[PPT] - Overview overview7.4 Introduction Modelling parallel systems PowerPoint Presentation

SLIDE 1

Overview

verview7.4

Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the bisimulation quotient abstraction stutter steps ← − ← − ← − simulation relations

1 / 444

SLIDE 2

Classification of implementation relations

stutter5.4-cl

2 / 444

SLIDE 3

Classification of implementation relations

stutter5.4-cl

linear vs. branching time

∗ ∗ ∗ linear time: trace relations ∗ ∗ ∗ branching time: (bi)simulation relations

(nonsymmetric) preorders vs. equivalences:

∗ ∗ ∗ preorders: trace inclusion, simulation ∗ ∗ ∗ equivalences: trace equivalence, bisimulation

strong vs. weak relations

∗ ∗ ∗ strong: reasoning about all transitions ∗ ∗ ∗ weak: abstraction from stutter steps

3 / 444

SLIDE 4

Classification of implementation relations

stutter5.4-cl

linear vs. branching time

∗ ∗ ∗ linear time: trace relations ∗ ∗ ∗ branching time: (bi)simulation relations

(nonsymmetric) preorders vs. equivalences:

∗ ∗ ∗ preorders: trace inclusion, simulation ∗ ∗ ∗ equivalences: trace equivalence, bisimulation

strong vs. weak relations

∗ ∗ ∗ strong: reasoning about all transitions ∗ ∗ ∗ weak: abstraction from stutter steps

4 / 444

SLIDE 5

Classification of implementation relations

stutter5.4-cl

linear vs. branching time

∗ ∗ ∗ linear time: trace relations ∗ ∗ ∗ branching time: (bi)simulation relations

(nonsymmetric) preorders vs. equivalences:

∗ ∗ ∗ preorders: trace inclusion, simulation ∗ ∗ ∗ equivalences: trace equivalence, bisimulation

strong vs. weak relations

∗ ∗ ∗ strong: reasoning about all transitions ∗ ∗ ∗ weak: abstraction from stutter steps

5 / 444

SLIDE 6

Design by stepwise refinement

stutter5.4-1

specification 



abstract model

TS T1 T1 T1 



refinement

TS T2 T2 T2

6 / 444

SLIDE 7

Design by stepwise refinement

stutter5.4-1

specification 



abstract model

TS T1 T1 T1 ← − ← − ← − transition s1 α − → t1 s1 α − → t1 s1 α − → t1 



refinement

TS T2 T2 T2

7 / 444

SLIDE 8

Design by stepwise refinement

stutter5.4-1

specification 



abstract model

TS T1 T1 T1 ← − ← − ← − transition s1 α − → t1 s1 α − → t1 s1 α − → t1 



refinement

TS T2 T2 T2 ← − ← − ← − execution fragment s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2

8 / 444

SLIDE 9

Design by stepwise refinement

stutter5.4-1

specification 



abstract model

TS T1 T1 T1 ← − ← − ← − transition s1 α − → t1 s1 α − → t1 s1 α − → t1 



refinement

TS T2 T2 T2 ← − ← − ← − execution fragment s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 internal computation prior to the execution of action α α α

access on auxiliary variables of T2

T2 T2

no access on variables of T1

T1 T1

9 / 444

SLIDE 10

Design by stepwise refinement

stutter5.4-1

AP AP AP specification ⊆ ⊆ ⊆ 



AP1

AP1 AP1 abstract model TS T1 T1 T1 ← − ← − ← − transition s1 α − → t1 s1 α − → t1 s1 α − → t1 ⊆ ⊆ ⊆ 



AP2

AP2 AP2 refinement TS T2 T2 T2 ← − ← − ← − execution fragment s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 internal computation prior to the execution of action α α α

access on auxiliary variables of T2

T2 T2

no access on variables of T1

T1 T1

10 / 444

SLIDE 11

Design by stepwise refinement

stutter5.4-1

AP AP AP specification ⊆ ⊆ ⊆ 



AP1

AP1 AP1 abstract model TS T1 T1 T1 ← − ← − ← − transition s1 α − → t1 s1 α − → t1 s1 α − → t1 ⊆ ⊆ ⊆ 



AP2

AP2 AP2 refinement TS T2 T2 T2 ← − ← − ← − execution fragment s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 s2→u1→. . .→un α → t2 internal computation prior to the execution of action α α α

access on auxiliary variables of T2

T2 T2

no access on variables of T1

T1 T1 s2→u1→. . .→un s2→u1→. . .→un s2→u1→. . .→un: stutter steps w.r.t. AP1 AP1 AP1 (or AP AP AP)

11 / 444

SLIDE 12

Mututal exclusion (with arbiter)

stutter5.4-2

noncriti noncriti noncriti criti criti criti release request abstract representation for process Pi Pi Pi

12 / 444

SLIDE 13

Mututal exclusion (with arbiter)

stutter5.4-2

noncriti noncriti noncriti criti criti criti release request abstract representation for process Pi Pi Pi refined representation for process Pi Pi Pi n0 n0 n0 n1 n1 n1 n2 n2 n2 n3 n3 n3 n4 n4 n4 criti,1 criti,1 criti,1 criti,2 criti,2 criti,2 criti,3 criti,3 criti,3 request request release

13 / 444

SLIDE 14

Example: abstraction from stutter steps

stutter5.4-3

process P P P LOOP FOREVER x := y x := y x := y MOD 3 3 3 y := (x + y) y := (x + y) y := (x + y) MOD 3 3 3 z := (2y − x) z := (2y − x) z := (2y − x) DIV 3 3 3 END LOOP

14 / 444

SLIDE 15

Example: abstraction from stutter steps

stutter5.4-3

process P P P

transition system TP

TP TP ℓ0 ℓ0 ℓ0 LOOP FOREVER ℓ1 ℓ1 ℓ1 x := y x := y x := y MOD 3 3 3 ℓ2 ℓ2 ℓ2 y := (x + y) y := (x + y) y := (x + y) MOD 3 3 3 ℓ3 ℓ3 ℓ3 z := (2y − x) z := (2y − x) z := (2y − x) DIV 3 3 3 ℓ4 ℓ4 ℓ4 END LOOP

15 / 444

SLIDE 16

Example: abstraction from stutter steps

stutter5.4-3

process P P P

transition system TP

TP TP ℓ0 ℓ0 ℓ0 LOOP FOREVER ℓ1 ℓ1 ℓ1 x := y x := y x := y MOD 3 3 3 ℓ2 ℓ2 ℓ2 y := (x + y) y := (x + y) y := (x + y) MOD 3 3 3 ℓ3 ℓ3 ℓ3 z := (2y − x) z := (2y − x) z := (2y − x) DIV 3 3 3 ℓ4 ℓ4 ℓ4 END LOOP CTL* property: does TP | = ∀♦(z = 1) TP | = ∀♦(z = 1) TP | = ∀♦(z = 1) hold ?

16 / 444

SLIDE 17

Example: abstraction from stutter steps

stutter5.4-3

process P P P

transition system TP

TP TP over AP = Eval(z) AP = Eval(z) AP = Eval(z) ℓ0 ℓ0 ℓ0 LOOP FOREVER ℓ1 ℓ1 ℓ1 x := y x := y x := y MOD 3 3 3 ℓ2 ℓ2 ℓ2 y := (x + y) y := (x + y) y := (x + y) MOD 3 3 3 ℓ3 ℓ3 ℓ3 z := (2y − x) z := (2y − x) z := (2y − x) DIV 3 3 3 ℓ4 ℓ4 ℓ4 END LOOP CTL* property: does TP | = ∀♦(z = 1) TP | = ∀♦(z = 1) TP | = ∀♦(z = 1) hold ?

17 / 444

SLIDE 18

Example: abstraction from stutter steps

stutter5.4-3

process P P P

transition system TP

TP TP over AP = Eval(z) AP = Eval(z) AP = Eval(z) ℓ0 ℓ0 ℓ0 LOOP FOREVER ℓ1 ℓ1 ℓ1 x := y x := y x := y MOD 3 3 3 ← − ← − ← − stutter step ℓ2 ℓ2 ℓ2 y := (x + y) y := (x + y) y := (x + y) MOD 3 3 3 ← − ← − ← − stutter step ℓ3 ℓ3 ℓ3 z := (2y − x) z := (2y − x) z := (2y − x) DIV 3 3 3 ← − ← − ← − visible action ℓ4 ℓ4 ℓ4 END LOOP CTL* property: does TP | = ∀♦(z = 1) TP | = ∀♦(z = 1) TP | = ∀♦(z = 1) hold ?

18 / 444

SLIDE 19

Transition system for process P P P

stutter5.4-4

ℓ1 x=2 y=4 ℓ1 x=2 y=4 ℓ1 x=2 y=4 z=3 z=3 z=3 ℓ2 x=1 y=4 ℓ2 x=1 y=4 ℓ2 x=1 y=4 z=3 z=3 z=3 ℓ3 x=1 y=2 ℓ3 x=1 y=2 ℓ3 x=1 y=2 z=3 z=3 z=3 ℓ1 x=1 y=2 ℓ1 x=1 y=2 ℓ1 x=1 y=2 z=1 z=1 z=1 ℓ2 x=2 y=2 ℓ2 x=2 y=2 ℓ2 x=2 y=2 z=1 z=1 z=1 ℓ3 x=2 y=1 ℓ3 x=2 y=1 ℓ3 x=2 y=1 z=1 z=1 z=1 ℓ1 x=2 y=1 ℓ1 x=2 y=1 ℓ1 x=2 y=1 z=0 z=0 z=0 . . . . . . . . .

