Bisimulation by Unification - PowerPoint PPT Presentation

About This Presentation
Title:

Bisimulation by Unification

Description:

University of Illinois. CNR Fellowship on Information Sciences and Technologies ... (for simplicity, we consider one-holed contexts in most s) needs ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 55
Provided by: diUn
Category:

less

Transcript and Presenter's Notes

Title: Bisimulation by Unification


1
Bisimulation by Unification
UIUC, 21 Oct. 2002
  • Roberto Bruni (Pisa Illinois)
  • Paolo Baldan (Pisa Venezia)
  • Andrea Bracciali (Pisa)
  • Research supported by
  • University of Illinois
  • CNR Fellowship on Information Sciences and
    Technologies
  • IST Programme on FET-GC Projects AGILE, MYTHS,
    SOCS

2
Outline
  • Introduction Motivation
  • Running Example (toy PC with ambients)
  • Symbolic Bisimulation
  • Symbolic Transition Systems
  • Strict Large Bisimilarity
  • Bisimulation by Unification
  • Conclusions
  • (Related Work Future Work)

3
Goal
  • Sound methodology for the formal analysis of open
    systems
  • Algebraic Representations of Processes
  • Up-To Abstract Equivalences
  • Process Calculi Bisimilarity
  • Closed Terms Components
  • Contexts Coordinators
  • Compact (Symbolic) Transition Systems

4
Open Systems are
  • Interactive, Autonomous, Accessible via
    Interfaces, Dynamic, Programmable,
  • Ex. Web Services, WAN Computing, Mobile Code

p
q
CX1,X2,X3
r
Components
Coordinators
5
Interaction
  • Components can be dynamically connected
  • Ex. Access to Network Services

(Typed) Holes constrained dynamic binding
Cp,q,r
Boundaries access policies
6
Lets Get Formal
  • Process Calculi Ingredients
  • Structure (?,E) Signature Structural Axioms
  • Operational Semantics (SOS, LTS/RS)
  • Linguistic abstraction for holes and binding
  • Variables Substitutions
  • Logic for expressing and proving properties
  • Specification Verification

Mostly devised for components!
7
Abstraction
  • Equivalence on Components p ? q
  • Bisimulation, Traces, May/Must Testing
  • Equivalence on Coordinators
  • CX ?univ DX iff ?p. Cp ? Dp
  • (for simplicity, we consider one-holed contexts
    in most slides)
  • needs universal quantification

8
Bisimulation
  • Focus on Bisimilarity (largest bisimulation)
  • p ? q
  • if p a? p then ? q a? q with p ? q
  • (and vice versa)

9
Graphically
Components
p1
q1
a1
a1
p
q
an
an
pn
qn
10
Example Ambients Asynchronous CCS com.
p 0 a a.p np open n.p in n.p
out n.p pp
(Assume AC1 parallel composition)
11
In Maude Notation I
fmod CCSAmb is protecting MACHINE-INT . sorts
Act Amb Proc . op n MachineInt -gt Amb . op a
MachineInt -gt Act . op 0 -gt Proc . op _
Act -gt Proc frozen . op _._ Act Proc -gt Proc
frozen . op __ Amb Proc -gt Proc . op
open(_)._ Amb Proc -gt Proc frozen . op
in(_)._ Amb Proc -gt Proc frozen . op
out(_)._ Amb Proc -gt Proc frozen . op __
Proc Proc -gt Proc assoc comm id0 .
12
In Maude Notation II
vars N M Amb . vars P Q R Proc . vars A
Act . rl (NP) (open(N) . Q) gt P Q
. rl (NP) (M(in(N) . Q) R) gt
NP (MQ R) . rl N(P (M(out(N)
. Q) R)) gt (NP) (M(Q R))
. rl N(A . P) (A ) Q gt NP Q
. endfm
13
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
14
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
15
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
16
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
17
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
18
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
19
A Problem on Components
na.0a -?? n0 -/? ??
? mb.0b -?? m0 -/?
20
A Problem on Coordinators
nX ?? mX
21
Symbolic Approach
  • Bisimulation Without Instantiation
  • Facilitate analysis verification of
    coordinators properties
  • Distinguishing Features
  • Symbolic LTS
  • states are coordinators
  • labels are spatial/modal formulae
  • Avoids universal closure
  • Allows for coalgebraic techniques
  • Constructive definition for Algebraic SOS
  • (In general yields equivalences finer than ?univ )

22
Notation
  • We start from a PC specified by
  • Syntax Structural Equivalence (?,E)
  • T?,E is the set of Components p,q,r
  • T?,E(X) is the set of Coordinators CX, DX,
  • CX1,,Xn means var(C) ? X1,,Xn
  • Labels ? ranged by a,b,
  • LTS L (defined on T?,E ?)
  • possibly defined by SOS rules

