Axiomatizing Bisimulation Equivalences and ... - Semantic Scholar
Axiomatizing Bisimulation Equivalences and Metrics from Probabilistic SOS Rules
Pedro R. D’Argenio1 , Daniel Gebler2 , Matias David Lee1 1
FaMAF, Universidad Nacional de Córdoba/CONICET, Argentina 2
VU University Amsterdam, The Netherlands
FoSSaCS 2014 11 April 2014
1 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
a.((b ⊕1/2 0) + (b ⊕1/2 0))
a.(b ⊕1/2 0)
?
∼
a
Spec ⊢
1/4
b+b
a
◦ 1/4
b+0
1/4
0+b
◦
1/4
1/2
0+0
b
1/2
0
Coinductive approach: Verification of bisim equivalence on induced TS
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
a.((b ⊕1/2 0) + (b ⊕1/2 0))
a.(b ⊕1/2 0)
?
∼
a
Spec ⊢
1/4
b+b
a
◦ 1/4
b+0
1/4
0+b
◦
1/4
1/2
0+0
b
1/2
0
Coinductive approach: Verification of bisim equivalence on induced TS
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
Axiom(Spec)
?
⊢ a.((b ⊕1/2 0) + (b ⊕1/2 0)) = a.(b ⊕1/2 0)
Axiomatic approach: Proof of bisim equivalence from derived ES
This talk: For any SOS specification we construct an equation system that is sound and ground complete wrt. bisimulation semantics
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
Axiom(Spec)
?
⊢ a.((b ⊕1/2 0) + (b ⊕1/2 0)) = a.(b ⊕1/2 0)
Axiomatic approach: Proof of bisim equivalence from derived ES
This talk: For any SOS specification we construct an equation system that is sound and ground complete wrt. bisimulation semantics
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
Axiom(Spec)
?
⊢ a.((b ⊕1/2 0) + (b ⊕1/2 0)) = a.(b ⊕1/2 0)
Axiomatic approach: Proof of bisim equivalence from derived ES
This talk: For any SOS specification we construct an equation system that is sound and ground complete wrt. bisimulation semantics
2 / 21
Probabilistic Transition Systems
A probabilistic transition system (S, A, − →) consists of a (countable) set of states S a (countable) set of actions A a transition relation → − ⊆ S × A × ∆(S) with ∆(S) the set of probability distributions over S.
3 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ yi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(x1 , . . . , xr(f) ) − →t
6 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ Two sorted signature (state and distribution terms) and each state operator is also available for distributions Distribution terms are defined as smallest set including distribution variables µ ∈ Vd instantiable Dirac distributions δ(t) for state term t ⊕ ∑ θ if θ p i are distribution terms and pi ∈ (0, 1] with i∈I i i i∈I pi = 1 f(θ1 , . . . , θr(f) ) if θi are distribution terms and f ∈ Σ
6 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ Two sorted signature (state and distribution terms) and each state operator is also available for distributions Distribution terms are defined as smallest set including distribution variables µ ∈ Vd instantiable Dirac distributions δ(t) for state term t ⊕ ∑ θ if θ p i are distribution terms and pi ∈ (0, 1] with i∈I i i i∈I pi = 1 f(θ1 , . . . , θr(f) ) if θi are distribution terms and f ∈ Σ
6 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ Two sorted signature (state and distribution terms) and each state operator is also available for distributions Distribution terms are defined as smallest set including distribution variables µ ∈ Vd instantiable Dirac distributions δ(t) for state term t ⊕ ∑ θ if θ p i are distribution terms and pi ∈ (0, 1] with i∈I i i i∈I pi = 1 f(θ1 , . . . , θr(f) ) if θi are distribution terms and f ∈ Σ Distribution term f(θ1 , . . . , θr(f) ) represents the element-wise application of operator f to elements in θi , that is for closed substitution σ distribution
state term
r(f) z }| {z }| { ∏ σ(θi )(ti ) σ(f(θ1 , . . . , θr(f) ))(f(t1 , . . . , tr(f) )) = i=1 6 / 21
Parallel composition a
a
x− →µ y− →ν a
x|y− →µ|ν P.
Q a
a
◦ 0.4
◦ 0.3
0.6
P1
Q1
P2
0.7
Q2
P|Q a
0.12
P1 | Q1
◦ 0.28
P1 | Q2
0.18
P2 | Q1
0.42
P2 | Q2 7 / 21
Parallel composition a
a
x− →µ y− →ν a
x|y− →µ|ν P.
Q a
a
◦ 0.4
◦ 0.3
0.6
P1
Q1
P2
0.7
Q2
P|Q a
0.12
P1 | Q1
◦ 0.28
P1 | Q2
0.18
P2 | Q1
0.42
P2 | Q2 7 / 21
Parallel composition a
a
x− →µ y− →ν a
x|y− →µ|ν P.
Q a
a
◦ 0.4
◦ 0.3
0.6
P1
Q1
P2
0.7
Q2
P|Q a
0.12
P1 | Q1
◦ 0.28
P1 | Q2
0.18
P2 | Q1
0.42
P2 | Q2 7 / 21
Bisimilarity is a congruence for PTSS
.
Theorem (Lee, Gebler, and D’Argenio (2012, 2013, 2014))
. For any PTSS in PGSOS format strong and convex bisimilarity equivalence is a congruence. .
