Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Modelling, Specification and Verification of
Reactive Systems
Strong and Weak Bisimulation Equivalence
Behavioural equivalences
Strong bisimilarity and bisimulation games
Properties of strong bisimilarity
Ditto for weak bisimilarity
Example: a communication protocol and its modelling in CCS
Concurrency workbench (CWB)
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Behavioural Equivalence
Specification
Implementation
def
CM = coin.coffee.CM
def
Spec = pub.Spec
def
CS = pub.coin.coffee.CS
def
Uni = (CM | CS)r{coin, coffee}
Question
Are the processes Uni and Spec “behaviourally equivalent”?
Uni ≡ Spec
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Behavioural Equivalence
Specification
Implementation
def
CM = coin.coffee.CM
def
Spec = pub.Spec
def
CS = pub.coin.coffee.CS
def
Uni = (CM | CS)r{coin, coffee}
Question
Are the processes Uni and Spec “behaviourally equivalent”?
Uni ≡ Spec
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Behavioural Equivalence
Specification
Implementation
def
CM = coin.coffee.CM
def
Spec = pub.Spec
def
CS = pub.coin.coffee.CS
def
Uni = (CM | CS)r{coin, coffee}
Question
Are the processes Uni and Spec “behaviourally equivalent”?
Uni ≡ Spec
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Goals
What should a reasonable behavioural equivalence satisfy?
Abstract from states (consider only the behaviour – actions)
Abstract from nondeterminism
Abstract from internal behaviour
What else should a reasonable behavioural equivalence satisfy?
Reflexivity: P ≡ P for each process P
Transitivity: Spec0 ≡ Spec1 ≡ Spec2 ≡ · · · ≡ Impl gives that
Spec0 ≡ Impl
Symmetry: P ≡ Q iff Q ≡ P
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Goals
What should a reasonable behavioural equivalence satisfy?
Abstract from states (consider only the behaviour – actions)
Abstract from nondeterminism
Abstract from internal behaviour
What else should a reasonable behavioural equivalence satisfy?
Reflexivity: P ≡ P for each process P
Transitivity: Spec0 ≡ Spec1 ≡ Spec2 ≡ · · · ≡ Impl gives that
Spec0 ≡ Impl
Symmetry: P ≡ Q iff Q ≡ P
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Congruence
P
C
Q
C
C (P)
C (Q)
Congruence Property
P ≡ Q implies that C (P) ≡ C (Q)
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Congruence
P
C
Q
C
C (P)
C (Q)
Congruence Property
P ≡ Q implies that C (P) ≡ C (Q)
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Trace Equivalence
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS.
Trace Set for s ∈ Proc
w
Traces(s) = {w ∈ Act ∗ | ∃s 0 ∈ Proc. s −→ s 0 }
Let s ∈ Proc and t ∈ Proc.
Trace Equivalence
We say that s and t are trace equivalent (s ≡t t) if and only if
Traces(s) = Traces(t)
Is this a “good” behavioural equivalence?
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Intuition
Requirements
Trace Equivalence
Trace Equivalence
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS.
Trace Set for s ∈ Proc
w
Traces(s) = {w ∈ Act ∗ | ∃s 0 ∈ Proc. s −→ s 0 }
Let s ∈ Proc and t ∈ Proc.
Trace Equivalence
We say that s and t are trace equivalent (s ≡t t) if and only if
Traces(s) = Traces(t)
Is this a “good” behavioural equivalence?