23
Symbolic Transition Systems
  • Ordinary SOS approach
  • Behavior of a coordinator can depend on
  • The spatial structure of the components that are
    inserted/connected/substituted
  • The behavior of those components
  • Idea to borrow formulae from a suitable logic
    to express the most general class of components
    that can take part in the coordinators evolution

24
What Logic Do We Need?
  • Formulae must express the minimal amount of
    information on components for enabling the step
  • Components that are not playing active role in
    the step
  • Most general active components needed for the
    step
  • Assumptions not only on the structure of
    components, but also on their behavior
  • Logic L must include, as atomic formulae
  • Place-holders (process variables) X q X
  • Components p q p iff q ?E p

25
Symbolic Transitions
Coordinators
  • CX ?(Y)?a DY
  • intuitively whenever p ?(q),
  • then Cp a? Dq
  • ( q is to some extent the residual of p after
    satisfying ? )

Formula
Ordinary label
26
Correctness
CX ?(Y)?a DY
STS
?pi,qi. pi ?(qi)
Cp1 a? Dq1
  • Cp a? Dq

Cp2 a? Dq2
LTS L
Cpn a? Dqn
components that can make a
27
Completeness
r ?E Cp a? q
LTS L
? ?,s. CX ?(Y)?a DY
STS
with p ?(s) and q ? Ds
28
Strict Bisimilarity
  • Strict Bisimilarity largest (strict)
    bisimulation s.t.
  • CX ?(Y)?a CY
  • ?strict ?strict
  • DX ?(Y)?a DY
  • THEOREM
  • If the STS is correct complete, then
  • ?strict ? ?univ

29
Strict Bisimilarity
  • Strict Bisimilarity largest (strict)
    bisimulation s.t.
  • CX ?(Y)?a CY
  • ?strict ?strict
  • DX ?(Y)?a DY
  • THEOREM
  • If the STS is correct complete, then
  • ?strict ? ?univ

30
Strict Bisimilarity
  • Strict Bisimilarity largest (strict)
    bisimulation s.t.
  • CX ?(Y)?a CY
  • ?strict ?strict
  • DX ?(Y)?a DY
  • THEOREM
  • If the STS is correct complete, then
  • ?strict ? ?univ

31
Strict Bisimilarity
  • Strict Bisimilarity largest (strict)
    bisimulation s.t.
  • CX ?(Y)?a CY
  • ?strict ?strict
  • DX ?(Y)?a DY
  • THEOREM
  • If the STS is correct complete, then
  • ?strict ? ?univ

32
Strict Bisimilarity
  • Strict Bisimilarity largest (strict)
    bisimulation s.t.
  • CX ?(Y)?a CY
  • ?strict ?strict
  • DX ?(Y)?a DY
  • THEOREM
  • If the STS is correct complete, then
  • ?strict ? ?univ

33
Back to the Open Problem
nX Ykout n.ZW? nYkZW ?strict?
mX
34
Back to the Open Problem
nX Ykout n.ZW? nYkZW ?strict?
mX Ykout n.ZW -/?
35
Back to the Open Problem
nX Ykout n.ZW? nYkZW ?strict
mX Ykout n.ZW -/?
36
Back to the Open Problem
nX ?univ mX
(take X kout n.0)
37
A Last Problem
nmout n.X Y? n0m0 ?strict
? n0maa.X Y? n0m0
38
A Last Problem
nmout n.X Y? n0mY ?strict
n0maa.X Y? n0mY
39
A Last Problem
nmout n.X ?strict n0maa.X
nmout n.X ?univ n0maa.X
?
40
Large Bisimilarity
  • What if ?strict is too fine?
  • We can relax the strict bisimilarity when the
    logic L includes generic spatial formulae
  • Operators f??
  • q f(?1,,?n) iff ?qi. q ?E f(q1,,qn) ?
    qi ?i
  • We call spatial formulae those composed by
    spatial operators and place-holders only
  • Ambivalent view of Spatial Formulae as
    Coordinators

41
Large Bisimilarity
  • Large Bisimilarity largest (large) bisimulation
    s.t.
  • CX ?(Y)?a CY ?large D?(Y)
  • ?large
  • DX ?(Z)?a DZ ?(Y) ?(?(Y))
  • ?(Y) spatial
  • THEOREM
  • If the STS is correct complete, then
  • ?large ? ?univ

42
Large Bisimilarity
  • Large Bisimilarity largest (large) bisimulation
    s.t.
  • CX ?(Y)?a CY ?large D?(Y)
  • ?large
  • DX ?(Z)?a DZ ?(Y) ?(?(Y))
  • ?(Y) spatial
  • THEOREM
  • If the STS is correct complete, then
  • ?large ? ?univ