8 / 21
Axiomatization strategy
. Axiomatization of basic probabilistic CCS 2. Axiomatization of distinctive operators 3. Axiomatization of smooth operators 4. Axiomatization of non-smooth operators 1
9 / 21
Basic probabilistic CCS
a
a.µ − →µ
a
x− →µ a
x+y− →µ
a
y− →µ a
x+y− →µ
10 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Smooth operator A PGSOS rule is smooth if it has the form ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Smooth operator A PGSOS rule is smooth if it has the form bj,n
a
i {xi −→ µi | i ∈ I} {xj −−→ ̸ | j ∈ J, n ∈ Nj }
a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Smooth operator A PGSOS rule is smooth if it has the form bj,n
a
i {xi −→ µi | i ∈ I} {xj −−→ ̸ | j ∈ J, n ∈ Nj }
a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Smooth operator A PGSOS rule is smooth if it has the form bj,n
a
i {xi −→ µi | i ∈ I} {xj −−→ ̸ | j ∈ J, n ∈ Nj }
a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Distinctive operator A smooth operator f is distinctive if 1. each f-defining rule tests the same arguments I positively, and 2. different f-defining rules test some some argument i ∈ I positively with different action. a
Example:
Counterexample:
a
a
x− →µ y− →ν
x− →µ
a
x6y− → µ ∥ δ(y)
x|y− →µ|ν
a
a
y− →ν
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x− →µ a
a
a
13 / 21
Distinctive operator A smooth operator f is distinctive if 1. each f-defining rule tests the same arguments I positively, and 2. different f-defining rules test some some argument i ∈ I positively with different action. a
Example:
Counterexample:
a
a
x− →µ y− →ν
x− →µ
a
x6y− → µ ∥ δ(y)
x|y− →µ|ν
a
a
y− →ν
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x− →µ a
a
a
13 / 21
Distinctive operator A smooth operator f is distinctive if 1. each f-defining rule tests the same arguments I positively, and 2. different f-defining rules test some some argument i ∈ I positively with different action. a
Example:
Counterexample:
a
a
x− →µ y− →ν
x− →µ
a
x6y− → µ ∥ δ(y)
x|y− →µ|ν
a
a
y− →ν
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x− →µ a
a
a
13 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Non-smooth operator Assume action a may fail with probability pa . Safe controller sc(t) that minimizes the probability of failure: a
x− →µ a
sc(x) − → sc(µ)
a
if pa = 0
b
x− → µ {x −→ ̸ | pb < pa } a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
if pa > 0
Operator sc(_) is not smooth.
15 / 21
Non-smooth operator Assume action a may fail with probability pa . Safe controller sc(t) that minimizes the probability of failure: a
x− →µ a
sc(x) − → sc(µ)
a
if pa = 0
b
x− → µ {x −→ ̸ | pb < pa } a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
if pa > 0
Operator sc(_) is not smooth.
15 / 21
Axiomatization of a non-smooth operator Specification of non-smooth sc(_) operator: a
x− →µ a
sc(x) − → sc(µ)
a
b
x− → µ {x −→ ̸ | pb < pa }
(pa = 0)
a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
(pa > 0)
Derived smooth operator sc(_, _) specified by: a
x− →µ a
sc(x, y) − → sc(µ)
a
b
x− → µ {y −→ ̸ | pb < pa }
(pa = 0)
a
sc(x, y) − → δ(y) ⊕pa sc(µ)
(pa > 0)
Axiomatization of sc(_) by: sc(x) = sc(x, x) together with axioms for sc(_, _). 16 / 21
Axiomatization of a non-smooth operator Specification of non-smooth sc(_) operator: a
x− →µ a
sc(x) − → sc(µ)
a
b
x− → µ {x −→ ̸ | pb < pa }
(pa = 0)
a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
(pa > 0)
Derived smooth operator sc(_, _) specified by: a
x− →µ a
sc(x, y) − → sc(µ)
a
b
x− → µ {y −→ ̸ | pb < pa }
(pa = 0)
a
sc(x, y) − → δ(y) ⊕pa sc(µ)
(pa > 0)
Axiomatization of sc(_) by: sc(x) = sc(x, x) together with axioms for sc(_, _). 16 / 21
Axiomatization of a non-smooth operator Specification of non-smooth sc(_) operator: a
x− →µ a
sc(x) − → sc(µ)
a
b
x− → µ {x −→ ̸ | pb < pa }
(pa = 0)
a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
(pa > 0)
Derived smooth operator sc(_, _) specified by: a
x− →µ a
sc(x, y) − → sc(µ)
a
b
x− → µ {y −→ ̸ | pb < pa }
(pa = 0)
a
sc(x, y) − → δ(y) ⊕pa sc(µ)
(pa > 0)
Axiomatization of sc(_) by: sc(x) = sc(x, x) together with axioms for sc(_, _). 16 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Motivation of Metrics as Behavioral Semantics
implementation
System . Specification
? ⇔
System Implementation
measurement Behavioral equivalence semantics is fragile because of: Implementation errors Measurement errors
18 / 21
Motivation of Metrics as Behavioral Semantics
implementation
System . Specification
? ⇔
System Implementation
measurement Behavioral equivalence semantics is fragile because of: Implementation errors Measurement errors
18 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