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Black-Box Experiments
Experiment in A
Experiment in B
Experiment in B
coin tea coffee
coin tea coffee
coin tea coffee
press coin
press coin
press coin
coin tea coffee
coin tea coffee
coin tea
coffee
Main Idea
Two processes are behaviorally equivalent if and only if an external
observer cannot tell them apart.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Black-Box Experiments
Experiment in A
Experiment in B
Experiment in B
coin tea coffee
coin tea coffee
coin tea coffee
press coin
press coin
press coin
coin tea coffee
coin tea coffee
coin tea
coffee
Main Idea
Two processes are behaviorally equivalent if and only if an external
observer cannot tell them apart.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Black-Box Experiments
Experiment in A
Experiment in B
Experiment in B
coin tea coffee
coin tea coffee
coin tea coffee
press coin
press coin
press coin
coin tea coffee
coin tea coffee
coin tea
coffee
Main Idea
Two processes are behaviorally equivalent if and only if an external
observer cannot tell them apart.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Black-Box Experiments
Experiment in A
Experiment in B
Experiment in B
coin tea coffee
coin tea coffee
coin tea coffee
press coin
press coin
press coin
coin tea coffee
coin tea coffee
coin tea
coffee
Main Idea
Two processes are behaviorally equivalent if and only if an external
observer cannot tell them apart.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Black-Box Experiments
Experiment in A
Experiment in B
Experiment in B
coin tea coffee
coin tea coffee
coin tea coffee
press coin
press coin
press coin
coin tea coffee
coin tea coffee
coin tea
coffee
Main Idea
Two processes are behaviorally equivalent if and only if an external
observer cannot tell them apart.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Strong Bisimilarity
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS.
Strong Bisimulation
A binary relation R ⊆ Proc × Proc is a strong bisimulation iff
whenever (s, t) ∈ R then for each a ∈ Act:
a
a
a
a
if s −→ s 0 then t −→ t 0 for some t 0 such that (s 0 , t 0 ) ∈ R
if t −→ t 0 then s −→ s 0 for some s 0 such that (s 0 , t 0 ) ∈ R.
Strong Bisimilarity
Two processes p1 , p2 ∈ Proc are strongly bisimilar (p1 ∼ p2 ) if and
only if there exists a strong bisimulation R such that (p1 , p2 ) ∈ R.
[
∼=
{R | R is a strong bisimulation}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Strong Bisimilarity
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS.
Strong Bisimulation
A binary relation R ⊆ Proc × Proc is a strong bisimulation iff
whenever (s, t) ∈ R then for each a ∈ Act:
a
a
a
a
if s −→ s 0 then t −→ t 0 for some t 0 such that (s 0 , t 0 ) ∈ R
if t −→ t 0 then s −→ s 0 for some s 0 such that (s 0 , t 0 ) ∈ R.
Strong Bisimilarity
Two processes p1 , p2 ∈ Proc are strongly bisimilar (p1 ∼ p2 ) if and
only if there exists a strong bisimulation R such that (p1 , p2 ) ∈ R.
[
∼=
{R | R is a strong bisimulation}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Basic Properties of Strong Bisimilarity
Theorem
∼ is an equivalence relation (reflexive, symmetric and transitive)
Theorem
∼ is the largest strong bisimulation
Theorem
s ∼ t if and only if for each a ∈ Act:
a
a
a
a
if s −→ s 0 then t −→ t 0 for some t 0 such that s 0 ∼ t 0
if t −→ t 0 then s −→ s 0 for some s 0 such that s 0 ∼ t 0 .
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Basic Properties of Strong Bisimilarity
Theorem
∼ is an equivalence relation (reflexive, symmetric and transitive)
Theorem
∼ is the largest strong bisimulation
Theorem
s ∼ t if and only if for each a ∈ Act:
a
a
a
a
if s −→ s 0 then t −→ t 0 for some t 0 such that s 0 ∼ t 0
if t −→ t 0 then s −→ s 0 for some s 0 such that s 0 ∼ t 0 .
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Basic Properties of Strong Bisimilarity
Theorem
∼ is an equivalence relation (reflexive, symmetric and transitive)
Theorem
∼ is the largest strong bisimulation
Theorem
s ∼ t if and only if for each a ∈ Act:
a
a
a
a
if s −→ s 0 then t −→ t 0 for some t 0 such that s 0 ∼ t 0
if t −→ t 0 then s −→ s 0 for some s 0 such that s 0 ∼ t 0 .
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
How to Show Nonbisimilarity?
s
s2
s1
w GG c
ww
w
{w
b
a
GG
G#
t1
b
s3
t3
t GG
GGa
a www
GG
w
w
{w
#
t2
c
t4
To prove that s 6∼ t:
Enumerate all binary relations and show that none of them at
the same time contains (s, t) and is a strong bisimulation.
2
(Expensive: 2|Proc| relations.)
