1

σ1 σ1 over 2AP 2AP 2AP is induced by at most one path fragment starting in s1 s1 s1 or s2 s2 s2, respectively

159 / 336

SLIDE 160

Trace relations in AP-deterministic TS

grm5.5-AP-det1.tex

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) then Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) mainly because:

each (finite or infinite) word σ1

σ1 σ1 over 2AP 2AP 2AP is induced by at most one path fragment starting in s1 s1 s1 or s2 s2 s2, respectively

if σ = A0A1 . . . AiAi+1 . . . ∈ Traces(s1)

σ = A0A1 . . . AiAi+1 . . . ∈ Traces(s1) σ = A0A1 . . . AiAi+1 . . . ∈ Traces(s1) then there is no proper prefix A0A1 . . . Ai A0A1 . . . Ai A0A1 . . . Ai of σ σ σ belongs to Traces(s1) Traces(s1) Traces(s1) + + + analogous statement for s2 s2 s2

160 / 336

SLIDE 161

Correct or wrong?

grm5.5-AP-det2

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) then Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2)

161 / 336

SLIDE 162

Correct or wrong?

grm5.5-AP-det2

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) then Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) wrong.

162 / 336

SLIDE 163

Correct or wrong?

grm5.5-AP-det2

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) then Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) wrong. s1 s1 s1 s2 s2 s2

163 / 336

SLIDE 164

Correct or wrong?

grm5.5-AP-det2

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) then Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) wrong. s1 s1 s1 s2 s2 s2 Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2)

164 / 336

SLIDE 165

Correct or wrong?

grm5.5-AP-det2

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . If Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) then Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) Traces(s1) ⊆ Traces(s2) wrong. s1 s1 s1 s2 s2 s2 Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2) Tracesfin(s1) ⊆ Tracesfin(s2)

• ∈ Traces(s1) \ Traces(s2)

∈ Traces(s1) \ Traces(s2) ∈ Traces(s1) \ Traces(s2)

165 / 336

SLIDE 166

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent:

166 / 336

SLIDE 167

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence)

167 / 336

SLIDE 168

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence)

168 / 336

SLIDE 169

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence) (3) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2)

169 / 336

SLIDE 170

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence) (3) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) (4) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2)

170 / 336

SLIDE 171

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence) (3) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) (4) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) (1) = ⇒ = ⇒ = ⇒ (2): √ √ √

171 / 336

SLIDE 172

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence) (3) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) (4) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) (1) = ⇒ = ⇒ = ⇒ (2): √ √ √ (2) = ⇒ = ⇒ = ⇒ (3): ... path fragment lifting ...

172 / 336

SLIDE 173

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence) (3) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) (4) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) (1) = ⇒ = ⇒ = ⇒ (2): √ √ √ (2) = ⇒ = ⇒ = ⇒ (3): ... path fragment lifting ... (3) = ⇒ = ⇒ = ⇒ (4): just shown

173 / 336

SLIDE 174

(Bi)simulation and trace equivalence

grm5.5-AP-det3

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then the following statements are equivalent: (1) s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 (bisimulation equivalence) (2) s1 ≃T s2 s1 ≃T s2 s1 ≃T s2 (simulation equivalence) (3) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) (4) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) (1) = ⇒ = ⇒ = ⇒ (2): √ √ √ (2) = ⇒ = ⇒ = ⇒ (3): ... path fragment lifting ... (3) = ⇒ = ⇒ = ⇒ (4): just shown (4) = ⇒ = ⇒ = ⇒ (1): ...

174 / 336

SLIDE 175

Bisimulation and trace equivalence

grm5.5-AP-det4

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then: Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2

175 / 336

SLIDE 176

Bisimulation and trace equivalence

grm5.5-AP-det4

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then: Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 Proof: show that R =

(s1, s2) : Traces(s1) = Traces(s2)
R =
(s1, s2) : Traces(s1) = Traces(s2)
R =
(s1, s2) : Traces(s1) = Traces(s2)
is a bisimulation.

176 / 336

SLIDE 177

Bisimulation and trace equivalence

grm5.5-AP-det4

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then: Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 Proof: show that R =

(s1, s2) : Traces(s1) = Traces(s2)
R =
(s1, s2) : Traces(s1) = Traces(s2)
R =
(s1, s2) : Traces(s1) = Traces(s2)
is a bisimulation.

Note that if s → t s → t s → t then

177 / 336

SLIDE 178

Bisimulation and trace equivalence

grm5.5-AP-det4

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then: Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) Traces(s1) = Traces(s2) implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 Proof: show that R =

(s1, s2) : Traces(s1) = Traces(s2)
R =
(s1, s2) : Traces(s1) = Traces(s2)
R =
(s1, s2) : Traces(s1) = Traces(s2)
is a bisimulation.

Note that if s → t s → t s → t then Traces(t) =

L(t)B1B2B3 . . . ∈ (2AP)+ ∪ (2AP)ω :

L(s)L(t)B1B2B3 . . . ∈ Traces(s)

Traces(t) =
L(t)B1B2B3 . . . ∈ (2AP)+ ∪ (2AP)ω :

L(s)L(t)B1B2B3 . . . ∈ Traces(s)

Traces(t) =
L(t)B1B2B3 . . . ∈ (2AP)+ ∪ (2AP)ω :

L(s)L(t)B1B2B3 . . . ∈ Traces(s)

178 / 336

SLIDE 179

Bisimulation & finite trace equivalence

grm5.5-AP-det5

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then: Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2

179 / 336

SLIDE 180

Bisimulation & finite trace equivalence

grm5.5-AP-det5

Let T T T be AP AP AP-deterministic and s1 s1 s1, s2 s2 s2 states in T T T . Then: Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) Tracesfin(s1) = Tracesfin(s2) implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 Proof: show that R =

(s1, s2) : Tracesfin(s1) = Tracesfin(s2)
R =
(s1, s2) : Tracesfin(s1) = Tracesfin(s2)
R =
(s1, s2) : Tracesfin(s1) = Tracesfin(s2)
is a bisimulation.

Note that if s → t s → t s → t then Tracesfin(t) =

L(t)B1B2 . . . Bn ∈ (2AP)+ :

L(s)L(t)B1B2 . . . Bn ∈ Tracesfin(s)

Tracesfin(t) =
L(t)B1B2 . . . Bn ∈ (2AP)+ :

L(s)L(t)B1B2 . . . Bn ∈ Tracesfin(s)

Tracesfin(t) =
L(t)B1B2 . . . Bn ∈ (2AP)+ :

L(s)L(t)B1B2 . . . Bn ∈ Tracesfin(s)

180 / 336

SLIDE 181

Trace and (bi)simulation equivalence

grm5.5-AP-bis-trace

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) trace equivalence Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

181 / 336

SLIDE 182

For AP-deterministic TS

grm5.5-AP-bis-trace

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) trace equivalence Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2

182 / 336

SLIDE 183

For AP-deterministic TS

grm5.5-AP-bis-trace

bisimulation equivalence T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 finite trace equivalence Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) Tracesfin(T1) = Tracesfin(T2) trace equivalence Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) simulation equivalence T1 ≃ T2 T1 ≃ T2 T1 ≃ T2 AP AP AP-determinism AP AP AP-determinism

183 / 336