<latexit sha1_base64="P4jUJHo6g1yopyZBD74hiv3LdI=">AIZHicjVRb9NIFD6kXEKW6l4QEhoCBalIa4JYJqVcTSF14QRaIFqanQ2D5xRpnYZjxpG6L8Cn7d/oH9EfvEmWPnRgy7juw5/ubMd75zif1Uq8w2m39fqKxcvHT5SvVq7Y9r12/cvLV6+yhLBibAwyDRifnsywy1ivHQKqvxc2pQ9n2Nn/zevtv/dIomU0n80Q5TPOnLKFYdFUhL0JfVyve2j5GKR1b1vqUqsAOD41o7TkI8zqy0WO8orfd8PcAH2826ULGySuoTsfHV2xSjtsVz63fyNeuM9t+/OxiPx38uMxgMmUD6ySkKo6KuFUln76tHVHqnhGqnOdUJRotU/mok7OfqXZLqHbLqSKDGJeJ0ruOqSw/r5xpiJqkMNWMhOW0Skha5STBUMZzeTmKVl0GAaZWxRGX6fzXdQqNPMubgmGEXIgydGeGuqoXqDeH7paiM4bWHNqa8Z5vFikJacWGV9/yGtNWkMq/dJQYZbt9FYgjNMJZO0Yhwvz9+XWerPR5EsG15hrENxHSrlTa0IYQEAhAHxBisGRrkJDR7xg8aEJK2AmMCDNkKd5HGEONzg7IC8lDEtqjZ0RvxwUa07vjzPh0QFE03YZOCnhc+IRkdxjNVxdfzPn+KsaIuZ3GIa1+wdkn1EKX0P86N/H8v+dcTpYUvuRcFOlMGXFZBgsZdWjV9G5Jv3sOyRPJCumUISsgTBOaIy6GoTWvq8u8y3W7Idk/S4Xd6oH3zj+xGeCaVp9ZjIUzeU9YE15rhLqdCal96yI7mrv8op4x50yhJ3Rvu0zBhzqOMyGsLXrH3K9gj1OmVFNdV8gnj+l28Xo8BYJ3cIFdMCKpFm7f5767majRvfyLaT+cVjPjPFz9keJ70IAW2f1p5IwrH5Bnh+5FBX3OVdHq5n6Zz2lxWZ7R0/VYsJ3MacgonoB97lfM/RAcyXkgc7jpzKvfWMoI4ZS7O2SdlnuC8Iw8M54ZzTmNWK/intf5H6JoR9NOxJ0dwgPKuUkdmuXsVM9nmnKlU45mp3WY/OeQJ6oLQtyd6SB7vtaLyvO6WZ7dfM4Rzum5B4/o7dFvlEw8c0SyJUlZyioM+yZFrfMTuSJTeM5mpgbuW+f9/GVbNo62G97zxvMP2+uv3xRfvSrcg4ewQfPyAl7DWziAQwgq/6Ilc2Vp1f+qV6rlXv5K6VC8WZNVi4qvd/AB3w9Tw=</latexit> Model Equivalence Abstraction and Simulation 3 COMP 1 5 9 3 Algorithmic Verification Simulation and Bisimulation Dr. Liam O’Connor CSE, UNSW (for now) Term 1 2020 1
Model Equivalence Abstraction and Simulation Model Equivalence Let A and B be Kripke structures. Question When does A | = ϕ ⇔ B | = ϕ for all LTL formulae ϕ ? When A and B have the same behaviours. Why? Liam: prove it on the board This is called infinite completed trace equivalence . 2
Model Equivalence Abstraction and Simulation Limitations of Traces tea paid coffee paid ∅ ∅ paid tea coffee Traces cannot distinguish these two models! 3
Model Equivalence Abstraction and Simulation Model Equivalence Question When does A | = ϕ ⇔ B | = ϕ for all CTL formulae ϕ ? hmm... Is it (only) when A = B ( graph isomorphism )? a a a Nope! 4
Model Equivalence Abstraction and Simulation Tree Equivalence? Is it when the two automata have the same computation tree? b a a b b Also no! 5
Model Equivalence Abstraction and Simulation Bisimulations Definition A (strong) bisimulation between two automata A and B is defined as a relation R ⊆ Q A × Q B which satisfies: If s R t then L A ( s ) = L B ( t ) → s ′ (with a ∈ Σ A , s ′ ∈ Q A ) then there exists a a If s R t and s − t ′ ∈ Q B such that t → t ′ and s ′ R t ′ . a − → t ′ (with a ∈ Σ B , t ′ ∈ Q B ) then there exists a a If s R t and t − s ′ ∈ Q A such that s → s ′ and s ′ R t ′ . a − Two automata are bisimulation equivalent or bisimilar iff there exists a bisimulation between their initial states. Let’s find bisimulations for the previous examples. Result For two finitely-branching automata A and B , A | = ϕ ⇔ B | = ϕ for all CTL formulae ϕ iff they are bisimilar . 6
Model Equivalence Abstraction and Simulation Simulation green yellow red red ¬ red Are these bisimilar? No, but one simulates the other. 7