Make certain observations which enable us to disqualify many
bisimulation candidates in one step.
Use the game characterization of strong bisimilarity.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
How to Show Nonbisimilarity?
s
s2
s1
w GG c
ww
w
{w
b
a
GG
G#
t1
b
s3
t3
t GG
GGa
a www
GG
w
w
{w
#
t2
c
t4
To prove that s 6∼ t:
Enumerate all binary relations and show that none of them at
the same time contains (s, t) and is a strong bisimulation.
2
(Expensive: 2|Proc| relations.)
Make certain observations which enable us to disqualify many
bisimulation candidates in one step.
Use the game characterization of strong bisimilarity.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
How to Show Nonbisimilarity?
s
s2
s1
w GG c
ww
w
{w
b
a
GG
G#
t1
b
s3
t3
t GG
GGa
a www
GG
w
w
{w
#
t2
c
t4
To prove that s 6∼ t:
Enumerate all binary relations and show that none of them at
the same time contains (s, t) and is a strong bisimulation.
2
(Expensive: 2|Proc| relations.)
Make certain observations which enable us to disqualify many
bisimulation candidates in one step.
Use the game characterization of strong bisimilarity.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
How to Show Nonbisimilarity?
s
s2
s1
w GG c
ww
w
{w
b
a
GG
G#
t1
b
s3
t3
t GG
GGa
a www
GG
w
w
{w
#
t2
c
t4
To prove that s 6∼ t:
Enumerate all binary relations and show that none of them at
the same time contains (s, t) and is a strong bisimulation.
2
(Expensive: 2|Proc| relations.)
Make certain observations which enable us to disqualify many
bisimulation candidates in one step.
Use the game characterization of strong bisimilarity.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Strong Bisimulation Game
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS and s, t ∈ Proc.
We define a two-player game of an ‘attacker’ and a ‘defender’
starting from s and t.
The game is played in rounds, and configurations of the game
are pairs of states from Proc × Proc.
In every round exactly one configuration is called current.
Initially the configuration (s, t) is the current one.
Intuition
The defender wants to show that s and t are strongly bisimilar
while the attacker aims at proving the opposite.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Strong Bisimulation Game
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS and s, t ∈ Proc.
We define a two-player game of an ‘attacker’ and a ‘defender’
starting from s and t.
The game is played in rounds, and configurations of the game
are pairs of states from Proc × Proc.
In every round exactly one configuration is called current.
Initially the configuration (s, t) is the current one.
Intuition
The defender wants to show that s and t are strongly bisimilar
while the attacker aims at proving the opposite.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Rules of the Bisimulation Games
Game Rules
In each round the players change the current configuration as
follows:
1
the attacker chooses one of the processes in the current
a
configuration and makes an −→-move for some a ∈ Act, and
2
the defender must respond by making an −→-move in the
other process under the same action a.
a
The newly reached pair of processes becomes the current
configuration. The game then continues by another round.
Result of the Game
If one player cannot move, the other player wins.
If the game is infinite, the defender wins.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Rules of the Bisimulation Games
Game Rules
In each round the players change the current configuration as
follows:
1
the attacker chooses one of the processes in the current
a
configuration and makes an −→-move for some a ∈ Act, and
2
the defender must respond by making an −→-move in the
other process under the same action a.
a
The newly reached pair of processes becomes the current
configuration. The game then continues by another round.
Result of the Game
If one player cannot move, the other player wins.
If the game is infinite, the defender wins.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Game Characterization of Strong Bisimilarity
Theorem
States s and t are strongly bisimilar if and only if the defender
has a universal winning strategy starting from the
configuration (s, t).
States s and t are not strongly bisimilar if and only if the
attacker has a universal winning strategy starting from the
configuration (s, t).
Remark
The bisimulation game can be used to prove both bisimilarity and
nonbisimilarity of two processes. It very often provides elegant
arguments for the negative case.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Game Characterization of Strong Bisimilarity
Theorem
States s and t are strongly bisimilar if and only if the defender
has a universal winning strategy starting from the
configuration (s, t).
States s and t are not strongly bisimilar if and only if the
attacker has a universal winning strategy starting from the
configuration (s, t).
