1 / 59

Process Algebra C alculus of C ommunicating S ystems

Process Algebra C alculus of C ommunicating S ystems. Daniel Choi Provable Software Lab. KAIST. Content. Introduction Calculus of Communicating Systems Equivalence for CCS Discussions. Why are we going to study Process Algebra?. Need

deidra
Télécharger la présentation

Process Algebra C alculus of C ommunicating S ystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Process AlgebraCalculus of Communicating Systems Daniel Choi Provable Software Lab. KAIST

  2. Content • Introduction • Calculus of Communicating Systems • Equivalence for CCS • Discussions Provable Software Laboratory Seminar

  3. Why are we going to study Process Algebra? • Need • Mathematical models for concurrent communicating processes? • How • How can we define a mathematical models for concurrent communicating process? Provable Software Laboratory Seminar

  4. Why are we going to study Process Algebra? • Need • Mathematical models for concurrent communicating processes? • How • How can we define a mathematical models for concurrent communicating process? Provable Software Laboratory Seminar

  5. The reason why we study Process Algebra • Need • Mathematical models for concurrent communicating processes? • Process Algebra, Petri Net, etc. • How • How can we define a mathematical models for concurrent communicating process? • By defining structured operational semantics Provable Software Laboratory Seminar

  6. Families of Algebraic Approaches • Milner’s Calculus of Communicating Systems (CCS) • Hoare’s theory of Communicating Sequential Processes • The Algebra of Communicating Processes (ACP) of Bergstra & Klop Provable Software Laboratory Seminar

  7. Content • Introduction • Why are we going to study Process Algebra? • Calculus of Communicating Systems • Definitions • Operational Semantic of CCS Terms • Examples • Equivalence for CCS • Discussions Provable Software Laboratory Seminar

  8. DefinitionsTheoretical definitions • Assume a non-empty set S of states, together with a finite, non-empty set of transition labels A and a finite set of predicate symbols • Signature • Consist of a finite set of function symbols f, g, … where each function symbol f has an arity ar(f), being its number of arguments. • Symbol of arity zero : constant (a, b, c, …) • Countably infinite set of variables (x, y, z, …) • Finite non-empty set A of (atomic) actions • Each atomic action a is a constant that can execute itself, after which it terminates successfully. • Term • Set T(∑) of open terms, s, t, u, … over ∑ is defined as the least set satisfying • Each variable is T(∑); • If f ∈ ∑ and t1, …, tar(f) ∈ T(∑), then f(t1, …, tar(f)) ∈ T(∑) • A term is closed if it does not contain variables. The set of closed terms is denoted by T(∑) • Labeled transition system • A transition is a triple (s, a, s’) with a ∈ A, or a pair (s, P) with P a predicate, where s, s’ ∈ S. A labeled transition system (LTS) is a possibly infinite set of transitions. An LTS is finitely branching if each of its states has only finitely many outgoing transitions • The states of an LTS are always the closed terms over a signature ∑. • In view of the syntactic structure of closed terms over a signature, such transitions can be derived by means of inductive proof rules, where the validity of a number of transitions (the premises) may imply the validity of some other transition (the conclusion) • Process graph • A Process (graph) p is an LTS in which one state s is elected to be the root. If the LTS contains a transition s – a -> s’, then p – a -> p’ where p’ has root state s’. Moreover, if the LTS contains a transition sP, then pP. Provable Software Laboratory Seminar

