Logical Characterisations of Probabilistic Bisimilarity Yuxin Deng - PowerPoint PPT Presentation

Logical Characterisations of Probabilistic Bisimilarity Yuxin Deng East China Normal University (Based on joint work with Hengyang Wu and Yuan Feng) IFIP Working Group 2.2 meeting, Bordeaux, September 18, 2017 1

Preliminaries 2

Labelled transition systems Def. A labelled transition system (LTS) is a triple ⟨ S, Act , →⟩ , where 1. S is a set of states 2. Act is a set of actions 3. → ⊆ S × Act × S is the transition relation → s ′ for ( s, α , s ′ ) ∈ → . α Write s − 3

Bisimulation a s ′ − → s R R a t ′ − → t s and t are bisimilar if there exists a bisimulation R with s R t . 4

Probabilistic labelled transition systems Def. A probabilistic labelled transition system (pLTS) is a triple ⟨ S, Act , →⟩ , where 1. S is a set of states 2. Act is a set of actions 3. → ⊆ S × Act × D ( S ). α − → ∆ in place of ( s, α , ∆ ) ∈ → . We usually write s 5

Example s t a a s 1 1 1 2 2 b t 1 t 2 1 1 b b 2 2 s 2 s 3 t 3 t 4 c c d d s 4 t 5 6

Probabilistic Bisimulation a − → s ∆ R † R a − → t Θ Write ∼ for probabilistic bisimilarity. 7

Lifting relations Def. Let S, T be two countable sets and R ⊆ S × T be a binary relation. The lifted relation R † ⊆ D ( S ) × D ( T ) is the smallest relation satisfying 1. s R t implies s R † t 2. ∆ i R † Θ i for all i ∈ I implies ( � i ∈ I p i · ∆ i ) R † ( � i ∈ I p i · Θ i ) There are alternative formulations; related to the Kantorovich metric and the network flow problem. See e.g. http://www.springer.com/978-3-662-45197-7 8

The first modal characterisation 9

The logic L 1 The language L 1 of formulas: ϕ ::= ⊤ | ϕ 1 ∧ ϕ 2 | ⟨ a ⟩ p ϕ . where p is rational number in [0 , 1]. 10

Semantics = ⊤ always; • s | = ϕ 1 ∧ ϕ 2 , if s | • s | = ϕ 1 and s | = ϕ 2 ; a • s | = ⟨ a ⟩ p ϕ i ff s − → ∆ and ∆ ([ [ ϕ ] ]) ≥ p , where [ [ ϕ ] ] = { s ∈ S | s | = ϕ } . = ϕ ⇔ t | = ϕ for all ϕ ∈ L 1 . Logical equivalence: s = 1 t if s | 11

Modal characterisation Modal characterisation ( s ∼ t i ff s = 1 t ) for the continuous case given by [Desharnais et al. Inf. Comput. 2003], using the machinery of analytic spaces. 12

The π - λ theorem Let P be a family of subsets of a set X . P is a π -class if it is closed under finite intersection; P is a λ -class if it is closed under complementations and countable disjoint unions. Thm. If P is a π -class, then σ ( P ) is the smallest λ -class containing P , where σ ( P ) is a σ -algebra containing P . 13

An application of the π - λ theorem Prop. Let A 0 = { [ [ ϕ ] ] | ϕ ∈ L} . For any ∆ , Θ ∈ D ( S ), if ∆ ( A ) = Θ ( A ) for any A ∈ A 0 , then ∆ ( B ) = Θ ( B ) for any B ∈ σ ( A 0 ). 14

Soundness and completeness of the logic Lem. Given the logic L , and let ( S, A, − → ) be a reactive pLTS with countably many states. Then for any two states s, t ∈ S , s ∼ t i ff s = 1 t . Proof. Use the π - λ theorem. See [Deng and Wu. ICFEM 2014]. 15

The second modal characterisation 16

The logic L 2 The language L 2 of formulas: ⊤ | ϕ 1 ∧ ϕ 2 | ⟨ a ⟩ ϕ . ϕ ::= Modal characterisation for the continuous case given by [van Breugel et al. TCS 2005], using the machinery of probabilistic powerdomains and Banach algebra. We will see the discrete case can be much simplified. 17

Semantics Pr ( s, ⊤ ) = 1 ⎧ a � t ∈⌈ ∆ ⌉ ∆ ( t ) · Pr ( t, ϕ ) if s − → ∆ ⎨ Pr ( s, ⟨ a ⟩ ϕ ) = 0 otherwise. ⎩ Pr ( s, ϕ 1 ∧ ϕ 2 ) = Pr ( s, ϕ 1 ) · Pr ( s, ϕ 2 ) Logical equivalence: s = 2 t if Pr ( s, ϕ ) = Pr ( t, ϕ ) for all ϕ ∈ L 2 . 18

Soundness Thm. If s ∼ t then s = 2 t . Proof. Easy by structural induction. 19

Completeness Thm. For finite-state reactive pLTSs, if s = 2 t then s ∼ t . Proof. • Observe that = 2 is an equivalence relation. • Let C 1 , C 2 , ..., C n be all the equivalence classes. • Write Pr ( C i , ϕ ) for Pr ( s ij, ϕ ), where s ij ∈ C i and ϕ ∈ L 2 . • For any i ̸ = j , let ϕ ij be a distinguishing formula with Pr ( C i , ϕ ij ) ̸ = Pr ( C j , ϕ ij ). 20