Remark
The bisimulation game can be used to prove both bisimilarity and
nonbisimilarity of two processes. It very often provides elegant
arguments for the negative case.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Strong Bisimilarity is a Congruence for CCS Operations
Theorem
Let P and Q be CCS processes such that P ∼ Q. Then
α.P ∼ α.Q for each action α ∈ Act
P + R ∼ Q + R and R + P ∼ R + Q for each CCS process R
P | R ∼ Q | R and R | P ∼ R | Q for each CCS process R
P[f ] ∼ Q[f ] for each relabelling function f
P \ L ∼ Q \ L for each set of labels L.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Motivation
Definition
Bisimulation Games
Properties
Other Properties of Strong Bisimilarity
The Following Properties Hold for all CCS Processes P, Q, R
P +Q ∼Q +P
P |Q ∼ Q |P
P + Nil ∼ P
P | Nil ∼ P
(P + Q) + R ∼ P + (Q + R)
(P | Q) | R ∼ P | (Q | R)
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Problems with Internal Actions
Question
Does a.τ.Nil ∼ a.Nil hold?
NO!
Problem
Strong bisimilarity does not abstract away from τ actions.
Example: SmUni 6∼ Spec
SmUni
6∼
SpecW
pub
(CM | CS1 ) r {coin, coffee}
τ
pub
l
(CM1 | CS2 ) r {coin, coffee}
pub
τ
(CM | CS) r {coin, coffee}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Problems with Internal Actions
Question
Does a.τ.Nil ∼ a.Nil hold?
NO!
Problem
Strong bisimilarity does not abstract away from τ actions.
Example: SmUni 6∼ Spec
SmUni
6∼
SpecW
pub
(CM | CS1 ) r {coin, coffee}
τ
pub
l
(CM1 | CS2 ) r {coin, coffee}
pub
τ
(CM | CS) r {coin, coffee}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Problems with Internal Actions
Question
Does a.τ.Nil ∼ a.Nil hold?
NO!
Problem
Strong bisimilarity does not abstract away from τ actions.
Example: SmUni 6∼ Spec
SmUni
6∼
SpecW
pub
(CM | CS1 ) r {coin, coffee}
τ
pub
l
(CM1 | CS2 ) r {coin, coffee}
pub
τ
(CM | CS) r {coin, coffee}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Problems with Internal Actions
Question
Does a.τ.Nil ∼ a.Nil hold?
NO!
Problem
Strong bisimilarity does not abstract away from τ actions.
Example: SmUni 6∼ Spec
SmUni
6∼
SpecW
pub
(CM | CS1 ) r {coin, coffee}
τ
pub
l
(CM1 | CS2 ) r {coin, coffee}
pub
τ
(CM | CS) r {coin, coffee}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Transition Relation
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS such that τ ∈ Act.
Definition of Weak Transition Relation
(
a
=⇒ =
τ
a
τ
(−→)∗ ◦ −→ ◦(−→)∗
τ
(−→)∗
if a 6= τ
if a = τ
a
What does s =⇒ t informally mean?
a
If a 6= τ then s =⇒ t means that
from s we can get to t by doing zero or more τ actions,
followed by the action a, followed by zero or more τ actions.
τ
If a = τ then s =⇒ t means that
from s we can get to t by doing zero or more τ actions.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Transition Relation
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS such that τ ∈ Act.
Definition of Weak Transition Relation
(
a
=⇒ =
τ
a
τ
(−→)∗ ◦ −→ ◦(−→)∗
τ
(−→)∗
if a 6= τ
if a = τ
a
What does s =⇒ t informally mean?
a
If a 6= τ then s =⇒ t means that
from s we can get to t by doing zero or more τ actions,
followed by the action a, followed by zero or more τ actions.
τ
If a = τ then s =⇒ t means that
from s we can get to t by doing zero or more τ actions.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Bisimilarity
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS such that τ ∈ Act.
Weak Bisimulation
A binary relation R ⊆ Proc × Proc is a weak bisimulation iff
whenever (s, t) ∈ R then for each a ∈ Act (including τ ):
a
a
a
a
if s −→ s 0 then t =⇒ t 0 for some t 0 such that (s 0 , t 0 ) ∈ R
if t −→ t 0 then s =⇒ s 0 for some s 0 such that (s 0 , t 0 ) ∈ R.