19 / 444

SLIDE 20

Analysis by abstraction from stutter steps

stutter5.4-4

ℓ1 x=2 y=4 ℓ1 x=2 y=4 ℓ1 x=2 y=4 z=3 z=3 z=3 ℓ2 x=1 y=4 ℓ2 x=1 y=4 ℓ2 x=1 y=4 z=3 z=3 z=3 ℓ3 x=1 y=2 ℓ3 x=1 y=2 ℓ3 x=1 y=2 z=3 z=3 z=3 ℓ1 x=1 y=2 ℓ1 x=1 y=2 ℓ1 x=1 y=2 z=1 z=1 z=1 ℓ2 x=2 y=2 ℓ2 x=2 y=2 ℓ2 x=2 y=2 z=1 z=1 z=1 ℓ3 x=2 y=1 ℓ3 x=2 y=1 ℓ3 x=2 y=1 z=1 z=1 z=1 ℓ1 x=2 y=1 ℓ1 x=2 y=1 ℓ1 x=2 y=1 z=0 z=0 z=0 . . . . . . . . .

20 / 444

SLIDE 21

Analysis by abstraction from stutter steps

stutter5.4-4

ℓ1 x=2 y=4 ℓ1 x=2 y=4 ℓ1 x=2 y=4 z=3 z=3 z=3 ℓ2 x=1 y=4 ℓ2 x=1 y=4 ℓ2 x=1 y=4 z=3 z=3 z=3 ℓ3 x=1 y=2 ℓ3 x=1 y=2 ℓ3 x=1 y=2 z=3 z=3 z=3 ℓ1 x=1 y=2 ℓ1 x=1 y=2 ℓ1 x=1 y=2 z=1 z=1 z=1 ℓ2 x=2 y=2 ℓ2 x=2 y=2 ℓ2 x=2 y=2 z=1 z=1 z=1 ℓ3 x=2 y=1 ℓ3 x=2 y=1 ℓ3 x=2 y=1 z=1 z=1 z=1 ℓ1 x=2 y=1 ℓ1 x=2 y=1 ℓ1 x=2 y=1 z=0 z=0 z=0 . . . . . . . . . simplified TS representation z=3 z=3 z=3 z=1 z=1 z=1 z=0 z=0 z=0 . . . . . . . . .

21 / 444

SLIDE 22

Overview

verview7.4-stutter-trace

Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic (CTL) Equivalences and Abstraction bisimulation, CTL/CTL*-equivalence computing the bisimulation quotient abstraction stutter steps stutter LT relations ← − ← − ← − stutter bisimulation simulation relations

22 / 444

SLIDE 23

Remind: trace relations

stutter5.4-5-remind

23 / 444

SLIDE 24

Remind: trace relations

stutter5.4-5-remind

trace equivalence for paths π1 π1 π1, π2 π2 π2 are trace equivalent iff trace(π1) = trace(π2) trace(π1) = trace(π2) trace(π1) = trace(π2)

24 / 444

SLIDE 25

Remind: trace relations

stutter5.4-5-remind

trace equivalence for paths π1 π1 π1, π2 π2 π2 are trace equivalent iff trace(π1) = trace(π2) trace(π1) = trace(π2) trace(π1) = trace(π2) trace inclusion for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) s.t. π1 π1 π1, π2 π2 π2 are trace equivalent

25 / 444

SLIDE 26

Remind: trace relations

stutter5.4-5-remind

trace equivalence for paths π1 π1 π1, π2 π2 π2 are trace equivalent iff trace(π1) = trace(π2) trace(π1) = trace(π2) trace(π1) = trace(π2) trace inclusion for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) s.t. π1 π1 π1, π2 π2 π2 are trace equivalent trace equivalence for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∧ ∧ ∧ Traces(T2) ⊆ Traces(T1) Traces(T2) ⊆ Traces(T1) Traces(T2) ⊆ Traces(T1)

26 / 444

SLIDE 27

Remind: trace relations

stutter5.4-5-remind

trace equivalence for paths π1 π1 π1, π2 π2 π2 are trace equivalent iff trace(π1) = trace(π2) trace(π1) = trace(π2) trace(π1) = trace(π2) trace inclusion for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) s.t. π1 π1 π1, π2 π2 π2 are trace equivalent trace equivalence for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∧ ∧ ∧ Traces(T2) ⊆ Traces(T1) Traces(T2) ⊆ Traces(T1) Traces(T2) ⊆ Traces(T1) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) iff for each LT property E E E: T2 | = E T2 | = E T2 | = E implies T1 | = E T1 | = E T1 | = E

27 / 444

SLIDE 28

Remind: trace relations

stutter5.4-5-remind

trace equivalence for paths π1 π1 π1, π2 π2 π2 are trace equivalent iff trace(π1) = trace(π2) trace(π1) = trace(π2) trace(π1) = trace(π2) trace inclusion for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∀π1 ∈ Traces(T1) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) ∃π2 ∈ Traces(T2) s.t. π1 π1 π1, π2 π2 π2 are trace equivalent trace equivalence for TS: Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) ∧ ∧ ∧ Traces(T2) ⊆ Traces(T1) Traces(T2) ⊆ Traces(T1) Traces(T2) ⊆ Traces(T1) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) iff for each LT property E E E: T2 | = E T2 | = E T2 | = E implies T1 | = E T1 | = E T1 | = E





trace equivalent TS satisfy the same LTL formulas

28 / 444

SLIDE 29

Stutter equivalence for paths

stutter5.4-stutter-equiv-paths 29 / 444

SLIDE 30

Stutter equivalence for paths

stutter5.4-stutter-equiv-paths

stutter equivalence for infinite path fragments:

30 / 444

SLIDE 31

Stutter equivalence for paths

stutter5.4-stutter-equiv-paths

stutter equivalence for infinite path fragments: π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. the

traces of π1 π1 π1 and π2 π2 π2 are of the form A0 . . . A0 A1 . . . A1 A2 . . . A2. . . A0 . . . A0 A1 . . . A1 A2 . . . A2. . . A0 . . . A0 A1 . . . A1 A2 . . . A2. . .

31 / 444

SLIDE 32

Stutter equivalence for paths

stutter5.4-stutter-equiv-paths

stutter equivalence for infinite path fragments: π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. the

traces of π1 π1 π1 and π2 π2 π2 are of the form An0

0 An1 1 An2 2 . . .

An0

0 An1 1 An2 2 . . .

An0

0 An1 1 An2 2 . . .

where n0, n1, n2, . . . n0, n1, n2, . . . n0, n1, n2, . . . are natural numbers ≥ 1 ≥ 1 ≥ 1

32 / 444

SLIDE 33

Stutter equivalence for paths

stutter5.4-stutter-equiv-paths

stutter equivalence for infinite path fragments: π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. the

traces of π1 π1 π1 and π2 π2 π2 are of the form A0+ A1+ A2+. . . A0+ A1+ A2+. . . A0+ A1+ A2+. . .

33 / 444

SLIDE 34

Stutter equivalence for paths

stutter5.4-stutter-equiv-paths

stutter equivalence for infinite path fragments: π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. the

traces of π1 π1 π1 and π2 π2 π2 are of the form A0+ A1+ A2+. . . A0+ A1+ A2+. . . A0+ A1+ A2+. . . stutter equivalence for finite path fragments: ˆ π1

∆

= ˆ π2 ˆ π1

∆

= ˆ π2 ˆ π1

∆

= ˆ π2 iff there exists a finite word A0 A1 A2 . . .An ∈

2AP+

A0 A1 A2 . . .An ∈

2AP+

A0 A1 A2 . . .An ∈

2AP+ s.t.

the traces of ˆ π1 ˆ π1 ˆ π1 and ˆ π2 ˆ π2 ˆ π2 are in A0+A1+A2+. . . An+ A0+A1+A2+. . . An+ A0+A1+A2+. . . An+

34 / 444

SLIDE 35

Stutter trace relations for TS

stutter5.4-5

stutter equivalence for infinite path fragments: π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. the

traces of π1 π1 π1 and π2 π2 π2 are of the form A0+ A1+ A2+. . . A0+ A1+ A2+. . . A0+ A1+ A2+. . .