a 0.25
p2
a
◦
0.25
0.75
•
◦
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
a 0.25
p2
a
◦
0.25
0.75
•
◦
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
a 0.25
p2
a
◦
0.25
0.75
•
◦
d(p2 , q2 ) = 4ϵ
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
d(p, q) = ϵ
a 0.25
p2
a
◦
0.25
0.75
•
◦
d(p2 , q2 ) = 4ϵ
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Conclusion Summary Sound and ground-complete axiomatization of bisimulation equivalence and bisimulation distance for any PGSOS system Generalized SOS rules that allow ops to map into distribution sort Convex bisimilarity is a congruence for PGSOS operators Future work Axiomatization of weaker behavioral equivalences (trace and testing) Axiomatization of probabilistic choice by mean-value algebras Axiomatization of the Kantorovich operator by metric mean-value algebras and the Hausdorff operator in terms of metric semilattices
21 / 21
Conclusion Summary Sound and ground-complete axiomatization of bisimulation equivalence and bisimulation distance for any PGSOS system Generalized SOS rules that allow ops to map into distribution sort Convex bisimilarity is a congruence for PGSOS operators Future work Axiomatization of weaker behavioral equivalences (trace and testing) Axiomatization of probabilistic choice by mean-value algebras Axiomatization of the Kantorovich operator by metric mean-value algebras and the Hausdorff operator in terms of metric semilattices
21 / 21
Related work . Aceto,L., Bloom,B., Vaandrager,F.: Turning SOS Rules into Equations. LICS’92: 113-124 (1992) .2 Baeten,J., de Vink,E.: Axiomatizing GSOS with termination. JLAP. 60-61 (2004) 1
. Aceto,L., Caltais,G., Goriac,E.I., Ingólfsdóttir,A.: Axiomatizing GSOS with Predicates. SOS’11 (2011)
3
. Gazda, M., Fokkink, W.: Turning GSOS rules into equations for linear time-branching time semantics. The Computer Journal 56(1), (2013)
4
. Aceto,L., Goriac,E.I., Ingólfsdóttir,A., Mousavi,M.R., Reniers,M.A.: Exploiting algebraic laws to improve mechanized axiomatizations. CALCO’13. (2013) .6 D’Argenio, P.R., Gebler, D., and Lee, M.D. Axiomatizing Bisimulation Equivalences and Metrics from Probabilistic SOS Rules. FoSSaCS’14. (2014). 5
1 / 11
Structural Operational Semantics
.
Plotkin-style specifications .
Syntax based specification approach Inductive definition of transition relation by rules Defined transition system consists of: ▶
States are terms
▶
Transition relation is inductively derived from rules and term structure
.
2 / 11
Specification approaches PLTS s1 4 0.
s.
a
π 0. 6
s2 PGSOS [Ba02] and RTSS [LT09] describe single s. PGSOS and RTSS require ▶ ▶
a
·
0.4
s1
indexed transitions rule format constraints on sets of rules
because different rules may produce the same transition Segala GSOS [Ba04] and ntµfθ/ntµxθ { [LGD12] describe all probabilistic s1 7→ 0.4 a π with π = moves together s. s2 7→ 0.6 3 / 11
Specification approaches PLTS s1 4 0.
s.
a
π 0. 6
s2 PGSOS [Ba02] and RTSS [LT09] describe single s. PGSOS and RTSS require ▶ ▶
a
·
0.4
s1
indexed transitions rule format constraints on sets of rules
because different rules may produce the same transition Segala GSOS [Ba04] and ntµfθ/ntµxθ { [LGD12] describe all probabilistic s1 7→ 0.4 a π with π = moves together s. s2 7→ 0.6 3 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (probabilistic operators)
a
a
a
a
x− →µ y− →ν
x− →µ y− → ̸
a
x +p y − →µ
a
x− → ̸
a
x +p y − → µ ⊕p ν
a
a
y− →ν a
x +p y − →ν
a
x− →µ y− →ν a
x |p y − → µ |p δ(y) ⊕p δ(x) |p ν a
x− →µ a
a
y− → ̸
x |p y − → µ |p δ(y)
a
a
x− → ̸
y− →ν a
x |p y − → δ(x) |p ν
7 / 11
Probabilistic PA (probabilistic operators)
a
a
a
a
x− →µ y− →ν
x− →µ y− → ̸
a
x +p y − →µ
a
x− → ̸
a
x +p y − → µ ⊕p ν
a
a
y− →ν a
x +p y − →ν
a
x− →µ y− →ν a
x |p y − → µ |p δ(y) ⊕p δ(x) |p ν a
x− →µ a
a
y− → ̸
x |p y − → µ |p δ(y)
a
a
x− → ̸
y− →ν a
x |p y − → δ(x) |p ν
7 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Perturbation of probabilities and bisimulation equivalence
p.
q.
̸∼
a
a
◦ 0.6
p2 1.0
b
◦
◦ 0.6 − ϵ
0.4
p3 c
q2 1.0
◦
1.0
b
◦
0.4 + ϵ
q3 c
1.0
◦
10 / 11
Perturbation of probabilities and bisimulation equivalence
p.
q.
̸∼
a
a
◦ 0.6
p2 1.0
b
◦
◦ 0.6 − ϵ
0.4
p3 c
q2 1.0
◦
1.0
b
◦
0.4 + ϵ
q3 c
1.0
◦
10 / 11
Perturbation of probabilities and bisimulation equivalence
p.
q.
d(p, q) = ϵ
a
a
◦ 0.6
p2 1.0
b
◦
◦ 0.6 − ϵ
0.4
p3 c
q2 1.0
◦
1.0
b
◦
0.4 + ϵ
q3 c
1.0
◦
10 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . Discrete transportation problem: π′
π s1.
ω(s1 , s1 )
s1
ω(s1 , s2 )
s2
s2
.. . sn
ω(s1 , s2 )
ω(sn , sn )
.. . sn 11 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . Discrete transportation problem: π′
π s1.