Weak Bisimilarity
Two processes p1 , p2 ∈ Proc are weakly bisimilar (p1 ≈ p2 ) if and
only if there exists a weak bisimulation R such that (p1 , p2 ) ∈ R.
≈ = ∪{R | R is a weak bisimulation}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Bisimilarity
a
Let (Proc, Act, {−→| a ∈ Act}) be an LTS such that τ ∈ Act.
Weak Bisimulation
A binary relation R ⊆ Proc × Proc is a weak bisimulation iff
whenever (s, t) ∈ R then for each a ∈ Act (including τ ):
a
a
a
a
if s −→ s 0 then t =⇒ t 0 for some t 0 such that (s 0 , t 0 ) ∈ R
if t −→ t 0 then s =⇒ s 0 for some s 0 such that (s 0 , t 0 ) ∈ R.
Weak Bisimilarity
Two processes p1 , p2 ∈ Proc are weakly bisimilar (p1 ≈ p2 ) if and
only if there exists a weak bisimulation R such that (p1 , p2 ) ∈ R.
≈ = ∪{R | R is a weak bisimulation}
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Bisimulation Game
Definition
All the same except that
a
defender can now answer using =⇒ moves.
a
The attacker is still using only −→ moves.
Theorem
States s and t are weakly bisimilar if and only if the defender
has a universal winning strategy starting from the
configuration (s, t).
States s and t are not weakly bisimilar if and only if the
attacker has a universal winning strategy starting from the
configuration (s, t).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Bisimulation Game
Definition
All the same except that
a
defender can now answer using =⇒ moves.
a
The attacker is still using only −→ moves.
Theorem
States s and t are weakly bisimilar if and only if the defender
has a universal winning strategy starting from the
configuration (s, t).
States s and t are not weakly bisimilar if and only if the
attacker has a universal winning strategy starting from the
configuration (s, t).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definitions
Weak Bisimulation Game
Properties of Weak Bisimilarity
Weak Bisimilarity – Properties
Properties of ≈
an equivalence relation
the largest weak bisimulation
validates lots of natural laws, e.g.
a.τ.P ≈ a.P
P + τ.P ≈ τ.P
a.(P + τ.Q) ≈ a.(P + τ.Q) + a.Q
P +Q ≈Q +P
P|Q ≈ Q|P
P + Nil ≈ P
...
strong bisimilarity is included in weak bisimilarity (∼ ⊆ ≈)
abstracts from τ loops
τ
% • NNNa
NNN
&
≈
•
Strong and Weak Bisimulation Equivalence
• NNNa
NNN
&
•
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Case Study: Communication Protocol
'$
'$
ack
r Rec r del
acc r Send r
rH
YH
error
&%
&%
'$
r
r
Hr
*
HH
HH
send jr Med r trans
&%
Send
Sending
Wait
def
=
def
=
def
=
acc.Sending
Rec
send.Wait
Del
ack.Send + error.Sending
Med
Med0
Err
def
=
def
=
def
=
Ack
def
=
def
=
def
=
trans.Del
del.Ack
ack.Rec
send.Med0
τ.Err + trans.Med
error.Med
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Case Study: Communication Protocol
'$
'$
ack
r Rec r del
acc r Send r
rH
YH
error
&%
&%
'$
r
r
Hr
*
HH
HH
send jr Med r trans
&%
Send
Sending
Wait
def
=
def
=
def
=
acc.Sending
Rec
send.Wait
Del
ack.Send + error.Sending
Med
Med0
Err
def
=
def
=
def
=
Ack
def
=
def
=
def
=
trans.Del
del.Ack
ack.Rec
send.Med0
τ.Err + trans.Med
error.Med
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Verification Question
def
Impl = (Send | Med | Rec) r {send, trans, ack, error}
def
Spec = acc.del.Spec
Question
?
Impl ≈ Spec
1
Draw the LTS of Impl and Spec and prove (by hand) the
equivalence.
2
Use Concurrency WorkBench (CWB).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Verification Question
def
Impl = (Send | Med | Rec) r {send, trans, ack, error}
def
Spec = acc.del.Spec
Question
?