35 / 444

SLIDE 36

Stutter trace relations for TS

stutter5.4-5

stutter equivalence for infinite path fragments: π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. the

traces of π1 π1 π1 and π2 π2 π2 are of the form A0+ A1+ A2+. . . A0+ A1+ A2+. . . A0+ A1+ A2+. . . stutter trace inclusion for transition systems: T1 T2 T1 T2 T1 T2 iff for all paths π1 π1 π1 of T1 T1 T1 there exists a path π2 π2 π2 of T2 T2 T2 s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2

36 / 444

SLIDE 37

Example: stutter trace inclusion

stutter5.4-5-ex

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 = ∅ = ∅ = ∅ = {a} = {a} = {a} = {b} = {b} = {b}

37 / 444

SLIDE 38

Example: stutter trace inclusion

stutter5.4-5-ex

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2

= ∅

= ∅ = ∅ = {a} = {a} = {a} = {b} = {b} = {b}

38 / 444

SLIDE 39

Example: stutter trace inclusion

stutter5.4-5-ex

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2

= ∅

= ∅ = ∅ = {a} = {a} = {a} = {b} = {b} = {b} all traces have the form (∅+{b}+{a}+)ω (∅+{b}+{a}+)ω (∅+{b}+{a}+)ω

r (∅+{b}+{a}+)∗∅ω

(∅+{b}+{a}+)∗∅ω (∅+{b}+{a}+)∗∅ω

39 / 444

SLIDE 40

Stutter trace inclusion and LTL

stutter5.4-5-LTL

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 Does stutter trace inclusion preserve LTL properties?

40 / 444

SLIDE 41

Stutter trace inclusion and LTL

stutter5.4-5-LTL

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 Does stutter trace inclusion preserve LTL properties?











 i.e., for all LTL formulas ϕ ϕ ϕ: T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ

41 / 444

SLIDE 42

Stutter trace inclusion and LTL

stutter5.4-5-LTL

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 Does stutter trace inclusion preserve LTL properties?











 i.e., for all LTL formulas ϕ ϕ ϕ: T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ answer: no

42 / 444

SLIDE 43

Stutter trace inclusion and LTL

stutter5.4-5-LTL

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 Does stutter trace inclusion preserve LTL properties?











 i.e., for all LTL formulas ϕ ϕ ϕ: T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ answer: no Example: LTL formulas of the form a a a

43 / 444

SLIDE 44

Stutter trace inclusion and LTL\

\ \

stutter5.4-5-thm

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 Let T1 T1 T1 and T2 T2 T2 are TS without terminal states and ϕ ϕ ϕ an LTL\

\ \ formula. Then:

T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ

44 / 444

SLIDE 45

Stutter trace inclusion and LTL\

\ \

stutter5.4-5-thm

T1 T2 T1 T2 T1 T2 iff ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 Let T1 T1 T1 and T2 T2 T2 are TS without terminal states and ϕ ϕ ϕ an LTL\

\ \ formula. Then:

T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ where LTL\

\ \ =

= = LTL without the next operator

45 / 444

SLIDE 46

Stutter trace equivalence

∆

=

∆

=

∆

= for TS

stutter5.4-5a

46 / 444

SLIDE 47

Stutter trace equivalence

∆

=

∆

=

∆

= for TS

stutter5.4-5a

stutter trace inclusion T1 T2 T1 T2 T1 T2 ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2

47 / 444

SLIDE 48

Stutter trace equivalence

∆

=

∆

=

∆

= for TS

stutter5.4-5a

stutter trace inclusion T1 T2 T1 T2 T1 T2 ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 stutter trace equivalence T1

∆

= T2 T1

∆

= T2 T1

∆

= T2 iff T1 T2 T1 T2 T1 T2 and T2 T1 T2 T1 T2 T1

48 / 444

SLIDE 49

Stutter trace equivalence

∆

=

∆

=

∆

= for TS

stutter5.4-5a

stutter trace inclusion T1 T2 T1 T2 T1 T2 ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 stutter trace equivalence T1

∆

= T2 T1

∆

= T2 T1

∆

= T2 iff T1 T2 T1 T2 T1 T2 and T2 T1 T2 T1 T2 T1





kernel of

, i.e.,

coarsest equivalence that refines

49 / 444

SLIDE 50

Stutter trace equivalence

∆

=

∆

=

∆

= for TS

stutter5.4-5a

stutter trace inclusion T1 T2 T1 T2 T1 T2 ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 For all LTL\

\ \ formulas ϕ

ϕ ϕ: T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ stutter trace equivalence T1

∆

= T2 T1

∆

= T2 T1

∆

= T2 iff T1 T2 T1 T2 T1 T2 and T2 T1 T2 T1 T2 T1





kernel of

, i.e.,

coarsest equivalence that refines

50 / 444

SLIDE 51

Stutter trace equivalence

∆

=

∆

=

∆

= for TS

stutter5.4-5a

stutter trace inclusion T1 T2 T1 T2 T1 T2 ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 For all LTL\

\ \ formulas ϕ

ϕ ϕ: T1 T2 T1 T2 T1 T2 ∧ ∧ ∧ T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ stutter trace equivalence T1

∆

= T2 T1

∆

= T2 T1

∆

= T2 iff T1 T2 T1 T2 T1 T2 and T2 T1 T2 T1 T2 T1 If T1

∆

= T2 T1

∆

= T2 T1

∆

= T2 then T1 T1 T1 and T2 T2 T2 are LTL\

\ \ equivalent.

51 / 444

SLIDE 52

Correct or wrong?

stutter5.4-13a

∆

=

∆

=

∆

=

52 / 444

SLIDE 53

Correct or wrong?

stutter5.4-13a

correct

∆

=

∆

=

∆

=

53 / 444

SLIDE 54

Correct or wrong?

stutter5.4-13a

correct

∆

=

∆

=

∆

= The traces of T1 T1 T1 and T2 T2 T2 have the form •+

+ +•+ + + or •ω ω ω

54 / 444

SLIDE 55

Correct or wrong?

stutter5.4-13a

correct

∆

=

∆

=

∆

= The traces of T1 T1 T1 and T2 T2 T2 have the form •+

+ +•+ + + or •ω ω ω

∆

=

∆

=

∆

=

55 / 444

SLIDE 56

Correct or wrong?

stutter5.4-13a

correct

∆

=

∆

=

∆

= The traces of T1 T1 T1 and T2 T2 T2 have the form •+

+ +•+ + + or •ω ω ω

wrong

∆

=

∆

=

∆

=

56 / 444

SLIDE 57

Correct or wrong?

stutter5.4-13a

correct

∆

=

∆

=

∆

= The traces of T1 T1 T1 and T2 T2 T2 have the form •+

+ +•+ + + or •ω ω ω

wrong

∆

=

∆

=

∆

= T1 T1 T1 has a finite trace •+

+ +•, while T2

T2 T2 has not

57 / 444

SLIDE 58

Correct or wrong?

stutter5.4-13b

If T1 T1 T1 and T2 T2 T2 are TS over AP AP AP then: T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 implies T1

∆

= T2 T1

∆

= T2 T1

∆

= T2

58 / 444

SLIDE 59

Correct or wrong?

stutter5.4-13b

If T1 T1 T1 and T2 T2 T2 are TS over AP AP AP then: T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 implies T1

∆

= T2 T1

∆

= T2 T1

∆

= T2

ր ր ր

bisimulation equivalence

տ տ տ

stutter trace equivalence

59 / 444

SLIDE 60

Correct or wrong?

stutter5.4-13b

If T1 T1 T1 and T2 T2 T2 are TS over AP AP AP then: T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 implies T1

∆

= T2 T1

∆

= T2 T1

∆

= T2

ր ր ր

bisimulation equivalence

տ տ տ

stutter trace equivalence correct

60 / 444

SLIDE 61

Correct or wrong?

stutter5.4-13b

If T1 T1 T1 and T2 T2 T2 are TS over AP AP AP then: T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 implies T1

∆

= T2 T1

∆

= T2 T1

∆

= T2

ր ր ր

bisimulation equivalence

տ տ տ

stutter trace equivalence correct, as

T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

trace equivalent paths are stutter trace equivalent

61 / 444

SLIDE 62

Correct or wrong?

stutter5.4-13b

If T1 T1 T1 and T2 T2 T2 are TS over AP AP AP then: T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 implies T1

∆

= T2 T1

∆

= T2 T1

∆

= T2

ր ր ր

bisimulation equivalence

տ տ տ

stutter trace equivalence correct, as

T1 ∼ T2

T1 ∼ T2 T1 ∼ T2 implies Traces(T1) = Traces(T2) Traces(T1) = Traces(T2) Traces(T1) = Traces(T2)

trace equivalent paths are stutter trace equivalent
bviously: Traces(T1) ⊆ Traces(T2)

Traces(T1) ⊆ Traces(T2) Traces(T1) ⊆ Traces(T2) implies T1 T2 T1 T2 T1 T2

62 / 444

SLIDE 63

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

63 / 444

SLIDE 64

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

stutter equivalence for infinite words

64 / 444

SLIDE 65

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

stutter equivalence for infinite words σ1 σ1 σ1, σ2 ∈

2APω

σ2 ∈

2APω

σ2 ∈

2APω:

65 / 444

SLIDE 66

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

stutter equivalence for infinite words σ1 σ1 σ1, σ2 ∈

2APω

σ2 ∈

2APω

σ2 ∈

2APω:

σ1

∆

= σ2 σ1

∆

= σ2 σ1

∆

= σ2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. σ1

σ1 σ1 and σ2 σ2 σ2 are in A0+A1+A2+. . . A0+A1+A2+. . . A0+A1+A2+. . .