ω(s1 , s1 )
s1
ω(s1 , s2 )
s2
s2
.. . sn
ω(s1 , s2 )
ω(sn , sn )
.. . sn 11 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . Discrete transportation problem: π′
π s1.
ω(s1 , s1 )
s1
ω(s1 , s2 )
s2
s2
.. . sn
ω(s1 , s2 )
ω(sn , sn )
.. . sn 11 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . .
Solution 1: Linear programming
. The Kantorovich pseudometric K(d) : ∆(S) × ∆(S) → [0, 1] is defined for a pseudometric d : S × S → [0, 1] by ∑ K(d)(π, π ′ ) = min ′ d(s, s′ ) · ω(s, s′ ) ω∈Ω(π,π )
s,s′ ∈S
′ .for π, π ∈ ∆(S). 11 / 11
Pedro R. D’Argenio1 , Daniel Gebler2 , Matias David Lee1 1
FaMAF, Universidad Nacional de Córdoba/CONICET, Argentina 2
VU University Amsterdam, The Netherlands
FoSSaCS 2014 11 April 2014
1 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
a.((b ⊕1/2 0) + (b ⊕1/2 0))
a.(b ⊕1/2 0)
?
∼
a
Spec ⊢
1/4
b+b
a
◦ 1/4
b+0
1/4
0+b
◦
1/4
1/2
0+0
b
1/2
0
Coinductive approach: Verification of bisim equivalence on induced TS
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
a.((b ⊕1/2 0) + (b ⊕1/2 0))
a.(b ⊕1/2 0)
?
∼
a
Spec ⊢
1/4
b+b
a
◦ 1/4
b+0
1/4
0+b
◦
1/4
1/2
0+0
b
1/2
0
Coinductive approach: Verification of bisim equivalence on induced TS
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
Axiom(Spec)
?
⊢ a.((b ⊕1/2 0) + (b ⊕1/2 0)) = a.(b ⊕1/2 0)
Axiomatic approach: Proof of bisim equivalence from derived ES
This talk: For any SOS specification we construct an equation system that is sound and ground complete wrt. bisimulation semantics
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
Axiom(Spec)
?
⊢ a.((b ⊕1/2 0) + (b ⊕1/2 0)) = a.(b ⊕1/2 0)
Axiomatic approach: Proof of bisim equivalence from derived ES
This talk: For any SOS specification we construct an equation system that is sound and ground complete wrt. bisimulation semantics
2 / 21
Motivation ? a.((b ⊕1/2 0) + (b ⊕1/.2 0)) ≡ a.(b ⊕1/2 0)
Axiom(Spec)
?
⊢ a.((b ⊕1/2 0) + (b ⊕1/2 0)) = a.(b ⊕1/2 0)
Axiomatic approach: Proof of bisim equivalence from derived ES
This talk: For any SOS specification we construct an equation system that is sound and ground complete wrt. bisimulation semantics
2 / 21
Probabilistic Transition Systems
A probabilistic transition system (S, A, − →) consists of a (countable) set of states S a (countable) set of actions A a transition relation → − ⊆ S × A × ∆(S) with ∆(S) the set of probability distributions over S.
3 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
Bisimulation equivalence of PTS An equivalence R ⊆ S × S is a bisimulation equivalence if s1. ∀ a π1
s2
R
a ∃ π2
R
with π1 R π2 iff π1 (C) = π2 (C) for all C ∈ S/R. p.
q.
∼
a
a
◦ 0.6
1.0
p2
p3
b
c
◦
◦
0.3 0.4
0.3
1.0
◦
q′2
q2 0.5
b
b
◦
0.4
q3 0.5
c
1.0
◦ 4 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
SOS by Example Spec
Proof a a.x − →. δ(x)
a
a
a.P − → δ(P) a
a
x− →µ
y− →ν
a.Q − → δ(Q) a
a.P +0.3 a.Q − → δ(P) ⊕0.3 δ(Q)
a
x +p y − → µ ⊕p ν
PTS
a.P
a.Q
a
a
◦
a.P +0.3 a.Q a
◦
◦
1.0
1.0
P
Q
0.3
P
0.7
Q
5 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ yi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(x1 , . . . , xr(f) ) − →t
6 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ Two sorted signature (state and distribution terms) and each state operator is also available for distributions Distribution terms are defined as smallest set including distribution variables µ ∈ Vd instantiable Dirac distributions δ(t) for state term t ⊕ ∑ θ if θ p i are distribution terms and pi ∈ (0, 1] with i∈I i i i∈I pi = 1 f(θ1 , . . . , θr(f) ) if θi are distribution terms and f ∈ Σ
6 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ Two sorted signature (state and distribution terms) and each state operator is also available for distributions Distribution terms are defined as smallest set including distribution variables µ ∈ Vd instantiable Dirac distributions δ(t) for state term t ⊕ ∑ θ if θ p i are distribution terms and pi ∈ (0, 1] with i∈I i i i∈I pi = 1 f(θ1 , . . . , θr(f) ) if θi are distribution terms and f ∈ Σ
6 / 21
From GSOS to probabilistic GSOS ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ Two sorted signature (state and distribution terms) and each state operator is also available for distributions Distribution terms are defined as smallest set including distribution variables µ ∈ Vd instantiable Dirac distributions δ(t) for state term t ⊕ ∑ θ if θ p i are distribution terms and pi ∈ (0, 1] with i∈I i i i∈I pi = 1 f(θ1 , . . . , θr(f) ) if θi are distribution terms and f ∈ Σ Distribution term f(θ1 , . . . , θr(f) ) represents the element-wise application of operator f to elements in θi , that is for closed substitution σ distribution
state term
r(f) z }| {z }| { ∏ σ(θi )(ti ) σ(f(θ1 , . . . , θr(f) ))(f(t1 , . . . , tr(f) )) = i=1 6 / 21
Parallel composition a
a
x− →µ y− →ν a
x|y− →µ|ν P.
