Bisimulation by Unification

UIUC, 21 Oct. 2002 Bisimulation by Unification Roberto Bruni (Pisa – Illinois) Paolo Baldan (Pisa – Venezia) Andrea Bracciali (Pisa) • Research supported by • University of Illinois • CNR Fellowship on Information Sciences and Technologies • IST Programme on FET-GC Projects AGILE, MYTHS, SOCS

Outline • Introduction & Motivation • Running Example (toy PC with ambients) • Symbolic Bisimulation • Symbolic Transition Systems • Strict & Large Bisimilarity • Bisimulation by Unification • Conclusions • (Related Work & Future Work)

“Goal” Sound methodology for the formal analysis of open systems • Algebraic Representations of Processes • Up-To Abstract Equivalences • Process Calculi + Bisimilarity • Closed Terms = Components • Contexts = Coordinators • Compact (Symbolic) Transition Systems

Open Systems are… Interactive, Autonomous, Accessible via Interfaces, Dynamic, Programmable, … Ex. Web Services, WAN Computing, Mobile Code p q C[X1,X2,X3] r Components Coordinators

Interaction Components can be dynamically connected Ex. Access to Network Services (Typed) Holes: constrained dynamic binding C[p,q,r] Boundaries: access policies

Let’s Get Formal Process Calculi “Ingredients” • Structure (,E): Signature + Structural Axioms • Operational Semantics (SOS, LTS/RS) • Linguistic abstraction for holes and binding • Variables & Substitutions • Logic for expressing and proving properties • Specification & Verification Mostly devised for components!

Abstraction Equivalence on Components: p  q • Bisimulation, Traces, May/Must Testing Equivalence on Coordinators • C[X] univ D[X] iff p. C[p]  D[p] (for simplicity, we consider one-holed contexts in most slides) • needs universal quantification

 a.b+a.c a.(b+c) a a a b c b+c b c b c 0 0 0 0 Bisimulation Focus on Bisimilarity (largest bisimulation): p  q • if p –a p’ then  q –a q’ with p’  q’ • (and vice versa)

Coordinators a1 a1 D[X] C[X] an an Graphically Components p1 q1 a1 a1 p q an an pn qn

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R Example: Ambients + Asynchronous CCS com. p ::= 0 | a’ | a.p | n[p] | open n.p | in n.p | out n.p | p|p (Assume AC1 parallel composition)

In Maude Notation I fmod CCSAmb is protecting MACHINE-INT . sorts Act Amb Proc . op n : MachineInt -> Amb . op a : MachineInt -> Act . op 0 : -> Proc . op _^ : Act -> Proc [frozen] . op _._ : Act Proc -> Proc [frozen] . op _[_] : Amb Proc -> Proc . op open(_)._ : Amb Proc -> Proc [frozen] . op in(_)._ : Amb Proc -> Proc [frozen] . op out(_)._ : Amb Proc -> Proc [frozen] . op _|_ : Proc Proc -> Proc [assoc comm id:0] .

In Maude Notation II vars N M : Amb . vars P Q R : Proc . vars A : Act . rl (N[P]) | (open(N) . Q) => P | Q . rl (N[P]) | (M[(in(N) . Q) | R]) => N[P | (M[Q | R])] . rl N[(P | (M[(out(N) . Q) | R]))] => (N[P]) | (M[(Q | R)]) . rl N[(A . P) | (A ^) | Q] => N[P | Q] . endfm

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Components n[a.0|a’]- n[0] -/ ? m[b.0|b’]- m[0] -/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Components n[a.0|a’]- n[0]-/ ? m[b.0|b’]- m[0] -/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Components n[a.0|a’] - n[0]-/ ? m[b.0|b’]- m[0]-/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Components n[a.0|a’] - n[0] -/ ? m[b.0|b’] - m[0]-/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Components n[a.0|a’] - n[0] -/ ? m[b.0|b’] - m[0] -/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Components n[a.0|a’] - n[0] -/ ?  m[b.0|b’] - m[0] -/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Problem on Coordinators n[X] ? m[X]

Symbolic Approach Bisimulation Without Instantiation • Facilitate analysis & verification of coordinators’ properties Distinguishing Features • Symbolic LTS • states are coordinators • labels are spatial/modal formulae • Avoids universal closure • Allows for coalgebraic techniques • Constructive definition for Algebraic SOS • (In general yields equivalences finer than univ )

Notation We start from a PC specified by • Syntax & Structural Equivalence: (,E) • T,E is the set of Components p,q,r… • T,E(X) is the set of Coordinators C[X], D[X],… • C[X1,…,Xn] means var(C)  {X1,…,Xn} • Labels: ranged by a,b,… • LTS:L(defined on T,E & ) • possibly defined by SOS rules

Symbolic Transition Systems Ordinary SOS approach: • Behavior of a coordinator can depend on: • The spatial structure of the components that are inserted/connected/substituted • The behavior of those components Idea: to borrow formulae from a suitable “logic” to express the most general class of components that can take part in the coordinators’ evolution

What Logic Do We Need? Formulae must express the minimal amount of information on components for enabling the step: • Components that are not playing active role in the step • “Most general” active components needed for the step • Assumptions not only on the structure of components, but also on their behavior Logic L must include, as atomic formulae: • Place-holders (process variables) X: q╞ X • Components p: q╞ p iff q Ep