66 / 444

SLIDE 67

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

stutter equivalence for infinite words σ1 σ1 σ1, σ2 ∈

2APω

σ2 ∈

2APω

σ2 ∈

2APω:

σ1

∆

= σ2 σ1

∆

= σ2 σ1

∆

= σ2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. σ1

σ1 σ1 and σ2 σ2 σ2 are in A0+A1+A2+. . . A0+A1+A2+. . . A0+A1+A2+. . . Let E ⊆

2APω

E ⊆

2APω

E ⊆

2APω be an LT property. E

E E is called stutter-insensitive iff for all σ1 σ1 σ1, σ2 ∈

2APω

σ2 ∈

2APω

σ2 ∈

2APω:

if σ1 ∈ E σ1 ∈ E σ1 ∈ E and σ1

∆

= σ2 σ1

∆

= σ2 σ1

∆

= σ2 then σ2 ∈ E σ2 ∈ E σ2 ∈ E

67 / 444

SLIDE 68

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

stutter equivalence for infinite words σ1 σ1 σ1, σ2 ∈

2APω

σ2 ∈

2APω

σ2 ∈

2APω:

σ1

∆

= σ2 σ1

∆

= σ2 σ1

∆

= σ2 iff there exists an infinite word A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω

A0 A1 A2 . . . ∈

2APω s.t. σ1

σ1 σ1 and σ2 σ2 σ2 are in A0+A1+A2+. . . A0+A1+A2+. . . A0+A1+A2+. . . Let E ⊆

2APω

E ⊆

2APω

E ⊆

2APω be an LT property. E

E E is called stutter-insensitive iff for all σ1 σ1 σ1, σ2 ∈

2APω

σ2 ∈

2APω

σ2 ∈

2APω:

if σ1 ∈ E σ1 ∈ E σ1 ∈ E and σ1

∆

= σ2 σ1

∆

= σ2 σ1

∆

= σ2 then σ2 ∈ E σ2 ∈ E σ2 ∈ E Example: if ϕ ϕ ϕ is an LTL\

\ \ formula then

E = Words(ϕ) E = Words(ϕ) E = Words(ϕ) is stutter-insensitive

68 / 444

SLIDE 69

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

Let T1 T1 T1, T2 T2 T2 be two TS and E E E a stutter-insensitive LT-property. Then: T1 T2 T1 T2 T1 T2 and T2 | = E T2 | = E T2 | = E implies T1 | = E T1 | = E T1 | = E

69 / 444

SLIDE 70

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

Let T1 T1 T1, T2 T2 T2 be two TS and E E E a stutter-insensitive LT-property. Then: T1 T2 T1 T2 T1 T2 and T2 | = E T2 | = E T2 | = E implies T1 | = E T1 | = E T1 | = E Let T1 T1 T1, T2 T2 T2 be two TS and ϕ ϕ ϕ an LTL\

\ \ formula.

T1 T2 T1 T2 T1 T2 and T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ

70 / 444

SLIDE 71

Stutter-insensitive LT properties

stutter5.4-st-ins-prop

Let T1 T1 T1, T2 T2 T2 be two TS and E E E a stutter-insensitive LT-property. Then: T1 T2 T1 T2 T1 T2 and T2 | = E T2 | = E T2 | = E implies T1 | = E T1 | = E T1 | = E Let T1 T1 T1, T2 T2 T2 be two TS and ϕ ϕ ϕ an LTL\

\ \ formula.

T1 T2 T1 T2 T1 T2 and T2 | = ϕ T2 | = ϕ T2 | = ϕ implies T1 | = ϕ T1 | = ϕ T1 | = ϕ remind: if ϕ ϕ ϕ is an LTL\

\ \ formula then

E = Words(ϕ) E = Words(ϕ) E = Words(ϕ) is stutter-insensitive

71 / 444

SLIDE 72

Overview

verview7.4a

Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic (CTL) Equivalences and Abstraction bisimulation, CTL/CTL*-equivalence computing the bisimulation quotient abstraction stutter steps stutter LT relations stutter bisimulation ← − ← − ← − simulation relations

72 / 444

SLIDE 73

Stutter bisimulation

stutter5.4-def-stutter-bis

73 / 444

SLIDE 74

Stutter bisimulation

stutter5.4-def-stutter-bis

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS, possibly with terminal states.

74 / 444

SLIDE 75

Stutter bisimulation

stutter5.4-def-stutter-bis

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS, possibly with terminal states. A stutter bisimulation for T T T is ....

75 / 444

SLIDE 76

Stutter bisimulation

stutter5.4-def-stutter-bis

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS, possibly with terminal states. A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t.

76 / 444

SLIDE 77

Stutter bisimulation

stutter5.4-def-stutter-bis

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS, possibly with terminal states. A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) labeling condition (2) simulation condition up to stuttering “s2 s2 s2 can mimick all transitions of of s1 s1 s1” (3) simulation condition up to stuttering “s1 s1 s1 can mimick all transitions of of s2 s2 s2”

77 / 444

SLIDE 78

Stutter bisimulation

stutter5.4-def-stutter-bis

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS, possibly with terminal states. A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) labeling condition: L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) simulation condition up to stuttering “s2 s2 s2 can mimick all transitions of of s1 s1 s1” (3) simulation condition up to stuttering “s1 s1 s1 can mimick all transitions of of s2 s2 s2”

78 / 444

SLIDE 79

Stutter bisimulation

stutter5.4-def-stutter-bis

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS, possibly with terminal states. A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) labeling condition: L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) simulation condition up to stuttering “s2 s2 s2 can mimick all transitions of of s1 s1 s1” (3) simulation condition up to stuttering “s1 s1 s1 can mimick all transitions of of s2 s2 s2”

79 / 444

SLIDE 80

Simulation condition

stutter5.4-def-stutter-bis

A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s1 s1 s1 -R R R- s2 s2 s2 s′

1

s′

1

s′

1

80 / 444

SLIDE 81

Simulation condition

stutter5.4-def-stutter-bis

A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s1 s1 s1 -R R R- s2 s2 s2 s′

1

s′

1

s′

1

with (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R

81 / 444

SLIDE 82

Simulation condition

stutter5.4-def-stutter-bis

A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s1 s1 s1 -R R R- s2 s2 s2 s′

1

s′

1

s′

1

with (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R can be completed to s1 s1 s1 -R R R- s2 s2 s2 s′

1

s′

1

s′

1

u1 u1 u1 . . . . . . . . . un un un s′

2

s′

2

s′

2

R

R R-

82 / 444

SLIDE 83

Simulation condition

stutter5.4-def-stutter-bis

A stutter bisimulation for T T T is a binary relation R R R

n S

S S s.t. for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s1 s1 s1 -R R R- s2 s2 s2 s′

1

s′

1

s′

1

with (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R can be completed to s1 s1 s1 -R R R- s2 s2 s2 s′

1

s′

1

s′

1

u1 u1 u1 . . . . . . . . . un un un s′

2

s′

2

s′

2

R

R R- s1 -R- ui s1 -R- ui s1 -R- ui

83 / 444

SLIDE 84

Stutter bisimulation for a TS

stutter5.4-stbis

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for each transition s1 → s′

1

s1 → s′

1

s1 → s′

1 with (s′ 1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R there exists a path fragment s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s.t. . . . . . . . . . (3) . . . . . . . . .

84 / 444

SLIDE 85

Stutter bisimulation for a TS

stutter5.4-stbis

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for each transition s1 → s′

1

s1 → s′

1

s1 → s′

1 with (s′ 1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R there exists a path fragment s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s.t. n ≥ 0 n ≥ 0 n ≥ 0 and (s1, ui) ∈ R (s1, ui) ∈ R (s1, ui) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n 1 ≤ i ≤ n (3) . . . . . . . . .

85 / 444

SLIDE 86

Stutter bisimulation for a TS

stutter5.4-stbis

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for each transition s1 → s′

1

s1 → s′

1

s1 → s′

1 with (s′ 1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R there exists a path fragment s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s.t. n ≥ 0 n ≥ 0 n ≥ 0 and (s1, ui) ∈ R (s1, ui) ∈ R (s1, ui) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n 1 ≤ i ≤ n (3) symmetric condition

86 / 444

SLIDE 87

Stutter bisimulation for a TS

stutter5.4-stbis

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) for each transition s1 → s′

1

s1 → s′

1

s1 → s′

1 with (s′ 1, s2) /

∈ R (s′

1, s2) /

∈ R (s′

1, s2) /

∈ R there exists a path fragment s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s2 u1 u2 . . . un s′

2

s.t. n ≥ 0 n ≥ 0 n ≥ 0 and (s1, ui) ∈ R (s1, ui) ∈ R (s1, ui) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n 1 ≤ i ≤ n (3) for each transition s2 → s′

2

s2 → s′

2

s2 → s′

2 with (s1, s′ 2) /

∈ R (s1, s′

2) /

∈ R (s1, s′

2) /

∈ R there exists a path fragment s1 v1 v2 . . . vn s′

1

s1 v1 v2 . . . vn s′

1

s1 v1 v2 . . . vn s′

1

s.t. n ≥ 0 n ≥ 0 n ≥ 0 and (vi, s2) ∈ R (vi, s2) ∈ R (vi, s2) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n 1 ≤ i ≤ n