Q a
a
◦ 0.4
◦ 0.3
0.6
P1
Q1
P2
0.7
Q2
P|Q a
0.12
P1 | Q1
◦ 0.28
P1 | Q2
0.18
P2 | Q1
0.42
P2 | Q2 7 / 21
Parallel composition a
a
x− →µ y− →ν a
x|y− →µ|ν P.
Q a
a
◦ 0.4
◦ 0.3
0.6
P1
Q1
P2
0.7
Q2
P|Q a
0.12
P1 | Q1
◦ 0.28
P1 | Q2
0.18
P2 | Q1
0.42
P2 | Q2 7 / 21
Parallel composition a
a
x− →µ y− →ν a
x|y− →µ|ν P.
Q a
a
◦ 0.4
◦ 0.3
0.6
P1
Q1
P2
0.7
Q2
P|Q a
0.12
P1 | Q1
◦ 0.28
P1 | Q2
0.18
P2 | Q1
0.42
P2 | Q2 7 / 21
Bisimilarity is a congruence for PTSS
.
Theorem (Lee, Gebler, and D’Argenio (2012, 2013, 2014))
. For any PTSS in PGSOS format strong and convex bisimilarity equivalence is a congruence. .
8 / 21
Axiomatization strategy
. Axiomatization of basic probabilistic CCS 2. Axiomatization of distinctive operators 3. Axiomatization of smooth operators 4. Axiomatization of non-smooth operators 1
9 / 21
Basic probabilistic CCS
a
a.µ − →µ
a
x− →µ a
x+y− →µ
a
y− →µ a
x+y− →µ
10 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Axiomatization of bisimilarity of bpCCS x+y=y+x (x + y) + z = x + (y + z) x+0=x x+x=x
(N3) (N4)
µ ⊕p µ = µ
(P1)
µ1 ⊕p µ2 = µ2 ⊕1−p µ1 p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p p+p µ2 ) ⊕p1 +p2 µ3 1 1
(N1) (N2)
1
(P2) (P3)
2
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 ) δ(x) + δ(y) = δ(x + y)
(NP1) (NP2) (NP3)
Theorem: ECCS is sound and ground-complete for strong bisimilarity. 11 / 21
Smooth operator A PGSOS rule is smooth if it has the form ai,m
{xi −−→ µi,m | i ∈ I, m ∈ Mi }
bj,n
{xj −−→ ̸ | j ∈ J, n ∈ Nj } a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Smooth operator A PGSOS rule is smooth if it has the form bj,n
a
i {xi −→ µi | i ∈ I} {xj −−→ ̸ | j ∈ J, n ∈ Nj }
a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Smooth operator A PGSOS rule is smooth if it has the form bj,n
a
i {xi −→ µi | i ∈ I} {xj −−→ ̸ | j ∈ J, n ∈ Nj }
a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Smooth operator A PGSOS rule is smooth if it has the form bj,n
a
i {xi −→ µi | i ∈ I} {xj −−→ ̸ | j ∈ J, n ∈ Nj }
a
f(ζ1 , . . . , ζr(f) ) − →θ and 1. I and J are disjoint sets 2. I ∪ J = {i ∈ {1, .., r(f)} | ζ ∈ V} i 3. x ̸∈ Var(θ) if i ∈ I. i Examples: a
y− →ν
a
x− →µ
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x+y− →µ
x− →µ a
a
a
a
a
y− →ν a
x+y− →ν
12 / 21
Distinctive operator A smooth operator f is distinctive if 1. each f-defining rule tests the same arguments I positively, and 2. different f-defining rules test some some argument i ∈ I positively with different action. a
Example:
Counterexample:
a
a
x− →µ y− →ν
x− →µ
a
x6y− → µ ∥ δ(y)
x|y− →µ|ν
a
a
y− →ν
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x− →µ a
a
a
13 / 21
Distinctive operator A smooth operator f is distinctive if 1. each f-defining rule tests the same arguments I positively, and 2. different f-defining rules test some some argument i ∈ I positively with different action. a
Example:
Counterexample:
a
a
x− →µ y− →ν
x− →µ
a
x6y− → µ ∥ δ(y)
x|y− →µ|ν
a
a
y− →ν
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x− →µ a
a
a
13 / 21
Distinctive operator A smooth operator f is distinctive if 1. each f-defining rule tests the same arguments I positively, and 2. different f-defining rules test some some argument i ∈ I positively with different action. a
Example:
Counterexample:
a
a
x− →µ y− →ν
x− →µ
a
x6y− → µ ∥ δ(y)
x|y− →µ|ν
a
a
y− →ν
x∥y− → µ ∥ δ(y)
x∥y− → δ(x) ∥ ν
x− →µ a
a
a
13 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Axiomatization of a smooth operator a
y− →ν
a
→ µ ∥ δ(y) x∥y−
→ δ(x) ∥ ν x∥y−
x− →µ a
a
a
x− →µ a
x6y− → µ ∥ δ(y) (x + y) 6 z = (x 6 z) + (y 6 z) x 6 (y + z) = (x 6 y) + (x 6 z) (a.µ) 6 y = a.(µ ∥ δ(y)) 06y=0 (µ1 ⊕p µ′1 ) 6 µ2 = (µ1 6 µ2 ) ⊕p (µ′1 6 µ2 ) µ1 6 (µ2 ⊕p µ′2 ) = (µ1 6 µ2 ) ⊕p (µ1 6 µ′2 ) δ(x) 6 δ(y) = δ(x 6 y) x ∥ y = (x 6 y) + (y 6 x)
(Nondet dist law 1) (Nondet dist law 2) (Action law) (Inaction law) (Prob dist law 1) (Prob dist law 2) (Dirac dist law) (Distinctive law) 14 / 21
Non-smooth operator Assume action a may fail with probability pa . Safe controller sc(t) that minimizes the probability of failure: a
x− →µ a
sc(x) − → sc(µ)
a
if pa = 0
b
x− → µ {x −→ ̸ | pb < pa } a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
if pa > 0
Operator sc(_) is not smooth.