Model Equivalence Abstraction and Simulation Simulation Relations Definition A simulation of an automaton C by an automaton A is defined as a relation S ⊆ Q C × Q A which satisfies: If s S t then L C ( s ) ∩ L A = L A ( t ) → s ′ (with a ∈ Σ C , s ′ ∈ Q C ) then there exists a a If s S t and s − t ′ ∈ Q A such that t → t ′ and s ′ R t ′ . a − The automaton A is an abstraction of the concrete automaton C iff a A simulates C . This is sometimes written A ⊑ C . Abstraction and Traces If A ⊑ C , then every trace of C restricted to L A is a trace of A . σ 1 σ 2 σ 3 · · · ∈ Traces( C ) ⇒ ( σ 1 ∩ L A )( σ 2 ∩ L A )( σ 3 ∩ L A ) · · · ∈ Traces( A ) 8
Model Equivalence Abstraction and Simulation Essential Property of Simulations Let A be a simulation relation, showing that X ⊑ Y . Then for every run ρ 1 ρ 2 ρ 3 · · · ∈ Y is a run of X by applying the simulation relation as an abstraction mapping : A ( ρ 1 ) A ( ρ 2 ) A ( ρ 3 ) · · · ∈ X • • • • • • • • • • • 9
Model Equivalence Abstraction and Simulation Comparing Automata green yellow red red ¬ red red ¬ red What are the simulations between these? 10
Model Equivalence Abstraction and Simulation Reducing State Space We want abstraction to shrink the state space for model checking. To do this, we need a guarantee that any property we prove about an abstraction applies just as well to the concrete model. Universal Properties Given A ⊑ C , which ϕ satisfy A | = ϕ ⇒ C | = ϕ ? green yellow red red ¬ red AG AF ¬ red? Works! ¬ AG AF red? Doesn’t work! 11
Model Equivalence Abstraction and Simulation Universal CTL Negation Normal Form ϕ is in negation normal form (NNF), written ˆ ϕ , if all negations are applied only to atomic props. All formulae have a NNF equivalent. ACTL ϕ is a formula in ACTL, the Universal CTL , iff its negation normal form , ˆ ϕ , does not contain E . Example AG p AG AF p EF p — Nope! 12
Model Equivalence Abstraction and Simulation Negation Normal Form ¬ AF ϕ ≡ EG ¬ ϕ ¬ EF ϕ ≡ AG ¬ ϕ ¬ AG ϕ ≡ EF ¬ ϕ ¬ EG ϕ ≡ AF ¬ ϕ ¬ AX ϕ ≡ EX ¬ ϕ ¬ EX ϕ ≡ AX ¬ ϕ ¬ E ( ϕ U ψ ) ≡ A ( ¬ ϕ R ¬ ψ ) ¬ A ( ϕ U ψ ) ≡ E ( ¬ ϕ R ¬ ψ ) Release Operator The temporal operator ϕ R ψ says that ψ will not become false unless ϕ happens first. σ | = ϕ R ψ ⇔ ∀ n ≥ 0 . ( ∀ 0 ≤ k < n . σ | k �| = ϕ ) ⇒ σ | n | = ψ A and E variants in CTL follow the usual pattern. 13
Model Equivalence Abstraction and Simulation Bisimulation and simulation Suppose that A ⊑ B and B ⊑ A . Does that mean A is bisimilar to B ? a c b a c b b Nope! This is another equivalence called simulation equivalence . Because of the abstraction result, ACTL is the logic that characterises simulation equivalence. 14
Model Equivalence Abstraction and Simulation The Linear-time Branching-time Spectrum Coarseness of Equivalences Graph isomorphism is finer (distinguishes more models) in than bisimilarity. Bisimilarity is finer than simulation equivalence. Bisimilarity is finer that completed infinite trace equivalence. Partial trace equivalence (sets of finite-length traces) is coarser than all of the above. There are many, many more equivalences. Rob van Glabbeek categorised all of these equivalences and more into the linear-time branching-time spectrum , which is a major focus of his course at this university, COMP6752. 15
Model Equivalence Abstraction and Simulation Bibliography Baier/Katoen, Sections 7.1 (parts), 7.2 (parts), 7.4, 7.5, 7,6, 7.7 Rob van Glabbeek, The Linear-Time Branching-Time Spectrum I, Handbook of Process Algebra p. 3-99, Elsevier. Rob van Glabbeek, COMP6752 course notes. 16
Recommend
More recommend