87 / 444

SLIDE 88

Stutter bisimulation equivalence ≈T ≈T ≈T

stutter5.4-def-approx

88 / 444

SLIDE 89

Stutter bisimulation equivalence ≈T ≈T ≈T

stutter5.4-def-approx

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) labeling condition (2) and (3) mutual simulation condition

89 / 444

SLIDE 90

Stutter bisimulation equivalence ≈T ≈T ≈T

stutter5.4-def-approx

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) labeling condition (2) and (3) mutual simulation condition stutter bisimulation equivalence ≈T ≈T ≈T :

90 / 444

SLIDE 91

Stutter bisimulation equivalence ≈T ≈T ≈T

stutter5.4-def-approx

Let T T T be a transition system wih state space S S S. A stutter bisimulation for T T T is a binary relation R R R

n S

S S such that for all (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R: (1) labeling condition (2) and (3) mutual simulation condition stutter bisimulation equivalence ≈T ≈T ≈T : s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 iff there exists a stutter bisimulation R R R for T T T s.t. (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R

91 / 444

SLIDE 92

≈T ≈T ≈T is an equivalence

stutter5.4-10

92 / 444

SLIDE 93

≈T ≈T ≈T is an equivalence

stutter5.4-10

symmetry: if s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s2 ≈T s1 s2 ≈T s1 s2 ≈T s1

93 / 444

SLIDE 94

≈T ≈T ≈T is an equivalence

stutter5.4-10

symmetry: if s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s2 ≈T s1 s2 ≈T s1 s2 ≈T s1 proof: if R R R is a stutter bisimulation with (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then R−1 =

(t2, t1) : (t1, t2) ∈ R
R−1 =
(t2, t1) : (t1, t2) ∈ R
R−1 =
(t2, t1) : (t1, t2) ∈ R
is a stutter bisimulation that contains (s2, s1)

(s2, s1) (s2, s1).

94 / 444

SLIDE 95

≈T ≈T ≈T is an equivalence

stutter5.4-10

symmetry: if s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s2 ≈T s1 s2 ≈T s1 s2 ≈T s1 reflexivity: s ≈T s s ≈T s s ≈T s for all states s s s

95 / 444

SLIDE 96

≈T ≈T ≈T is an equivalence

stutter5.4-10

symmetry: if s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s2 ≈T s1 s2 ≈T s1 s2 ≈T s1 reflexivity: s ≈T s s ≈T s s ≈T s for all states s s s proof: R =

(s, s) : s ∈ S
R =
(s, s) : s ∈ S
R =
(s, s) : s ∈ S
is a stutter bisimulation

96 / 444

SLIDE 97

≈T ≈T ≈T is an equivalence

stutter5.4-10

symmetry: if s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s2 ≈T s1 s2 ≈T s1 s2 ≈T s1 reflexivity: s ≈T s s ≈T s s ≈T s for all states s s s transitivity: s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 and s2 ≈T s3 s2 ≈T s3 s2 ≈T s3 implies s1 ≈T s3 s1 ≈T s3 s1 ≈T s3

97 / 444

SLIDE 98

≈T ≈T ≈T is an equivalence

stutter5.4-10

symmetry: if s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s2 ≈T s1 s2 ≈T s1 s2 ≈T s1 reflexivity: s ≈T s s ≈T s s ≈T s for all states s s s transitivity: s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 and s2 ≈T s3 s2 ≈T s3 s2 ≈T s3 implies s1 ≈T s3 s1 ≈T s3 s1 ≈T s3 Proof: Let R1,2 R1,2 R1,2 and R2,3 R2,3 R2,3 be stutter bisimulations s.t. (s1, s2) ∈ R1,2, (s2, s3) ∈ R2,3 (s1, s2) ∈ R1,2, (s2, s3) ∈ R2,3 (s1, s2) ∈ R1,2, (s2, s3) ∈ R2,3 Show that R = R1,2 ◦ R2,3 R = R1,2 ◦ R2,3 R = R1,2 ◦ R2,3 is a stutter bisimulation.

98 / 444

SLIDE 99

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 s2 s2 s2 R2,3 R2,3 R2,3 s3 s3 s3

99 / 444

SLIDE 100

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 R1,2 R1,2 R1,2 s2 s2 s2 u1 u1 u1 . . . . . . . . . uj−1 uj−1 uj−1 uj uj uj . . . . . . . . . uk−1 uk−1 uk−1 uk uk uk . . . . . . . . . um um um s′

2

s′

2

s′

2

R2,3 R2,3 R2,3 s3 s3 s3

100 / 444

SLIDE 101

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 R1,2 R1,2 R1,2 s2 s2 s2 u1 u1 u1 . . . . . . . . . uj−1 uj−1 uj−1 uj uj uj . . . . . . . . . uk−1 uk−1 uk−1 uk uk uk . . . . . . . . . um um um s′

2

s′

2

s′

2

R2,3 R2,3 R2,3 s3 s3 s3

101 / 444

SLIDE 102

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 R1,2 R1,2 R1,2 s2 s2 s2 u1 u1 u1 . . . . . . . . . uj−1 uj−1 uj−1 uj uj uj . . . . . . . . . uk−1 uk−1 uk−1 uk uk uk . . . . . . . . . um um um s′

2

s′

2

s′

2

R2,3 R2,3 R2,3 s3 s3 s3

102 / 444

SLIDE 103

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 R1,2 R1,2 R1,2 s2 s2 s2 u1 u1 u1 . . . . . . . . . uj−1 uj−1 uj−1 uj uj uj . . . . . . . . . uk−1 uk−1 uk−1 uk uk uk . . . . . . . . . um um um s′

2

s′

2

s′

2

R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 s3 s3 s3 . . . . . . . . . vℓ−1 vℓ−1 vℓ−1 vℓ vℓ vℓ

103 / 444

SLIDE 104

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 R1,2 R1,2 R1,2 s2 s2 s2 u1 u1 u1 . . . . . . . . . uj−1 uj−1 uj−1 uj uj uj . . . . . . . . . uk−1 uk−1 uk−1 uk uk uk . . . . . . . . . um um um s′

2

s′

2

s′

2

R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 s3 s3 s3 . . . . . . . . . vℓ−1 vℓ−1 vℓ−1 vℓ vℓ vℓ . . . . . . . . . vr−1 vr−1 vr−1 vr vr vr

104 / 444

SLIDE 105

s1 s1 s1 s′

1

s′

1

s′

1

R1,2 R1,2 R1,2 R1,2 R1,2 R1,2 s2 s2 s2 u1 u1 u1 . . . . . . . . . uj−1 uj−1 uj−1 uj uj uj . . . . . . . . . uk−1 uk−1 uk−1 uk uk uk . . . . . . . . . um um um s′

2

s′

2

s′

2

R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 R2,3 s3 s3 s3 . . . . . . . . . vℓ−1 vℓ−1 vℓ−1 vℓ vℓ vℓ . . . . . . . . . vr−1 vr−1 vr−1 vr vr vr . . . . . . . . . vn vn vn s′

3

s′

3

s′

3

105 / 444

SLIDE 106

Stutter bisimulation equivalence

stutter5.4-9

≈T ≈T ≈T is an equivalence on state space S S S of T T T such that for all states s1 s1 s1, s2 s2 s2 with s1 ≈T s2 s1 ≈T s2 s1 ≈T s2: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) simulation condition up to stuttering s1 s1 s1 ≈T ≈T ≈T s2 s2 s2 s′

1

s′

1

s′

1

with s′

1 ≈T s2

s′

1 ≈T s2

s′

1 ≈T s2

s1 s1 s1 ≈T ≈T ≈T s2 s2 s2 s′

1

s′

1

s′

1

u1 u1 u1 . . . . . . . . . un un un s′

2

s′

2

s′

2

≈T ≈T ≈T can be completed to ui ≈T s2 ui ≈T s2 ui ≈T s2

106 / 444

SLIDE 107

Stutter bisimulation equivalence

stutter5.4-9

≈T ≈T ≈T is the coarsest equivalence on state space S S S of T T T such that for all states s1 s1 s1, s2 s2 s2 with s1 ≈T s2 s1 ≈T s2 s1 ≈T s2: (1) L(s1) = L(s2) L(s1) = L(s2) L(s1) = L(s2) (2) simulation condition up to stuttering s1 s1 s1 ≈T ≈T ≈T s2 s2 s2 s′

1

s′

1

s′

1

with s′

1 ≈T s2

s′

1 ≈T s2

s′

1 ≈T s2

s1 s1 s1 ≈T ≈T ≈T s2 s2 s2 s′

1

s′

1

s′

1

u1 u1 u1 . . . . . . . . . un un un s′

2

s′

2

s′

2

≈T ≈T ≈T can be completed to ui ≈T s2 ui ≈T s2 ui ≈T s2

107 / 444

SLIDE 108

Example: mutual exclusion with semaphore

stutter5.4-6

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} nc1 nc2 y=1 wait1 nc2 y=1 nc1 wait2 y=1 crit1 crit1 crit1 nc2 y=0 wait1 wait2 y=1 nc1 crit2 crit2 crit2 y=0 crit1 crit1 crit1 wait2 y=0 wait1 crit2 crit2 crit2 y=0