15 / 21
Non-smooth operator Assume action a may fail with probability pa . Safe controller sc(t) that minimizes the probability of failure: a
x− →µ a
sc(x) − → sc(µ)
a
if pa = 0
b
x− → µ {x −→ ̸ | pb < pa } a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
if pa > 0
Operator sc(_) is not smooth.
15 / 21
Axiomatization of a non-smooth operator Specification of non-smooth sc(_) operator: a
x− →µ a
sc(x) − → sc(µ)
a
b
x− → µ {x −→ ̸ | pb < pa }
(pa = 0)
a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
(pa > 0)
Derived smooth operator sc(_, _) specified by: a
x− →µ a
sc(x, y) − → sc(µ)
a
b
x− → µ {y −→ ̸ | pb < pa }
(pa = 0)
a
sc(x, y) − → δ(y) ⊕pa sc(µ)
(pa > 0)
Axiomatization of sc(_) by: sc(x) = sc(x, x) together with axioms for sc(_, _). 16 / 21
Axiomatization of a non-smooth operator Specification of non-smooth sc(_) operator: a
x− →µ a
sc(x) − → sc(µ)
a
b
x− → µ {x −→ ̸ | pb < pa }
(pa = 0)
a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
(pa > 0)
Derived smooth operator sc(_, _) specified by: a
x− →µ a
sc(x, y) − → sc(µ)
a
b
x− → µ {y −→ ̸ | pb < pa }
(pa = 0)
a
sc(x, y) − → δ(y) ⊕pa sc(µ)
(pa > 0)
Axiomatization of sc(_) by: sc(x) = sc(x, x) together with axioms for sc(_, _). 16 / 21
Axiomatization of a non-smooth operator Specification of non-smooth sc(_) operator: a
x− →µ a
sc(x) − → sc(µ)
a
b
x− → µ {x −→ ̸ | pb < pa }
(pa = 0)
a
sc(x) − → δ(sc(x)) ⊕pa sc(µ)
(pa > 0)
Derived smooth operator sc(_, _) specified by: a
x− →µ a
sc(x, y) − → sc(µ)
a
b
x− → µ {y −→ ̸ | pb < pa }
(pa = 0)
a
sc(x, y) − → δ(y) ⊕pa sc(µ)
(pa > 0)
Axiomatization of sc(_) by: sc(x) = sc(x, x) together with axioms for sc(_, _). 16 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Algorithm to generate the equational theory of a PTSS Input: PTSS Pi in PGSOS format Output: PTSS Po ⊒ Pi in PGSOS format and equational theory Eo . Complete Pi s.t. it disjointly extends CCS. 2. For each non-smooth operator extend the PTSS with a smooth version and add corresponding equations .3 For each smooth non-distinctive operator extend the PTSS with the distinctive operators and add corresponding equations 4. Add all equations associated to the distinctive operators in the resulting system 1
Observation: If t ∈ Po is semantically well-founded, then there is a t ∈ T(ΣCCS ) s.t. Eo ⊢ t = t′ Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation equivalence in Po . 17 / 21
Motivation of Metrics as Behavioral Semantics
implementation
System . Specification
? ⇔
System Implementation
measurement Behavioral equivalence semantics is fragile because of: Implementation errors Measurement errors
18 / 21
Motivation of Metrics as Behavioral Semantics
implementation
System . Specification
? ⇔
System Implementation
measurement Behavioral equivalence semantics is fragile because of: Implementation errors Measurement errors
18 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
a 0.25
p2
a
◦
0.25
0.75
•
◦
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
a 0.25
p2
a
◦
0.25
0.75
•
◦
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
a 0.25
p2
a
◦
0.25
0.75
•
◦
d(p2 , q2 ) = 4ϵ
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Bisimulation Metrics between PTS A pseudometric d : S × S → [0, 1] is a bisimulation metric if s1.
d(s1 , s2 ) ≤ ϵ
s2
∀ a π1
a ∃ K(d)(π1 , π2 ) ≤ ϵ
π2
with K(d) : ∆(S) × ∆(S) → [0, 1] lifts state metric d to distributions. p.