43
Large Bisimilarity
  • Large Bisimilarity largest (large) bisimulation
    s.t.
  • CX ?(Y)?a CY ?large D?(Y)
  • ?large
  • DX ?(Z)?a DZ ?(Y) ?(?(Y))
  • ?(Y) spatial
  • THEOREM
  • If the STS is correct complete, then
  • ?large ? ?univ

44
Large Bisimilarity
  • Large Bisimilarity largest (large) bisimulation
    s.t.
  • CX ?(Y)?a CY ?large D?(Y)
  • ?large
  • DX ?(Z)?a DZ ?(Y) ?(?(Y))
  • ?(Y) spatial
  • THEOREM
  • If the STS is correct complete, then
  • ?large ? ?univ

45
Large Bisimilarity
  • Large Bisimilarity largest (large) bisimulation
    s.t.
  • CX ?(Y)?a CY ?large D?(Y)
  • ?large
  • DX ?(Z)?a DZ ?(Y) ?(?(Y))
  • ?(Y) spatial
  • THEOREM ?strict ? ?large
  • If the STS is correct complete, then
  • ?large ? ?univ

46
Large Bisimilarity
  • Large Bisimilarity largest (large) bisimulation
    s.t.
  • CX ?(Y)?a CY ?large D?(Y)
  • ?large
  • DX ?(Z)?a DZ ?(Y) ?(?(Y))
  • ?(Y) spatial
  • THEOREM ?strict ? ?large
  • If the STS is correct complete, then
  • ?large ? ?univ

47
Why Use ?strict ?large
  • As an approximation method for ?univ
  • ?univ is not defined coinductively
  • ?univ requires the verification of infinitely
    many equivalences
  • Bonus Theorems
  • CX ?large DX implies CEY ?univ DEY
  • CX ?strict DX implies CEY ?univ DEY
  • Note that in general ?large is not transitive
  • Bonus Theorem
  • if CX ?large DX implies CEY ?large
    DEY, then ?large is transitive and thus it is
    an equivalence relation

48
Bisimulation by Unification
  • Algebraic SOS Format (spatial/modal constraints)
  • (Yi is either Xi (if i?I) or Zi (if i?I))
  • Formulae ? X p ?a.? f(?,,?)
  • Modality ?a q ?a.? iff ?q a? p ? p ?

Xi ai? Zii?I
CX1,,Xn a? DY1,,Yn
49
The Prolog Algorithm
  • trs( box(A,X) , A , X ) - !.
  • trs( CX1,,Xn,a,DY1,,Yn ) -
  • trs(Xi1 , ai1 , Zi1),
  • ,
  • trs(Xin , ain , Zin).
  • The program can be seen as the specification of
    the STS
  • Goals have the form ?- trs(CX1,,Xn, a , Z).
  • Backtracking mechanism meta-logic ops (bagof)
    can be used to compute all symbolic transitions
    for CX
  • THEOREM
  • The resulting STS is correct complete

50
Conclusions
  • General formal framework for open systems
  • Meta-theoretic foundations
  • Under suitable hypothesis
  • ?strict implies ?large implies ?univ
  • For the Algebraic SOS format, a minimal STS can
    be defined constructively in Prolog
  • cut unification
  • extension to AC1 parallel operator (see paper)

51
Dual View
  • Instantiation ? Contextualization
  • When ? is not a congruence
  • p ? q iff ?CX. Cp ? Cq
  • ? is not a bisimulation (unless ? is a
    congruence)
  • (the largest congruence which is also a
    bisimulation is called dynamic bisimulation)
  • Sewell, Leifer Milner minimal contexts as
    labels
  • Transitions p C _ ,X1,,Xn? DX1,,Xn
  • ?pi. Cp,p1,,pn -?? Dp1,,pn
  • C. minimal (not necessarily minimum)
  • Universal quantification moved from contexts to
    components!

52
Related Work / Source of Inspiration
  • Sewell, Leifer Milner
  • categorical characterization of the most general
    interaction (relative pushout)
  • Caires, Cardelli Gordon
  • Fiadeiro, Maibaum, Martì-Oliet, Meseguer Pita
  • elegant mathematical tool for expressing
    structural temporal aspects
  • Bruni, Montanari Rossi
  • interactive view of Logic Programming

53
Future Work
  • Deal with names
  • Name restriction Logical notion of freshness
  • Duality
  • Categorical formulation (relative pullback?)
  • Symbolic approach to the verification of infinite
    state cryptographic protocols
  • Extension to meta and abductive LP
  • Programmable definition of proofs
  • To answer questions like under which assumptions
    can pX evolve so to satisfy a certain property?
    that are relevant in dynamic system engineering

54
  • Bisimulation By Unification
  • a paper by Andrea Bracciali
  • Paolo Baldan
  • Roberto Bruni
  • a presentation by Roberto Bruni
Write a Comment
User Comments (0)
About PowerShow.com