108 / 444

SLIDE 109

Example: mutual exclusion with semaphore

stutter5.4-6

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} nc1 nc2 y=1 wait1 nc2 y=1 nc1 wait2 y=1 crit1 crit1 crit1 nc2 y=0 wait1 wait2 y=1 nc1 crit2 crit2 crit2 y=0 crit1 crit1 crit1 wait2 y=0 wait1 crit2 crit2 crit2 y=0

109 / 444

SLIDE 110

Example: mutual exclusion with semaphore

stutter5.4-6

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} nc1 nc2 y=1 wait1 nc2 y=1 nc1 wait2 y=1 crit1 crit1 crit1 nc2 y=0 wait1 wait2 y=1 nc1 crit2 crit2 crit2 y=0 crit1 crit1 crit1 wait2 y=0 wait1 crit2 crit2 crit2 y=0 stutter bisimulation with three equivalence classes

110 / 444

SLIDE 111

Peterson algorithm

stutter5.4-7

protocol for P1 P1 P1 LOOP FOREVER noncritical section b1 := true b1 := true b1 := true; x := 2 x := 2 x := 2 AWAIT (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 critical section b1 := false b1 := false b1 := false END LOOP

111 / 444

SLIDE 112

Peterson algorithm

stutter5.4-7

protocol for P1 P1 P1 LOOP FOREVER noncritical section b1 := true b1 := true b1 := true; x := 2 x := 2 x := 2 AWAIT (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 critical section b1 := false b1 := false b1 := false END LOOP noncrit1 wait1 crit1 b1 := true b1 := true b1 := true (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 b1 := false b1 := false b1 := false x := 2 x := 2 x := 2

112 / 444

SLIDE 113

Peterson algorithm

stutter5.4-7

protocol for P1 P1 P1 LOOP FOREVER noncritical section b1 := true b1 := true b1 := true; x := 2 x := 2 x := 2 AWAIT (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 critical section b1 := false b1 := false b1 := false END LOOP protocol for P2 P2 P2 LOOP FOREVER noncritical section b2 := true b2 := true b2 := true; x := 1 x := 1 x := 1 AWAIT (x=2) ∨ ¬b1 (x=2) ∨ ¬b1 (x=2) ∨ ¬b1 critical section b2 := false b2 := false b2 := false END LOOP noncrit1 wait1 crit1 b1 := true b1 := true b1 := true (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 (x=1) ∨ ¬b2 b1 := false b1 := false b1 := false x := 2 x := 2 x := 2

113 / 444

SLIDE 114

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2}

114 / 444

SLIDE 115

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2}

115 / 444

SLIDE 116

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2}

116 / 444

SLIDE 117

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2}

117 / 444

SLIDE 118

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2}

118 / 444

SLIDE 119

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2}

119 / 444

SLIDE 120

TS for the Peterson algorithm

stutter5.4-8

n1 n1 n1 n2 n2 n2 x=1 x=1 x=1 n1 n1 n1 n2 n2 n2 x=2 x=2 x=2 w1 w1 w1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 w2 w2 w2 x=1 x=1 x=1 c1 c1 c1 n2 n2 n2 x=2 x=2 x=2 n1 n1 n1 c2 c2 c2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 w2 w2 w2 x=2 x=2 x=2 c1 c1 c1 w2 w2 w2 x=1 x=1 x=1 w1 w1 w1 c2 c2 c2 x=2 x=2 x=2 AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} 9 9 9 stutter bisimulation equivalence classes

120 / 444

SLIDE 121

Stutter bisimulation equivalence for two TS

stutter5.4-11 121 / 444

SLIDE 122

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2

122 / 444

SLIDE 123

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for T = T1 ⊎ T2 T = T1 ⊎ T2 T = T1 ⊎ T2 such that

123 / 444

SLIDE 124

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for T = T1 ⊎ T2 T = T1 ⊎ T2 T = T1 ⊎ T2 such that ∀ ∀ ∀ initial states s1 s1 s1 of T1 T1 T1 ∃ ∃ ∃ initial state s2 s2 s2 of T2 T2 T2 s.t. s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 ∀ ∀ ∀ initial states s2 s2 s2 of T2 T2 T2 ∃ ∃ ∃ initial state s1 s1 s1 of T1 T1 T1 s.t. s1 ≈T s2 s1 ≈T s2 s1 ≈T s2

124 / 444

SLIDE 125

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for (T1, T2) (T1, T2) (T1, T2)

125 / 444

SLIDE 126

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for (T1, T2) (T1, T2) (T1, T2), i.e., R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t.

126 / 444

SLIDE 127

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for (T1, T2) (T1, T2) (T1, T2), i.e., R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2)

127 / 444

SLIDE 128

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for (T1, T2) (T1, T2) (T1, T2), i.e., R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2) (2) and (3) . . . . . . . . .

128 / 444

SLIDE 129

Stutter bisimulation equivalence for two TS

stutter5.4-11

transition system T1 T1 T1 s1 s1 s1 state space S1 S1 S1 transition system T2 T2 T2 s2 s2 s2 state space S2 S2 S2 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 iff there exists a stutter bisimulation R R R for (T1, T2) (T1, T2) (T1, T2), i.e., R ⊆ S1 × S2 R ⊆ S1 × S2 R ⊆ S1 × S2 s.t. (1) if (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R then L1(s1) = L2(s2) L1(s1) = L2(s2) L1(s1) = L2(s2) (2) and (3) . . . . . . . . . (I) ∀ ∀ ∀ initial state s1 s1 s1 of T1 T1 T1 ∃ ∃ ∃ initial state s2 s2 s2 of T2 T2 T2 with (s1, s2) ∈ R (s1, s2) ∈ R (s1, s2) ∈ R, and vice versa

129 / 444

SLIDE 130

Example: door opener

stutter5.4-12

abstract model T1 T1 T1 closed

pen

alarm code wrong code AP = { AP = { AP = {closed, open, alarm} } }

130 / 444

SLIDE 131

Example: door opener with code no. 181

stutter5.4-12

abstract model T1 T1 T1 closed

pen

alarm code wrong code refinement TS T2 T2 T2

pen

alarm 1 1 1 2 2 2 = 1 = 1 = 1 1 1 1 8 8 8 1 1 1 = 8 = 8 = 8 = 1 = 1 = 1 AP = { AP = { AP = {closed, open, alarm} } }

131 / 444

SLIDE 132

Example: door opener with code no. 181

stutter5.4-12

abstract model T1 T1 T1 closed

pen

alarm code wrong code T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 refinement TS T2 T2 T2

pen

alarm 1 1 1 2 2 2 = 1 = 1 = 1 1 1 1 8 8 8 1 1 1 = 8 = 8 = 8 = 1 = 1 = 1 AP = { AP = { AP = {closed, open, alarm} } }

132 / 444

SLIDE 133

Example: door opener with code no. 181

stutter5.4-12

abstract model T1 T1 T1 closed

pen

alarm code wrong code T1 ∼ T2 T1 ∼ T2 T1 ∼ T2 abstraction from stutter steps: T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 refinement TS T2 T2 T2

pen

alarm 1 1 1 2 2 2 = 1 = 1 = 1 1 1 1 8 8 8 1 1 1 = 8 = 8 = 8 = 1 = 1 = 1 AP = { AP = { AP = {closed, open, alarm} } }

133 / 444

SLIDE 134

Correct or wrong?

stutter5.4-13

T1 ≈ T2 T1 ≈ T2 T1 ≈ T2

134 / 444

SLIDE 135

Correct or wrong?

stutter5.4-13

T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 wrong

135 / 444

SLIDE 136

Correct or wrong?

stutter5.4-13

s s s s′ s′ s′ T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 wrong T2 T2 T2 does not contain an equivalent state to s s s and s′ s′ s′

136 / 444

SLIDE 137

Correct or wrong?

stutter5.4-13

T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 wrong T1 ≈ T2 T1 ≈ T2 T1 ≈ T2

137 / 444

SLIDE 138

Correct or wrong?

stutter5.4-13

T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 wrong T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 correct

138 / 444

SLIDE 139

Correct or wrong?

stutter5.4-13

T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 wrong s1 s1 s1 t1 t1 t1 v1 v1 v1 u1 u1 u1 w1 w1 w1 T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 s2 s2 s2 v2 v2 v2 correct stutter bisimulation for (T1, T2) (T1, T2) (T1, T2):

(s1, s2), (t1, s2), (u1, s2), (w1, s2), (v1, v2)
(s1, s2), (t1, s2), (u1, s2), (w1, s2), (v1, v2)
(s1, s2), (t1, s2), (u1, s2), (w1, s2), (v1, v2)
139 / 444

SLIDE 140

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 remind: ∼T ∼T ∼T bisimulation equivalence for T T T ≈T ≈T ≈T stutter bisimulation equivalence for T T T

140 / 444

SLIDE 141

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 correct remind: ∼T ∼T ∼T bisimulation equivalence for T T T ≈T ≈T ≈T stutter bisimulation equivalence for T T T