Key lemma Lem. For any I ⊆ { 1 , · · · , n } with I ̸ = ∅ , there exist a nonempty I ′ ⊆ I and an enhanced formula ϕ such that (i) for any i ∈ I , i ∈ I ′ i ff Pr ( C i , ϕ ) > 0; (ii) for any i ̸ = j ∈ I ′ , Pr ( C i , ϕ ) ̸ = Pr ( C j , ϕ ). 21

Algorithm for computing enhanced formulas input : A nonempty subset I of { 1 , · · · , n } with the distinguishing formula ϕ ij for all i ̸ = j . output : A nonempty I ′ ⊆ I and an enhanced formula ϕ satisfying (i) and (ii) in the key lemma. begin I pass ← ∅ ; I rem ← { ( i, j ) ∈ I × I : i < j } ; I ′ ← I ; ϕ ← ⊤ ; while I rem ̸ = ∅ do Choose arbitrarily ( i, j ) ∈ I rem ; I ′ ← { k ∈ I ′ : P r ( Ck, ϕ ij ) > 0 } ; I dis ← { ( k, l ) ∈ I rem ∩ I ′ × I ′ : P r ( Ck, ϕ ij ) ̸ = P r ( Cl, ϕ ij ) } ; I rem ← ( I rem ∩ I ′ × I ′ ) \I dis ; I pass ← ( I pass ∩ I ′ × I ′ ) ∪ I dis ; ϕ ← ϕ ∧ ϕ ij ; I tem ← ∅ ; I ← I pass ; while I ̸ = ∅ do I ← { ( k, l ) ∈ I pass \I tem : P r ( Ck, ϕ ) = P r ( Cl, ϕ ) } ; if I ̸ = ∅ then ϕ ← ϕ ∧ ϕ ij ; I tem ← I tem ∪ I ; end end end return I ′ , ϕ ; end 22

Correctness of the algorithm The algorithm has recently been formalized in Coq. Correctness proof relies on four invariants of the outer loop: (a) I ′ ̸ = ∅ ; i ∈ I ′ i ff Pr ( C i , t ) > 0 ; (b) for any i ∈ I , (c) I pass ∪ I rem = { ( i, j ) ∈ I ′ × I ′ : i < j } ; (d) for any ( i, j ) ∈ I pass , Pr ( C i , t ) ̸ = Pr ( C j , t ). Non-trivial proofs at all, with about 1500 lines of Coq code used. 23

Completeness proof a a − → ∆ has to be matched by t − → Θ . It • Suppose s = 2 t . A transition s remains to show ∆ (= 2 ) † Θ . • It su ffi ces to show ∆ ( C i ) = Θ ( C i ) for all equivalence classes C i with i ∈ I . • By induction on | I | . The case | I | = 1 trivial. • Let ϕ be any formula. � 0 = Pr ( s, ⟨ a ⟩ ϕ ) − Pr ( t, ⟨ a ⟩ ϕ ) = Pr ( C i , ϕ ) · ( ∆ ( C i ) − Θ ( C i )) i ∈ I • The key lemma gives some I ′ ⊆ I and enhanced formula ϕ 0 . Let a i = Pr ( C i , ϕ 0 ) and x i = ∆ ( C i ) − Θ ( C i ). • Then a 1 x 1 + a 2 x 2 + · · · + a n x n = 0, where I ′ = { 1 , ..., n } . 24

• Any formula ∧ m ϕ 0 gives the equation a m 1 x 1 + a m 2 x 2 + · · · + a m n x n = 0. • a 1 x 1 + a 2 x 2 + · · · + a n x n = 0 a 2 1 x 1 + a 2 2 x 2 + · · · + a 2 n x n = 0 . . . a n 1 x 1 + a n 2 x 2 + · · · + a n n x n = 0 • Modify the coe ffi cient matrix to get ⎡ ⎤ 1 1 1 · · · 1 ⎢ ⎥ · · · a 1 a 2 a 3 a n ⎢ ⎥ ⎢ ⎥ ⎢ a 2 a 2 a 2 a 2 ⎥ · · · ⎢ 1 2 3 n ⎥ ⎢ ⎥ . . . . ... . . . . ⎢ ⎥ . . . . ⎢ ⎥ ⎣ ⎦ a n − 1 a n − 1 a n − 1 a n − 1 · · · 1 2 3 n 25

— the transpose of a Vandermonde matrix. • x i = 0, i.e., ∆ ( C i ) = Θ ( C i ) for all i ∈ I ′ . • � i ∈ I \ I ′ Pr ( C i , ϕ ) · ( ∆ ( C i ) − Θ ( C i )) = 0 • | I \ I ′ | < | I | and by induction we get ∆ ( C i ) = Θ ( C i ) for all i ∈ I \ I ′ . • ∆ (= 2 ) † Θ as required. 26

Summary Two logical characterisation of probabilistic bisimilarity for countable and finite-state reactive processes, respectively, with much simpler proofs than those of Desharnais et al. and van Breugel et al. 27

Thank you! 28