Loading...

PPT – Bisimulation by Unification PowerPoint presentation | free to download - id: 2687e3-YjhlM

The Adobe Flash plugin is needed to view this content

Bisimulation by Unification

AMAST02, La Réunion 9-13 Sept. 2002

- Roberto Bruni (Univ. Pisa Univ. Illinois)
- Paolo Baldan (Univ. Pisa Univ. Venezia)
- Andrea Bracciali (Univ. Pisa)

Acknowledgements

- Research Supported by
- IST Programme on FET-GC Projects
- AGILE (IST-2001-32747)
- MYTHS
- SOCS
- Thanks also to
- Italian CNR
- University of Illinois at Urbana-Champaign

Roadmap

- Introduction Motivation
- Running Example (toy PC with ambients)
- Symbolic Bisimulation
- Symbolic Transition Systems
- Strict Large Bisimilarity
- Bisimulation by Unification
- Conclusions
- (Related Work Future Work)

Mission

- Methodology for the formal analysis of open

systems - Algebraic Representations of Processes
- Properties as Equivalences
- Process Calculi Bisimilarity
- Closed Terms Components
- Contexts Coordinators
- Compact (Symbolic) Transition Systems

Open Systems are

- Interactive, Autonomous, Accessible via

Interfaces, Dynamic, Programmable, - Ex. Web Services, WAN Computing, Mobile Code

p

q

CX1,X2,X3

r

Components

Coordinators

Interaction

- Components can be dynamically connected
- Ex. Access to Network Services

(Typed) Holes constrained dynamic binding

Cp,q,r

Boundaries access policies

Lets Get Formal

- Process Calculi Ingredients
- Structure (?,E) Signature Structural Axioms
- Operational Semantics (SOS, LTS/RS)
- Linguistic abstraction for holes and binding
- Variables Substitutions
- Logic for expressing and proving properties
- Specification Verification
- Tool for focusing e.g. on distribution,

communication, causal dependencies

Mostly devised for components!

Abstraction

- Equivalence on Components p ? q
- Bisimulation, Traces, May/Must Testing
- Equivalence on Coordinators
- CX ?univ DX iff ?p. Cp ? Dp
- (for simplicity, we consider one-holed contexts

in most slides) - needs universal quantification (on

instantiations)! - Focus on Bisimilarity (largest bisimulation) p ?

q - if p a? p then ? q a? q with p ? q
- (and vice versa)

Graphically

Components

p1

q1

a1

a1

p

q

an

an

pn

qn

Example Async. CCS Ambients

p 0 a a.p np open n.p in n.p

out n.p pp

(Assume AC1 parallel composition)

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Components

na.0a -?? n0 -/? ??

? mb.0b -?? m0 -/?

A Problem on Coordinators

nX ?? mX

Symbolic Approach

- Bisimulation Without Instantiation
- Facilitate analysis verification of

coordinators properties - Distinguishing Features
- Symbolic LTS
- states are coordinators
- labels are spatial/modal formulae
- Avoids universal closure
- Allows for coalgebraic techniques
- Constructive definition for Algebraic SOS
- (In general yields equivalences finer than ?univ )

Notation

- We start from a PC specified by
- Syntax Structural Equivalence (?,E)
- T?,E is the set of Components p,q,r
- T?,E(X) is the set of Coordinators CX, DX,
- CX1,,Xn means var(C) ? X1,,Xn
- Labels ? ranged by a,b,
- LTS L (defined on T?,E ?)
- possibly defined by SOS rules

Symbolic Transition Systems

- Ordinary SOS approach
- Behavior of a coordinator can depend on
- The spatial structure of the components that are

inserted/connected/substituted - The behavior of those components
- Idea to borrow formulae from a suitable logic

to express the most general class of components

that can take part in the coordinators evolution

What Logic Do We Need?