  9. DefinitionsTheoretical definitions • Assume a non-empty set S of states, together with a finite, non-empty set of transition labels A and a finite set of predicate symbols • Signature • Consist of a finite set of function symbols f, g, … where each function symbol f has an arity ar(f), being its number of arguments. • Symbol of arity zero : constant (a, b, c, …) • Countably infinite set of variables (x, y, z, …) • Finite non-empty set A of (atomic) actions • Each atomic action a is a constant that can execute itself, after which it terminates succefully. • Term • Set T(∑) of open terms, s, t, u, … over ∑ is defined as the least set satisfying • Each variable is T(∑); • If f ∈ ∑ and t1, …, tar(f) ∈ T(∑), then f(t1, …, tar(f)) ∈ T(∑) • A term is closed if it does not contain variables. The set of closed terms is denoted by T(∑) • Labeled transition system • A transition is a triple (s, a, s’) with a ∈ A, or a pair (s, P) with P a predicate, where s, s’ ∈ S. A labeled transition system (LTS) is a possibly infinite set of transitions. An LTS is finitely branching if each of its states has only finitely many outgoing transitions • The states of an LTS are always the closed terms over a signature ∑. • In view of the syntactic structure of closed terms over a signature, such transitions can be derived by means of inductive proof rules, where the validity of a number of transitions (the premises) may imply the validity of some other transition (the conclusion) • Process graph • A Process (graph) p is an LTS in which one state s is elected to be the root. If the LTS contains a transition s – a -> s’, then p – a -> p’ where p’ has root state s’. Moreover, if the LTS contains a transition sP, then pP. Provable Software Laboratory Seminar

  10. DefinitionsDefinitions in CCS • Actions • Atomic • uninterruptible execution steps(with some other internal computation steps(τ)) • Representing potential interactions with its environment (inputs/outputs on ports) Provable Software Laboratory Seminar

  11. DefinitionsOperator of CCS • nil • terminated process that has finished execution • a.p • Capable first of a and then behaves like p • + • Choice construct • p1 + p2 offers the potential of behaving like either p1 or p2, depending on the interactions offered by the environment • | • parallel composition • p1 | p2 offers interleaves the execution of p1 and p2 • Permitting complementary actions of p1 and p2 to synchronize (τ) • Restriction operator • Permits actions to be localized within a system • [f] • Actions in a process to be renamed • P[f] behaves exactly like p except that f is applied to each action that p wishes to engage in • Defining equation • C represents a valid system Provable Software Laboratory Seminar

  12. DefinitionsLabeled transition Systems • Labeled transition system (LTS) • Triple <Q, A,→> • Q : a set of states • A : a set of actions • → : transition relation →⊆Qⅹ A ⅹ Q • B = ((a.(b.B + c.0) + b.0)|a’.0 )\a b (B|0)\a … ((b.B + c.0)|0)\a τ c (0|0)\a B b (0|a’.0)\a Temporal Structure Provable Software Laboratory Seminar

  13. Operation Semantics of CCS Terms Referenced from lecture note of Prof. Kim Provable Software Laboratory Seminar

  14. ExamplesLovers • Assume that there is a man and a woman in the society • Man and Woman can manifest their emotion independently (concurrently) • M = ‘man.(acc.M‘+ rej.M) • W = man.(‘acc.W’ + ‘rej.W) • M’ = lov.M’ + ‘lov.M’ + ‘neg_man.M • W’ = lov.W’ + ‘lov.W’ + neg_man.W • Does L = (M|W) is a model of happy lovers? Provable Software Laboratory Seminar

  15. ExamplesLTS of Unhappy lovers M|W ‘man τ man neg_man (acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) (acc.M‘+ rej.M) |W M|(’acc.W’ + ‘rej.W) rej rej acc ‘rej ‘acc acc ‘neg_man lov,’lov τ ‘acc ‘rej lov,’lov M’|W M|W’ M’|(’acc.W’ + ‘rej.W) (acc.M‘+ rej.M)|W’ ‘man man ‘neg_man τ neg_man acc ‘acc τ,lov,’lov M‘|W’ τ Provable Software Laboratory Seminar

  16. ExamplesLTS of Unhappy lovers M|W ‘man τ man neg_man (acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) (acc.M‘+ rej.M) |W M|(’acc.W’ + ‘rej.W) rej rej acc ‘rej ‘acc acc ‘neg_man lov,’lov τ ‘acc ‘rej lov,’lov M’|W M|W’ M’|(’acc.W’ + ‘rej.W) (acc.M‘+ rej.M)|W’ ‘man man ‘neg_man τ neg_man acc ‘acc One sided Love τ,lov,’lov M‘|W’ τ Provable Software Laboratory Seminar

  17. ExamplesLTS of Happy lovers M|W τ (acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) τ M‘|W’ HL = (M|W) \{man, lov, acc, rej} τ Provable Software Laboratory Seminar