141 / 444

SLIDE 142

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 correct as ∼T ∼T ∼T is a stutter bisimulation for T T T remind: ∼T ∼T ∼T bisimulation equivalence for T T T ≈T ≈T ≈T stutter bisimulation equivalence for T T T

142 / 444

SLIDE 143

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 correct as ∼T ∼T ∼T is a stutter bisimulation for T T T If s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s1 ∼T s2 s1 ∼T s2 s1 ∼T s2

143 / 444

SLIDE 144

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 correct as ∼T ∼T ∼T is a stutter bisimulation for T T T If s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 wrong

144 / 444

SLIDE 145

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 correct as ∼T ∼T ∼T is a stutter bisimulation for T T T If s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 wrong, e.g.: s1 s1 s1 s2 s2 s2

145 / 444

SLIDE 146

Correct or wrong?

stutter5.4-14

If s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 correct as ∼T ∼T ∼T is a stutter bisimulation for T T T If s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 then s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 wrong, e.g.: s1 s1 s1 s2 s2 s2 s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 s1 ∼T s2 s1 ∼T s2 s1 ∼T s2

146 / 444

SLIDE 147

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2

147 / 444

SLIDE 148

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct

148 / 444

SLIDE 149

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T

149 / 444

SLIDE 150

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √

150 / 444

SLIDE 151

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √ (2) Suppose s1 → s′

1

s1 → s′

1

s1 → s′

1.

151 / 444

SLIDE 152

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √ (2) Suppose s1 → s′

1

s1 → s′

1

s1 → s′

1. Then: L(s1) = L(s′

1)

L(s1) = L(s′

1)

L(s1) = L(s′

1)

152 / 444

SLIDE 153

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √ (2) Suppose s1 → s′

1

s1 → s′

1

s1 → s′

1. Then: L(s1) = L(s′

1)

L(s1) = L(s′

1)

L(s1) = L(s′

1)

= ⇒ = ⇒ = ⇒ s1 ≈T s′

1

s1 ≈T s′

1

s1 ≈T s′

1

153 / 444

SLIDE 154

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √ (2) Suppose s1 → s′

1

s1 → s′

1

s1 → s′

1. Then: L(s1) = L(s′

1)

L(s1) = L(s′

1)

L(s1) = L(s′

1)

= ⇒ = ⇒ = ⇒ s1 ≈T s′

1

s1 ≈T s′

1

s1 ≈T s′

1

= ⇒ = ⇒ = ⇒ there is a path fragment s2u1 . . . ums′

2

s2u1 . . . ums′

2

s2u1 . . . ums′

2

with m ≥ 0 m ≥ 0 m ≥ 0 and s1 ≈T ui ∧ s′

1 ≈T s′ 2

s1 ≈T ui ∧ s′

1 ≈T s′ 2

s1 ≈T ui ∧ s′

1 ≈T s′ 2

154 / 444

SLIDE 155

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √ (2) Suppose s1 → s′

1

s1 → s′

1

s1 → s′

1. Then: L(s1) = L(s′

1)

L(s1) = L(s′

1)

L(s1) = L(s′

1)

= ⇒ = ⇒ = ⇒ s1 ≈T s′

1

s1 ≈T s′

1

s1 ≈T s′

1

= ⇒ = ⇒ = ⇒ there is a path fragment s2u1 . . . ums′

2

s2u1 . . . ums′

2

s2u1 . . . ums′

2

with m ≥ 0 m ≥ 0 m ≥ 0 and s1 ≈T ui ∧ s′

1 ≈T s′ 2

s1 ≈T ui ∧ s′

1 ≈T s′ 2

s1 ≈T ui ∧ s′

1 ≈T s′ 2

= ⇒ = ⇒ = ⇒ m=0 m=0 m=0.

155 / 444

SLIDE 156

Correct or wrong?

stutter5.4-15

Let T T T be a transition system without stutter steps. Then s1 ≈T s2 s1 ≈T s2 s1 ≈T s2 implies s1 ∼T s2 s1 ∼T s2 s1 ∼T s2 correct, as ≈T ≈T ≈T is a bisimulation for T T T (1) labeling condition: √ √ √ (2) Suppose s1 → s′

1

s1 → s′

1

s1 → s′

1. Then: L(s1) = L(s′

1)

L(s1) = L(s′

1)

L(s1) = L(s′

1)

= ⇒ = ⇒ = ⇒ s1 ≈T s′

1

s1 ≈T s′

1

s1 ≈T s′

1

= ⇒ = ⇒ = ⇒ there is a path fragment s2u1 . . . ums′

2

s2u1 . . . ums′

2

s2u1 . . . ums′

2

with m ≥ 0 m ≥ 0 m ≥ 0 and s1 ≈T ui ∧ s′

1 ≈T s′ 2

s1 ≈T ui ∧ s′

1 ≈T s′ 2

s1 ≈T ui ∧ s′

1 ≈T s′ 2

= ⇒ = ⇒ = ⇒ m=0 m=0 m=0. Hence: s2 → s′

2

s2 → s′

2

s2 → s′

2 and s′ 1 ≈T s′ 2

s′

1 ≈T s′ 2

s′

1 ≈T s′ 2

156 / 444

SLIDE 157

Stutter bisimulation quotient

stutter5.4-16

157 / 444

SLIDE 158

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS.

158 / 444

SLIDE 159

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

159 / 444

SLIDE 160

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

state space: S/≈T

S/≈T S/≈T ← − ← − ← − set of stutter bisimulation equivalence classes

160 / 444

SLIDE 161

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

state space: S/≈T

S/≈T S/≈T

initial states: S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
[s] = [s]≈T =
s′ ∈ S : s ≈T s′

[s] = [s]≈T =

s′ ∈ S : s ≈T s′

[s] = [s]≈T =

s′ ∈ S : s ≈T s′

equivalence class of state s s s

161 / 444

SLIDE 162

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

state space: S/≈T

S/≈T S/≈T

initial states: S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
labeling: L′([s]) = L(s)

L′([s]) = L(s) L′([s]) = L(s) [s] = [s]≈T =

s′ ∈ S : s ≈T s′

[s] = [s]≈T =

s′ ∈ S : s ≈T s′

[s] = [s]≈T =

s′ ∈ S : s ≈T s′

equivalence class of state s s s

162 / 444

SLIDE 163

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

state space: S/≈T

S/≈T S/≈T

initial states: S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
labeling: L′([s]) = L(s)

L′([s]) = L(s) L′([s]) = L(s)

transition relation:

s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′]

163 / 444

SLIDE 164

Stutter bisimulation quotient

stutter5.4-16

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

state space: S/≈T

S/≈T S/≈T

initial states: S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
labeling: L′([s]) = L(s)

L′([s]) = L(s) L′([s]) = L(s)

transition relation:

← − ← − ← − actions irrelevant s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′]

164 / 444

SLIDE 165

Equivalence of T T T and its quotient

stutter5.4-16a

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

where S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
and L′([s]) = L(s)

L′([s]) = L(s) L′([s]) = L(s) transition relation: s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′]

165 / 444

SLIDE 166

Equivalence of T T T and its quotient

stutter5.4-16a

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

where S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
and L′([s]) = L(s)

L′([s]) = L(s) L′([s]) = L(s) transition relation: s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] T ≈ T /≈ T ≈ T /≈ T ≈ T /≈

166 / 444

SLIDE 167

Equivalence of T T T and its quotient

stutter5.4-16a

Let T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) T = (S, Act, →, S0, AP, L) be a TS. stutter bisimulation quotient of T T T : T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

T /≈ = (S/≈T , Act′, →≈, S′

0, AP, L′)

where S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
S′

0 =

[s] : s ∈ S0
and L′([s]) = L(s)

L′([s]) = L(s) L′([s]) = L(s) transition relation: s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] s → s′ ∧ s ≈T s′ [s] →≈ [s′] proof: R =

(s, [s]) : s ∈ S
R =
(s, [s]) : s ∈ S
R =
(s, [s]) : s ∈ S
is a stutter bisimulation for (T , T /≈)

(T , T /≈) (T , T /≈) T ≈ T /≈ T ≈ T /≈ T ≈ T /≈

167 / 444

SLIDE 168

Example: mutual exclusion with semaphore

stutter5.4-16b

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} nc1 nc2 y=1 wait1 nc2 y=1 nc1 wait2 y=1 crit1 crit1 crit1 nc2 y=0 wait1 wait2 y=1 nc1 crit2 crit2 crit2 y=0 crit1 crit1 crit1 wait2 y=0 wait1 crit2 crit2 crit2 y=0

168 / 444

SLIDE 169

Example: mutual exclusion with semaphore

stutter5.4-16b

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} nc1 nc2 y=1 wait1 nc2 y=1 nc1 wait2 y=1 crit1 crit1 crit1 nc2 y=0 wait1 wait2 y=1 nc1 crit2 crit2 crit2 y=0 crit1 crit1 crit1 wait2 y=0 wait1 crit2 crit2 crit2 y=0 stutter bisimulation with three equivalence classes