q
d(p, q) = ϵ
a 0.25
p2
a
◦
0.25
0.75
•
◦
d(p2 , q2 ) = 4ϵ
b
0.75
•
q2 b
◦
1 − 4ϵ
◦
4ϵ
1.0
p3 c
1.0
◦
p3
•
c
1.0
◦
19 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Axiomatization of bisimulation metric 1. Lift axioms of bisimulation equivalence to bisimulation metric: d(t, x) = d(t′ , x)
where t = t′ is one of axioms N1–N4
d(θ, µ) = d(θ′ , µ)
where θ = θ′ is one of axioms NP1–NP3 or P1–P3
2. Axiomatize bisimulation inequivalence as bisimulation distance 1: d(0, a.µ + x) =1 ∑ ∑ d( ai .µi , bj .νj ) = 1 i∈I
if ∃ai .∀bj . ai ̸= bj or vica versa
j∈J
3. Axiomatization of bisimulation transfer condition: a
a
max H(K(d))({π | t − → π}, {π ′ | t′ − → π}) ≤ d(t, t′ ) a∈A
with K(_) the Kantorovich pseudometric and H(_) the Hausdorff pseudometric. Theorem: If Pi is semantically well-founded, then Eo is sound and ground-complete for strong bisimulation metric in Po . 20 / 21
Conclusion Summary Sound and ground-complete axiomatization of bisimulation equivalence and bisimulation distance for any PGSOS system Generalized SOS rules that allow ops to map into distribution sort Convex bisimilarity is a congruence for PGSOS operators Future work Axiomatization of weaker behavioral equivalences (trace and testing) Axiomatization of probabilistic choice by mean-value algebras Axiomatization of the Kantorovich operator by metric mean-value algebras and the Hausdorff operator in terms of metric semilattices
21 / 21
Conclusion Summary Sound and ground-complete axiomatization of bisimulation equivalence and bisimulation distance for any PGSOS system Generalized SOS rules that allow ops to map into distribution sort Convex bisimilarity is a congruence for PGSOS operators Future work Axiomatization of weaker behavioral equivalences (trace and testing) Axiomatization of probabilistic choice by mean-value algebras Axiomatization of the Kantorovich operator by metric mean-value algebras and the Hausdorff operator in terms of metric semilattices
21 / 21
Related work . Aceto,L., Bloom,B., Vaandrager,F.: Turning SOS Rules into Equations. LICS’92: 113-124 (1992) .2 Baeten,J., de Vink,E.: Axiomatizing GSOS with termination. JLAP. 60-61 (2004) 1
. Aceto,L., Caltais,G., Goriac,E.I., Ingólfsdóttir,A.: Axiomatizing GSOS with Predicates. SOS’11 (2011)
3
. Gazda, M., Fokkink, W.: Turning GSOS rules into equations for linear time-branching time semantics. The Computer Journal 56(1), (2013)
4
. Aceto,L., Goriac,E.I., Ingólfsdóttir,A., Mousavi,M.R., Reniers,M.A.: Exploiting algebraic laws to improve mechanized axiomatizations. CALCO’13. (2013) .6 D’Argenio, P.R., Gebler, D., and Lee, M.D. Axiomatizing Bisimulation Equivalences and Metrics from Probabilistic SOS Rules. FoSSaCS’14. (2014). 5
1 / 11
Structural Operational Semantics
.
Plotkin-style specifications .
Syntax based specification approach Inductive definition of transition relation by rules Defined transition system consists of: ▶
States are terms
▶
Transition relation is inductively derived from rules and term structure
.
2 / 11
Specification approaches PLTS s1 4 0.
s.
a
π 0. 6
s2 PGSOS [Ba02] and RTSS [LT09] describe single s. PGSOS and RTSS require ▶ ▶
a
·
0.4
s1
indexed transitions rule format constraints on sets of rules
because different rules may produce the same transition Segala GSOS [Ba04] and ntµfθ/ntµxθ { [LGD12] describe all probabilistic s1 7→ 0.4 a π with π = moves together s. s2 7→ 0.6 3 / 11
Specification approaches PLTS s1 4 0.
s.
a
π 0. 6
s2 PGSOS [Ba02] and RTSS [LT09] describe single s. PGSOS and RTSS require ▶ ▶
a
·
0.4
s1
indexed transitions rule format constraints on sets of rules
because different rules may produce the same transition Segala GSOS [Ba04] and ntµfθ/ntµxθ { [LGD12] describe all probabilistic s1 7→ 0.4 a π with π = moves together s. s2 7→ 0.6 3 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Hierarchy of congruence formats specifying PLTS . ntµfθ
tµfν single measured tµfν simple tµfν
tµfθ
single measured ntµfθ
single measured tµfθ
simple ntµfθ Segala GSOS
simple tµfθ PGSOS double testing RTSS
lookahead RTSS
(non-probabilistic) ntyft RTSS (non-probabilistic) tyft 4 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Sequential composition a
x− →µ a
x; y − → µ; δ(y) P.