  18. ExamplesLTS of Happy lovers M|W τ (acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) proc HL = (M|W)\{manifest,love,neg_manifest,accept,reject} proc UHL = (M|W) proc M = 'manifest.(accept.M1 + reject.M) proc W = manifest.('accept.W1 + 'reject.W) proc M1 = love.M1 + 'love.M1 + 'neg_manifest.M proc W1 = 'love.W1 + love.W1 + neg_manifest.W τ M‘|W’ HL = (M|W) \{man, lov, acc, rej} τ Provable Software Laboratory Seminar

  19. ExamplesProof • Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej} (M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} Provable Software Laboratory Seminar

  20. ExamplesProof • Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej} Res (M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} Provable Software Laboratory Seminar

  21. ExamplesProof • Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej} Res ‘man.(acc.M‘+ rej.M) | man.(‘acc.W’ + ‘rej.W) -τ->(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) (M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} Provable Software Laboratory Seminar

  22. ExamplesProof • Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej} Parτ Res ‘man.(acc.M‘+ rej.M) | man.(‘acc.W’ + ‘rej.W) -τ->(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) (M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} Provable Software Laboratory Seminar

  23. ExamplesProof • Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej} Act Act ‘man.(acc.M‘+ rej.M) – ‘man-> (acc.M‘+ rej.M) man.(‘acc.W’ + ‘rej.W) – man-> (‘acc.W’ + ‘rej.W) Parτ Res ‘man.(acc.M‘+ rej.M) | man.(‘acc.W’ + ‘rej.W) -τ->(acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W) (M|W)\{man, lov, acc, rej} -τ->((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} Provable Software Laboratory Seminar

  24. ExamplesProof • Proof of (M|W)\{man, lov, acc, rej} => (M|W)\{man, lov, acc, rej} Act Act ‘acc.W‘ – ‘acc -> W’ acc.M‘ – acc -> M’ ChoiceL ChoiceL (acc.M‘+ rej.M) - acc-> M’ (‘acc.W’ + ‘rej.W) – ‘acc -> W’ Parτ (acc.M‘+ rej.M) | (‘acc.W’ + ‘rej.W) -τ-> (M’|W’) Res ((acc.M‘+ rej.M)|(’acc.W’ + ‘rej.W)) \{man, lov, acc, rej} -τ-> (M’|W’) \{man, lov, acc, rej} Provable Software Laboratory Seminar

  25. Content • Introduction • Why are we going to study Process Algebra? • Calculus of Communicating Systems • Definitions • Operational Semantic of CCS Terms • Examples • Equivalence for CCS • Trace Equivalence • Strong Bisimulation Equivalence • Weak Bisimulation Equivalence • Discussions Provable Software Laboratory Seminar

  26. Trace EquivalenceDefinition • Language Equivalence • Two machines are equivalent if they accept the same sequences of symbol • Can we directly apply language equivalence to rooted LTS? No • Identify every state in a rooted LTS as being accepting • Definition Let <Q, A,→> be a labeled transition system • Let A* consists of the set of finite sequences of elements of A • Let s = a1 … an∈A* be a sequence of actions. Then q – s-> q’ if there are states q0, ..., qnsuch thatq = q0, qi –ai-> qi+1 and q’ = qn • s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to represent the set of all strong traces of q • p ≈s q exactly when S(p) = S(q) (strong traces do not distinguish between internal and external actions) • Can we use trace equivalence to decide whether two system are behavioral congruent? No Provable Software Laboratory Seminar

  27. Trace Equivalence Definition • Language Equivalence • Two machines are equivalent if they accept the same sequences of symbol • Can we directly apply language equivalence to rooted LTS? No • Identify every state in a rooted LTS as being accepting • Definition Let <Q, A,→> be a labeled transition system • Let A* consists of the set of finite sequences of elements of A • Let s = a1 … an∈A* be a sequence of actions. Then q – s-> q’ if there are states q0, ..., qnsuch thatq = q0, qi –ai-> qi+1 and q’ = qn • s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to represent the set of all strong traces of q • p ≈s q exactly when S(p) = S(q) (strong traces do not distinguish between internal and external actions) • Can we use trace equivalence to decide whether two system are behavioral congruent? No Provable Software Laboratory Seminar