- Formulae must express the minimal amount of

information on components for enabling the step - Components that are not playing active role in

the step - Most general active components needed for the

step - Assumptions not only on the structure of

components, but also on their behavior - Logic L must include, as atomic formulae
- Place-holders (process variables) X q X
- Components p q p iff q ?E p

Symbolic Transitions

Coordinators

- CX ?(Y)?a DY
- intuitively whenever p ?(q),
- then Cp a? Dq
- ( q is to some extent the residual of p after

satisfying ? )

Formula

Ordinary label

Correctness

CX ?(Y)?a DY

STS

?pi,qi. pi ?(qi)

Cp1 a? Dq1

- Cp a? Dq

Cp2 a? Dq2

LTS L

Cpn a? Dqn

components that can make a

Completeness

r ?E Cp a? q

LTS L

? ?,s. CX ?(Y)?a DY

STS

with p ?(s) and q ? Ds

Strict Bisimilarity

- Strict Bisimilarity largest (strict)

bisimulation s.t. - CX ?(Y)?a CY
- ?strict ?strict
- DX ?(Y)?a DY
- THEOREM
- If the STS is correct complete, then
- ?strict ? ?univ

Strict Bisimilarity

- Strict Bisimilarity largest (strict)

bisimulation s.t. - CX ?(Y)?a CY
- ?strict ?strict
- DX ?(Y)?a DY
- THEOREM
- If the STS is correct complete, then
- ?strict ? ?univ

Strict Bisimilarity

- Strict Bisimilarity largest (strict)

bisimulation s.t. - CX ?(Y)?a CY
- ?strict ?strict
- DX ?(Y)?a DY
- THEOREM
- If the STS is correct complete, then
- ?strict ? ?univ

Strict Bisimilarity

- Strict Bisimilarity largest (strict)

bisimulation s.t. - CX ?(Y)?a CY
- ?strict ?strict
- DX ?(Y)?a DY
- THEOREM
- If the STS is correct complete, then
- ?strict ? ?univ

Strict Bisimilarity

- Strict Bisimilarity largest (strict)

bisimulation s.t. - CX ?(Y)?a CY
- ?strict ?strict
- DX ?(Y)?a DY
- THEOREM
- If the STS is correct complete, then
- ?strict ? ?univ

Back to the Open Problem

nX Ykout n.ZW? nYkZW ?strict?

mX

Back to the Open Problem

nX Ykout n.ZW? nYkZW ?strict?

mX Ykout n.ZW -/?

Back to the Open Problem

nX Ykout n.ZW? nYkZW ?strict

mX Ykout n.ZW -/?

Back to the Open Problem

nX ?univ mX

(take X kout n.0)

A Last Problem

nmout n.X Y? n0m0 ?strict

? n0maa.X Y? n0m0

A Last Problem

nmout n.X Y? n0mY ?strict

n0maa.X Y? n0mY

A Last Problem

nmout n.X ?strict n0maa.X

nmout n.X ?univ n0maa.X

?

Large Bisimilarity

- What if ?strict is too fine?
- We can relax the strict bisimilarity when the

logic L includes generic spatial formulae - Operators f??
- q f(?1,,?n) iff ?qi. q ?E f(q1,,qn) ?

qi ?i - We call spatial formulae those composed by

spatial operators and place-holders only - Ambivalent view of Spatial Formulae as

Coordinators

Large Bisimilarity

- Large Bisimilarity largest (large) bisimulation

s.t. - CX ?(Y)?a CY ?large D?(Y)
- ?large
- DX ?(Z)?a DZ ?(Y) ?(?(Y))
- ?(Y) spatial
- THEOREM
- If the STS is correct complete, then
- ?large ? ?univ

Large Bisimilarity

- Large Bisimilarity largest (large) bisimulation

s.t. - CX ?(Y)?a CY ?large D?(Y)
- ?large
- DX ?(Z)?a DZ ?(Y) ?(?(Y))
- ?(Y) spatial
- THEOREM
- If the STS is correct complete, then
- ?large ? ?univ

Large Bisimilarity

- Large Bisimilarity largest (large) bisimulation

s.t. - CX ?(Y)?a CY ?large D?(Y)
- ?large
- DX ?(Z)?a DZ ?(Y) ?(?(Y))
- ?(Y) spatial
- THEOREM
- If the STS is correct complete, then
- ?large ? ?univ