Q a
a
◦ 0.4
P1
◦ 0.3
0.6
Q1
P2
0.7
Q2
P; Q a
◦ 0.4
P1 ; Q
0.6
P2 ; Q 5 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (non-probabilistic operators)
a
x− →µ
a ̸=
√
√
a
a
x; y − → µ; δ(y)
x; y − →ν a
a
y− →ν
x− →µ a
a
x+y− →µ
x+y− →ν
a
y− →µ
a
x|y− → µ | δ(y)
x|y− → δ(x) | µ
x− →µ a
a
x− →µ
a
y− →ν a
a
x −−→ µ y − →ν
a∈B
x ||B y − → µ ||B ν
a
a
x− →µ a∈ /B a
x ||B y − → µ ||B δ(y)
a
y− →µ a∈ /B a
x ||B y − → δ(x) ||B µ
6 / 11
Probabilistic PA (probabilistic operators)
a
a
a
a
x− →µ y− →ν
x− →µ y− → ̸
a
x +p y − →µ
a
x− → ̸
a
x +p y − → µ ⊕p ν
a
a
y− →ν a
x +p y − →ν
a
x− →µ y− →ν a
x |p y − → µ |p δ(y) ⊕p δ(x) |p ν a
x− →µ a
a
y− → ̸
x |p y − → µ |p δ(y)
a
a
x− → ̸
y− →ν a
x |p y − → δ(x) |p ν
7 / 11
Probabilistic PA (probabilistic operators)
a
a
a
a
x− →µ y− →ν
x− →µ y− → ̸
a
x +p y − →µ
a
x− → ̸
a
x +p y − → µ ⊕p ν
a
a
y− →ν a
x +p y − →ν
a
x− →µ y− →ν a
x |p y − → µ |p δ(y) ⊕p δ(x) |p ν a
x− →µ a
a
y− → ̸
x |p y − → µ |p δ(y)
a
a
x− → ̸
y− →ν a
x |p y − → δ(x) |p ν
7 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Motivation example revisited ECCS ⊢ (b ⊕1/2 0) + (b ⊕1/2 0) = b ⊕p 0 (b ⊕1/2 0) + (b ⊕1/2 0) = (b + (b ⊕1/2 0)) ⊕1/2 (0 + (b ⊕1/2 0)) = ((b + b) ⊕1/2 (b + 0)) ⊕1/2 (b ⊕1/2 0) = (b ⊕1/2 b) ⊕1/2 (b ⊕1/2 0) = b ⊕1/2 (b ⊕1/2 0) = b ⊕3/4 0 µ ⊕p µ = µ p2 µ1 ⊕p1 (µ2 ⊕ 1−p µ3 ) = (µ1 ⊕ p 1
p1 1 +p2
µ2 ) ⊕p1 +p2 µ3
(µ1 ⊕p µ2 ) + µ3 = (µ1 + µ3 ) ⊕p (µ2 + µ3 ) µ1 + (µ2 ⊕p µ3 ) = (µ1 + µ2 ) ⊕p (µ1 + µ3 )
(P1) (P3) (NP1) (NP2)
8 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Axiomatization of a non-smooth operator a
x− →µ a
→ sc(µ) sc(x, y) −
a
(pa = 0)
b
x− → µ {y −→ ̸ | pb < pa } a
→ δ(y) ⊕pa sc(µ) sc(x, y) −
(pa > 0)
sc(x) = sc(x, x) sc(x1 + x2 , y) = sc(x1 , y) + sc(x2 , y) sc(a.µ, ∂H1 (x)) = a.(δ(∂H1 (x)) ⊕pa sc(µ)) sc(a.µ, y) = a.sc(µ) sc(a.µ, b.ν + y) = 0
if pa > 0, H = {b | pb < pa } if pa = 0 if pb < pa
sc(0, y) = 0 sc(µ1 ⊕p µ2 , ν) = sc(µ1 , ν) ⊕p sc(µ2 , ν) sc(µ, ν1 ⊕p ν2 ) = sc(µ, ν1 ) ⊕p sc(µ, ν2 ) sc(δ(x), δ(y)) = δ(sc(x, y)) sc(δ(x), δ(y)) = δ(sc(x, y)) 9 / 11
Perturbation of probabilities and bisimulation equivalence
p.
q.
̸∼
a
a
◦ 0.6
p2 1.0
b
◦
◦ 0.6 − ϵ
0.4
p3 c
q2 1.0
◦
1.0
b
◦
0.4 + ϵ
q3 c
1.0
◦
10 / 11
Perturbation of probabilities and bisimulation equivalence
p.
q.
̸∼
a
a
◦ 0.6
p2 1.0
b
◦
◦ 0.6 − ϵ
0.4
p3 c
q2 1.0
◦
1.0
b
◦
0.4 + ϵ
q3 c
1.0
◦
10 / 11
Perturbation of probabilities and bisimulation equivalence
p.
q.
d(p, q) = ϵ
a
a
◦ 0.6
p2 1.0
b
◦
◦ 0.6 − ϵ
0.4
p3 c
q2 1.0
◦
1.0
b
◦
0.4 + ϵ
q3 c
1.0
◦
10 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . Discrete transportation problem: π′
π s1.
ω(s1 , s1 )
s1
ω(s1 , s2 )
s2
s2
.. . sn
ω(s1 , s2 )
ω(sn , sn )
.. . sn 11 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . Discrete transportation problem: π′
π s1.
ω(s1 , s1 )
s1
ω(s1 , s2 )
s2
s2
.. . sn
ω(s1 , s2 )
ω(sn , sn )
.. . sn 11 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . Discrete transportation problem: π′
π s1.
ω(s1 , s1 )
s1
ω(s1 , s2 )
s2
s2
.. . sn
ω(s1 , s2 )
ω(sn , sn )
.. . sn 11 / 11
Lifting of state metrics to distribution metrics Problem: Given d : S × S → [0, 1] what is an adequate lifted metric ˆ : ∆(S) × ∆(S) → [0, 1]? d . Definition . A matching ω ∈ ∆(S × S) for (π, π ′ ) ∈ ∆(S) × ∆(S) satisfies: ∑ ω(s, s′ ) = π(s) for all s ∈ S, and ′ ∑s ∈S ′ ′ ′ ′ s∈S ω(s, s ) = π (s ) for all s ∈ S. . .
Solution 1: Linear programming
. The Kantorovich pseudometric K(d) : ∆(S) × ∆(S) → [0, 1] is defined for a pseudometric d : S × S → [0, 1] by ∑ K(d)(π, π ′ ) = min ′ d(s, s′ ) · ω(s, s′ ) ω∈Ω(π,π )
s,s′ ∈S
′ .for π, π ∈ ∆(S). 11 / 11