Impl ≈ Spec
1
Draw the LTS of Impl and Spec and prove (by hand) the
equivalence.
2
Use Concurrency WorkBench (CWB).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Verification Question
def
Impl = (Send | Med | Rec) r {send, trans, ack, error}
def
Spec = acc.del.Spec
Question
?
Impl ≈ Spec
1
Draw the LTS of Impl and Spec and prove (by hand) the
equivalence.
2
Use Concurrency WorkBench (CWB).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Verification Question
def
Impl = (Send | Med | Rec) r {send, trans, ack, error}
def
Spec = acc.del.Spec
Question
?
Impl ≈ Spec
1
Draw the LTS of Impl and Spec and prove (by hand) the
equivalence.
2
Use Concurrency WorkBench (CWB).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
Verification Question
def
Impl = (Send | Med | Rec) r {send, trans, ack, error}
def
Spec = acc.del.Spec
Question
?
Impl ≈ Spec
1
Draw the LTS of Impl and Spec and prove (by hand) the
equivalence.
2
Use Concurrency WorkBench (CWB).
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
CCS Expressions in CWB
CCS Definitions
def
Med = send.Med0
def
Med0 = τ.Err + trans.Med
def
Err = error.Med
..
.
def
Impl = (Send | Med | Rec) r
{send, trans, ack, error}
def
Spec = acc.del.Spec
CWB Program (protocol.cwb)
agent Med = send.Med’;
agent Med’ = (tau.Err + ’trans.Med);
agent Err = ’error.Med;
..
.
set L = {send, trans, ack, error};
agent Impl = (Send | Med | Rec) r L;
agent Spec = acc.’del.Spec;
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Definition of the Protocol
Concurrency Workbench
Example Sessions in CWB
CWB Session
[luca@vel5638 CWB]$ ./xccscwb.x86-linux
> help;
> input "protocol.cwb";
> vs(5,Impl);
> sim(Spec);
> eq(Spec,Impl);
** weak bisimilarity **
> strongeq(Spec,Impl);
** strong bisimilarity **
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Is Weak Bisimilarity a Congruence for CCS?
Theorem
Let P and Q be CCS processes such that P ≈ Q. Then
α.P ≈ α.Q for each action α ∈ Act
P | R ≈ Q | R and R | P ≈ R | Q for each CCS process R
P[f ] ≈ Q[f ] for each relabelling function f
P \ L ≈ Q \ L for each set of labels L.
What about choice?
τ.a.Nil ≈ a.Nil
but
τ.a.Nil + b.Nil 6≈ a.Nil + b.Nil
Conclusion
Weak bisimilarity is not a congruence for CCS.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Is Weak Bisimilarity a Congruence for CCS?
Theorem
Let P and Q be CCS processes such that P ≈ Q. Then
α.P ≈ α.Q for each action α ∈ Act
P | R ≈ Q | R and R | P ≈ R | Q for each CCS process R
P[f ] ≈ Q[f ] for each relabelling function f
P \ L ≈ Q \ L for each set of labels L.
What about choice?
τ.a.Nil ≈ a.Nil
but
τ.a.Nil + b.Nil 6≈ a.Nil + b.Nil
Conclusion
Weak bisimilarity is not a congruence for CCS.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
Semantic Equivalences
Strong Bisimilarity
Weak Bisimilarity
Case Study: Communication Protocol
Congruence Problems
Is Weak Bisimilarity a Congruence for CCS?
Theorem
Let P and Q be CCS processes such that P ≈ Q. Then
α.P ≈ α.Q for each action α ∈ Act
P | R ≈ Q | R and R | P ≈ R | Q for each CCS process R
P[f ] ≈ Q[f ] for each relabelling function f
P \ L ≈ Q \ L for each set of labels L.
What about choice?
τ.a.Nil ≈ a.Nil
but
τ.a.Nil + b.Nil 6≈ a.Nil + b.Nil
Conclusion
Weak bisimilarity is not a congruence for CCS.
Strong and Weak Bisimulation Equivalence
Reactive Systems: Mod., Spec. and Ver.
© Copyright 2026 Paperzz