Large Bisimilarity

- Large Bisimilarity largest (large) bisimulation

s.t. - CX ?(Y)?a CY ?large D?(Y)
- ?large
- DX ?(Z)?a DZ ?(Y) ?(?(Y))
- ?(Y) spatial
- THEOREM
- If the STS is correct complete, then
- ?large ? ?univ

Large Bisimilarity

- Large Bisimilarity largest (large) bisimulation

s.t. - CX ?(Y)?a CY ?large D?(Y)
- ?large
- DX ?(Z)?a DZ ?(Y) ?(?(Y))
- ?(Y) spatial
- THEOREM ?strict ? ?large
- If the STS is correct complete, then
- ?large ? ?univ

Large Bisimilarity

- Large Bisimilarity largest (large) bisimulation

s.t. - CX ?(Y)?a CY ?large D?(Y)
- ?large
- DX ?(Z)?a DZ ?(Y) ?(?(Y))
- ?(Y) spatial
- THEOREM ?strict ? ?large
- If the STS is correct complete, then
- ?large ? ?univ

Why Use ?strict ?large

- As an approximation method for ?univ
- ?univ is not defined coinductively
- ?univ requires the verification of infinitely

many equivalences - Bonus Theorems
- CX ?large DX implies CEY ?univ DEY
- CX ?strict DX implies CEY ?univ DEY
- Note that in general ?large is not transitive
- Bonus Theorem
- if CX ?large DX implies CEY ?large

DEY, then ?large is transitive and thus it is

an equivalence relation

Bisimulation by Unification

- Algebraic SOS Format (spatial/modal constraints)
- (Yi is either Xi (if i?I) or Zi (if i?I))
- Formulae ? X p ?a.? f(?,,?)
- Modality ?a q ?a.? iff ?q a? p ? p ?

Xi ai? Zii?I

CX1,,Xn a? DY1,,Yn

The Prolog Algorithm

- trs( box(A,X) , A , X ) - !.
- trs( CX1,,Xn,a,DY1,,Yn ) -
- trs(Xi1 , ai1 , Zi1),
- ,
- trs(Xin , ain , Zin).
- The program can be seen as the specification of

the STS - Goals have the form ?- trs(CX1,,Xn, a , Z).
- Backtracking mechanism meta-logic ops (bagof)

can be used to compute all symbolic transitions

for CX - THEOREM
- The resulting STS is correct complete

Conclusions

- General formal framework for open systems
- Meta-theoretic foundations
- Under suitable hypothesis
- ?strict implies ?large implies ?univ
- For the Algebraic SOS format, a minimal STS can

be defined constructively in Prolog - cut unification
- extension to AC1 parallel operator (see paper)

Dual View

- Instantiation ? Contextualization
- When ? is not a congruence
- p ? q iff ?CX. Cp ? Cq
- ? is not a bisimulation (unless ? is a

congruence) - (the largest congruence which is also a

bisimulation is called dynamic bisimulation) - Sewell, Leifer Milner minimal contexts as

labels - Transitions p C _ ,X1,,Xn? DX1,,Xn
- ?pi. Cp,p1,,pn -?? Dp1,,pn
- C. minimal (not necessarily minimum)
- Universal quantification moved from contexts to

components!

Related Work / Source of Inspiration

- Sewell, Leifer Milner
- categorical characterization of the most general

interaction (relative pushout) - Caires, Cardelli Gordon
- Fiadeiro, Maibaum, Martì-Oliet, Meseguer Pita
- elegant mathematical tool for expressing

structural temporal aspects - Bruni, Montanari Rossi
- interactive view of Logic Programming

Future Work

- Deal with names
- Name restriction Logical notion of freshness
- Duality
- Categorical formulation (relative pullback?)
- Symbolic approach to the verification of infinite

state cryptographic protocols - Extension to meta and abductive LP
- Programmable definition of proofs
- To answer questions like under which assumptions

can pX evolve so to satisfy a certain property?

that are relevant in dynamic system engineering

- Bisimulation By Unification
- a paper by Andrea Bracciali
- Paolo Baldan
- Roberto Bruni
- AMAST presentation by Roberto Bruni
- Research supported by
- IST Programme on FET-GC Projects AGILE, MYTHS,

SOCS - Italian CNR
- University of Illinois at Urbana-Champaign