  28. Trace EquivalenceDefinition • Language Equivalence • Two machines are equivalent if they accept the same sequences of symbol • Can we directly apply language equivalence to rooted LTS? No • Identify every state in a rooted LTS as being accepting • Definition Let <Q, A,→> be a labeled transition system • Let A* consists of the set of finite sequences of elements of A • Let s = a1 … an∈A* be a sequence of actions. Then q – s-> q’ if there are states q0, ..., qnsuch thatq = q0, qi –ai-> qi+1 and q’ = qn • s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to represent the smallest set of all strong traces of q (prefix-closed) • p ≈s q exactly when S(p) = S(q) (strong traces do not distinguish between internal and external actions) • Can we use trace equivalence to decide whether two system are behavioral congruent? No Provable Software Laboratory Seminar

  29. Trace Equivalence Definition • Language Equivalence • Two machines are equivalent if they accept the same sequences of symbol • Can we directly apply language equivalence to rooted LTS? No • Identify every state in a rooted LTS as being accepting • Definition Let <Q, A,→> be a labeled transition system • Let A* consists of the set of finite sequences of elements of A • Let s = a1 … an∈A* be a sequence of actions. Then q – s-> q’ if there are states q0, ..., qnsuch thatq = q0, qi –ai-> qi+1 and q’ = qn • s is a strong trace of q if there exists q’ such that q – s -> q’. We use S(q) to represent the smallest set of all strong traces of q (prefix-closed) • p ≈s q exactly when S(p) = S(q) (strong traces do not distinguish between internal and external actions) • Can we use trace equivalence to decide whether two system are behavioral congruent? No Provable Software Laboratory Seminar

  30. ExampleTrace Equivalence p0 q0 a a a q1 q1’ p1 b c b c p2 p3 q2 q3 P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac} Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac} Provable Software Laboratory Seminar

  31. ExampleTrace Equivalence p0 q0 a a a S(P) = S(Q) q1 q1’ p1 b c b c p2 p3 q2 q3 P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac} Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac} Provable Software Laboratory Seminar

  32. ExampleTrace Equivalence p0 q0 a a a S(P) = S(Q) q1 q1’ p1 b c b c p2 p3 q2 q3 Trace Equivalent P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac} Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac} Provable Software Laboratory Seminar

  33. ExampleTrace Equivalence p0 q0 a a a S(P) = S(Q) q1 q1’ p1 b c b c p2 p3 q2 q3 Trace Equivalent P = a.(b.nil + c.nil)S(P) = {ε,a,ab,ac} Q = a.b.nil + a.c.nilS(Q) = {ε,a,ab,ac} It is not behavioral congruent Provable Software Laboratory Seminar

  34. Strong Bisimulation EquivalenceDefinition • Execution sequences for equivalent systems ought to pass through equivalent states • Definition Let <Q, A,→> be an LTS. A relation R ⊆ Q x Q is a bisimulation if whenever <p, q> ∈R, then the following conditions hold for any a, p’ and q’ • If p –a-> p’ then q – a -> q’ for some q’ such that <p’, q’> ∈R • If q –a-> q’ then p – a -> p’ for some p’ such that <p’, q’> ∈R • Definition System p and q are bisimulation equivalent, or bisimilar, if there exists a bisimulation R containing <p, q>. We write p ~ q whenever p and q are bisimilar Provable Software Laboratory Seminar

  35. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? • Strong Simulation • Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’ • q strongly simulates p if there exists a strong simulation S such that pSq Provable Software Laboratory Seminar

  36. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example p0 q0 a a a q1 q1’ p1 b c b c p2 p3 q2 q3 Suppose, (p0, q0)∈ S Provable Software Laboratory Seminar

  37. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0 q0 S p0 a a q1p1 Provable Software Laboratory Seminar

  38. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0 q0 S p0 q0 S p0 a a a a q1p1 q1'p1 q1 S p1 q1' S p1 Provable Software Laboratory Seminar

  39. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0 q0 S p0 q0 S p0 q1 S p1 a a b a a b q1p1 q1'p1 q2p2 q1 S p1 q1' S p1 q2 S p2 Provable Software Laboratory Seminar