169 / 444

SLIDE 170

Example: mutual exclusion with semaphore

stutter5.4-16b

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} Tsem Tsem Tsem

170 / 444

SLIDE 171

Example: mutual exclusion with semaphore

stutter5.4-16b

AP = {crit1, crit2} AP = {crit1, crit2} AP = {crit1, crit2} Tsem Tsem Tsem Tsem/≈ Tsem/≈ Tsem/≈

171 / 444

SLIDE 172

Alternating bit protocol

stutter5.4-21

Sender Sender Sender Receiver Receiver Receiver Timer Timer Timer message + + + bit acknowledgement (bit)

172 / 444

SLIDE 173

Alternating bit protocol

stutter5.4-21

Sender Sender Sender Receiver Receiver Receiver Timer Timer Timer message + + + bit acknowledgement (bit)

formalization by a closed channel system

[Sender

Timer
Receiver]

[Sender

Timer
Receiver]

[Sender

Timer
Receiver]

173 / 444

SLIDE 174

Alternating bit protocol

stutter5.4-21

Sender Sender Sender Receiver Receiver Receiver Timer Timer Timer message + + + bit acknowledgement (bit)

formalization by a closed channel system

[Sender

Timer
Receiver]

[Sender

Timer
Receiver]

[Sender

Timer
Receiver]
TS with about 230

230 230 states for channels of capacity 10 10 10

174 / 444

SLIDE 175

Alternating bit protocol

stutter5.4-21

Sender Sender Sender Receiver Receiver Receiver Timer Timer Timer message + + + bit acknowledgement (bit) program graph for sender generate message(0) send(0) . . . . . . . . . generate message(1) send(1) . . . . . . . . . d?x d?x d?x c!0 c!0 c!0 lost c!1 c!1 c!1 lost timeout! timeout!

175 / 444

SLIDE 176

Alternating bit protocol

stutter5.4-22

SMode=0 SMode=0 SMode=0 SMode=1 SMode=1 SMode=1 RMode=0 RMode=0 RMode=0 RMode=1 RMode=1 RMode=1

176 / 444

SLIDE 177

Alternating bit protocol

stutter5.4-22

SMode=0 SMode=0 SMode=0 SMode=1 SMode=1 SMode=1 RMode=0 RMode=0 RMode=0 RMode=1 RMode=1 RMode=1 AP AP AP = = =

SMode=0, SMode=1, RMode=0, RMode=1
SMode=0, SMode=1, RMode=0, RMode=1
SMode=0, SMode=1, RMode=0, RMode=1
Φ

Φ Φ = = = ∀♦SMode=0 ∧ ∀♦SMode=1 ∀♦SMode=0 ∧ ∀♦SMode=1 ∀♦SMode=0 ∧ ∀♦SMode=1

177 / 444

SLIDE 178

Alternating bit protocol

stutter5.4-22

SMode=0 SMode=0 SMode=0 SMode=1 SMode=1 SMode=1 RMode=0 RMode=0 RMode=0 RMode=1 RMode=1 RMode=1 AP AP AP = = =

SMode=0, SMode=1, RMode=0, RMode=1
SMode=0, SMode=1, RMode=0, RMode=1
SMode=0, SMode=1, RMode=0, RMode=1
Φ

Φ Φ = = = ∀♦SMode=0 ∧ ∀♦SMode=1 ∀♦SMode=0 ∧ ∀♦SMode=1 ∀♦SMode=0 ∧ ∀♦SMode=1 ABP | = Φ ABP | = Φ ABP | = Φ

178 / 444

SLIDE 179

Alternating bit protocol

stutter5.4-22

SMode=0 SMode=0 SMode=0 SMode=1 SMode=1 SMode=1 RMode=0 RMode=0 RMode=0 RMode=1 RMode=1 RMode=1 AP AP AP = = =

SMode=0, SMode=1, RMode=0, RMode=1
SMode=0, SMode=1, RMode=0, RMode=1
SMode=0, SMode=1, RMode=0, RMode=1
Φ

Φ Φ = = = ∀♦SMode=0 ∧ ∀♦SMode=1 ∀♦SMode=0 ∧ ∀♦SMode=1 ∀♦SMode=0 ∧ ∀♦SMode=1 ABP | = Φ ABP | = Φ ABP | = Φ, but ABP/≈ | = Φ ABP/≈ | = Φ ABP/≈ | = Φ





stutter bisimulation quotient

179 / 444

SLIDE 180

Alternating bit protocol

stutter5.4-22

SMode=0 SMode=0 SMode=0 SMode=1 SMode=1 SMode=1 RMode=0 RMode=0 RMode=0 RMode=1 RMode=1 RMode=1 stutter bisimulation quotient: SMode=0 SMode=0 SMode=0 RMode=0 RMode=0 RMode=0 SMode=0 SMode=0 SMode=0 RMode=1 RMode=1 RMode=1 SMode=1 SMode=1 SMode=1 RMode=1 RMode=1 RMode=1 SMode=1 SMode=1 SMode=1 RMode=0 RMode=0 RMode=0

180 / 444

SLIDE 181

Correct or wrong?

stutter5.4-27

If T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 then T1 T1 T1 and T2 T2 T2 are LTL\

\ \-equivalent.

181 / 444

SLIDE 182

Correct or wrong?

stutter5.4-27

If T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 then T1 T1 T1 and T2 T2 T2 are LTL\

\ \-equivalent.

wrong.

182 / 444

SLIDE 183

Correct or wrong?

stutter5.4-27

If T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 then T1 T1 T1 and T2 T2 T2 are LTL\

\ \-equivalent.

wrong. T1 T1 T1 T2 T2 T2 ∅ ∅ ∅ {a} {a} {a} ∅ ∅ ∅ {a} {a} {a} AP = {a} AP = {a} AP = {a}

183 / 444

SLIDE 184

Correct or wrong?

stutter5.4-27

If T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 then T1 T1 T1 and T2 T2 T2 are LTL\

\ \-equivalent.

wrong. T1 T1 T1 T2 T2 T2 ∅ ∅ ∅ {a} {a} {a} ∅ ∅ ∅ {a} {a} {a} ≈ ≈ ≈ AP = {a} AP = {a} AP = {a}

184 / 444

SLIDE 185

Correct or wrong?

stutter5.4-27

If T1 ≈ T2 T1 ≈ T2 T1 ≈ T2 then T1 T1 T1 and T2 T2 T2 are LTL\

\ \-equivalent.

wrong. T1 T1 T1 T2 T2 T2 ∅ ∅ ∅ {a} {a} {a} ∅ ∅ ∅ {a} {a} {a} ≈ ≈ ≈ T1 | = ♦a T1 | = ♦a T1 | = ♦a T2 | = ♦a T2 | = ♦a T2 | = ♦a AP = {a} AP = {a} AP = {a} ∅ω ∈ Traces(T1) ∅ω ∈ Traces(T1) ∅ω ∈ Traces(T1) ∅ω / ∈ Traces(T2) ∅ω / ∈ Traces(T2) ∅ω / ∈ Traces(T2)

185 / 444

SLIDE 186

Abstraction from stuttering: LT vs. BT

stutter5.4-23

186 / 444

SLIDE 187

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

stutter trace equivalence: T1

∆

= T2 T1

∆

= T2 T1

∆

= T2 iff ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) ∀π1 ∈ Paths(T1) ∃π2 ∈ Paths(T2) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 ∀π2 ∈ Paths(T2) ∃π1 ∈ Paths(T1) ∀π2 ∈ Paths(T2) ∃π1 ∈ Paths(T1) ∀π2 ∈ Paths(T2) ∃π1 ∈ Paths(T1) s.t. π1

∆

= π2 π1

∆

= π2 π1

∆

= π2 stutter bisimulation equivalence ≈T ≈T ≈T B ∈ S/≈T B ∈ S/≈T B ∈ S/≈T C ∈ S/≈T C ∈ S/≈T C ∈ S/≈T

187 / 444

SLIDE 188

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

= stutter trace equivalence ≈ ≈ ≈ stutter bisimulation equivalence

188 / 444

SLIDE 189

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

=

∆

=

∆

=

∆

= stutter trace equivalence ≈ ≈ ≈ stutter bisimulation equivalence

189 / 444

SLIDE 190

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

= ≈ ≈ ≈

∆

=

∆

=

∆

= stutter trace equivalence ≈ ≈ ≈ stutter bisimulation equivalence

190 / 444

SLIDE 191

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

= ≈ ≈ ≈

∆

=

∆

=

∆

= stutter trace equivalence ≈ ≈ ≈ stutter bisimulation equivalence

191 / 444

SLIDE 192

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

= ≈ ≈ ≈ ≈ ≈ ≈

∆

=

∆

=

∆

= stutter trace equivalence ≈ ≈ ≈ stutter bisimulation equivalence

192 / 444

SLIDE 193

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

= ≈ ≈ ≈ ≈ ≈ ≈

∆

=

∆

=

∆

=

∆

=

∆

=

∆

= stutter trace equivalence ≈ ≈ ≈ stutter bisimulation equivalence

193 / 444

SLIDE 194

Stutter bisimulation/stutter trace equivalence

stutter5.4-23

∆

=

∆

=

∆

= ≈ ≈ ≈ ≈ ≈ ≈

∆

=

∆

=

∆