Symbolic Transitions Coordinators C[X] –(Y)a D[Y] intuitively: whenever p╞(q), then C[p] –a D[q] ( q is to some extent the residual of p after satisfying  ) Formula Ordinary label

p╞(q) Correctness STS C[X] –(Y)a D[Y] C[p] –a D[q] pi,qi. pi╞(qi) C[p1] –a D[q1] C[p2] –a D[q2] LTS L C[pn] –a D[qn] components that can make a

Completeness r EC[p] –a q LTS L  ,s. C[X] –(Y)a D[Y] STS with p╞(s) and q  D[s]

Strict Bisimilarity Strict Bisimilarity: largest (strict) bisimulation s.t. C[X] –(Y)a C’[Y] strictstrict D[X] –(Y)a D’[Y] THEOREM: If the STS is correct & complete, then strict univ

Strict Bisimilarity Strict Bisimilarity: largest (strict) bisimulation s.t. C[X] –(Y)a C’[Y] strict strict D[X] –(Y)a D’[Y] THEOREM: If the STS is correct & complete, then strict univ

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R Back to the Open Problem n[X] –Y|k[out n.Z|W]] n[Y]|k[Z|W] strict? m[X]

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R Back to the Open Problem n[X] –Y|k[out n.Z|W]]n[Y]|k[Z|W] strict? m[X]–Y|k[out n.Z|W]] -/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R Back to the Open Problem n[X] –Y|k[out n.Z|W]]n[Y]|k[Z|W] strict m[X]–Y|k[out n.Z|W]] -/

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R Back to the Open Problem n[X] univ m[X] (take X = k[out n.0])

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Last Problem n[m[out n.X]] –Y n[0]|m[0] strict? n[0]|m[a’|a.X] –Y n[0]|m[0]

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Last Problem n[m[out n.X]] –Y n[0]|m[Y] strict n[0]|m[a’|a.X] –Y n[0]|m[Y]

n[P]|open n.Q  P|Q n[P]|m[in n.Q|R]  n[P|m[Q|R]] n[P|m[out n.Q|R]]  n[P]|m[Q|R] n[a.P|a’|Q]  n[P|Q] P  Q P  Q n[P]  n[Q] P|R  Q|R A Last Problem n[m[out n.X]] strict n[0]|m[a’|a.X] n[m[out n.X]] univ n[0]|m[a’|a.X] 

Large Bisimilarity What if strictis too fine? We can relax the strict bisimilarity when the logic L includes generic spatial formulae: • Operators f: • q╞ f(1,…,n) iff qi. q E f(q1,…,qn)  qi╞i We call spatial formulae those composed by spatial operators and place-holders only • Ambivalent view of Spatial Formulae as Coordinators

Large Bisimilarity Large Bisimilarity: largest (large) bisimulation s.t. C[X] –(Y)a C’[Y] large D’[(Y)] large D[X] –(Z)a D’[Z] (Y) = ((Y)) (Y) spatial THEOREM: If the STS is correct & complete, then large univ

Large Bisimilarity Large Bisimilarity: largest (large) bisimulation s.t. C[X] –(Y)a C’[Y] large D’[(Y)] large D[X] –(Z)a D’[Z] (Y) = ((Y)) (Y) spatial THEOREM: strict large If the STS is correct & complete, then large univ

Why Use strict & large • As an approximation method for univ • univ is not defined coinductively • univ requires the verification of infinitely many equivalences • Bonus Theorems: • C[X] large D[X] implies C[E[Y]] univ D[E[Y]] • C[X] strict D[X] implies C[E[Y]] univ D[E[Y]] • Note that in general large is not transitive • Bonus Theorem: • if C[X] large D[X] implies C[E[Y]] large D[E[Y]], then large is transitive and thus it is an equivalence relation

Bisimulation by Unification Algebraic SOS Format (spatial/modal constraints) (Yi is either Xi (if iI) or Zi (if iI)) Formulae:  ::= X | p | a. | f(,…,) • Modality a: q╞a. iff q –a p  p ╞ {Xi –ai Zi}iI C[X1,…,Xn] –a D[Y1,…,Yn]

The Prolog Algorithm trs( box(A,X) , A , X ) :- !. trs( C[X1,…,Xn],a,D[Y1,…,Yn] ) :- trs(Xi1 , ai1 , Zi1), … , trs(Xin , ain , Zin). The program can be seen as the specification of the STS • Goals have the form ?- trs(C[X1,…,Xn], a , Z). • Backtracking mechanism + meta-logic ops (bagof) can be used to compute all symbolic transitions for C[X] THEOREM: The resulting STS is correct & complete

Conclusions • General formal framework for open systems • Meta-theoretic foundations • Under suitable hypothesis: • strict implies large implies univ • For the Algebraic SOS format, a minimal STS can be defined constructively in Prolog • cut + unification • extension to AC1 parallel operator (see paper)

Bisimulation by Unification

Bisimulation by Unification

Presentation Transcript

Unification Update

Unification

German Unification

Italian Unification

Italian Unification

Italian Unification

German Unification

GERMAN UNIFICATION

Unification algorithm

Unification

Global Unification

German Unification

Unification:

Unification Grammars

Unification

Unification

National Unification

Unification

German Unification

Unification

ITALIAN UNIFICATION

German Unification