  40. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0 q0 S p0 q0 S p0 q1 S p1 q1' S p1 a a b c a a b c q1p1 q1'p1 q2p2 q3p3 q1 S p1 q1' S p1 q2 S p2 q3 S p3 Provable Software Laboratory Seminar

  41. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose p0 strongly simulates q0, (q0, p0)∈ S or q0Sp0 q0 S p0 q0 S p0 q1 S p1 q1' S p1 a a b c a a b c q1p1 q1'p1 q2p2 q3p3 q1 S p1 q1' S p1 q2 S p2 q3 S p3 Therefore S = {(q0, p0), (q1, p1), (q1’, p1), (q2, p2), (q3, p3)} Provable Software Laboratory Seminar

  42. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose q0 strongly simulates p0, (p0, q0)∈ S or p0Sq0 p0 S q0 p1 S q1 p1 S q1 a b c a b p1q1 p2q2 p3 p1 S q1 q1' S p1 Provable Software Laboratory Seminar

  43. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example Suppose q0 strongly simulates p0, (p0, q0)∈ S or p0Sq0 p0 S q0 p1 S q1’ p1 S q1’ a c b a c p1q1’ p3q3 p2 p1 S q1’ p3 S q3 Provable Software Laboratory Seminar

  44. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? • Strong Simulation • Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’ • q strongly simulates p if there exists a strong simulation S such that pSq • S-1 is the set of pairs (y, x) such that (x, y) ∈ S • Strong bisimulation • A binary relation S over Q is said to be a strong bisimulation over the LTS if both S and its converse are simulations Provable Software Laboratory Seminar

  45. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? • Strong Simulation • Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’ • q strongly simulates p if there exists a strong simulation S such that pSq • S-1 is the set of pairs (y, x) such that (x, y) ∈ S • Strong bisimulation • A binary relation S over Q is said to be a strong bisimulation over the LTS if both S and its converse are simulations Provable Software Laboratory Seminar

  46. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example b a p0 p1 q0 a q1 a a a b b p2 a a q2 S = {(p0, q0), (p1, q1), (p2, q1), (p0, q2)} S’ = {(q0, p0), (q1, p1), (q1, p2), (q2, p0)} Provable Software Laboratory Seminar

  47. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example b a p0 p1 q0 a q1 a a a b b p2 a a q2 Strong Bisimulation S = {(p0, q0), (p1, q1), (p2, q1), (p0, q2)} S’ = {(q0, p0), (q1, p1), (q1, p2), (q2, p0)} Provable Software Laboratory Seminar

  48. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? : Example a p0 p1 q0 a q1 a b q2 b p2 p3 It is not Strong Bisimulation P strongly simulates Q S = {(q0, p0), (q1, p2), (q2, p3)} Q strongly simulates P S’ = {(p0, q0), (p1, q1), (p2, q1), (p3, q2)} Provable Software Laboratory Seminar

  49. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? • Strong Simulation • Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’ • q strongly simulates p if there exists a strong simulation S such that pSq • S-1 is the set of pairs (y, x) such that (x, y) ∈ S • Strong bisimulation (P ~ Q) • A binary relation S over Q is said to be a strong bisimulation over the LTS if both S and its converse are simulations • Strong bisimulation equivalence : reflexive, symmetric, transitive • P ~ Q implies P ≈s Q • What about internal computation τ? • Weak bisimulation Provable Software Laboratory Seminar

  50. Strong Bisimulation EquivalenceHow to find out P and Q are bisimular? • Strong Simulation • Let <Q, A,→> be an LTS, and let S be a binary relation over Q. Then S is called a strong simulation over <Q, A,→> if, whenever pSq, if p – a -> p’ then there exists q’ ∈ Q such that q – a -> q’ and p’ S q’ • q strongly simulates p if there exists a strong simulation S such that pSq • S-1 is the set of pairs (y, x) such that (x, y) ∈ S • Strong bisimulation (P ~ Q) • A binary relation S over Q is said to be a strong bisimulation over the LTS if both S and its converse are simulations • Strong bisimulation equivalence : reflexive, symmetric, transitive • P ~ Q implies P ≈s Q • What about internal computation τ? • Weak bisimulation Provable Software Laboratory Seminar

More Related