Bisimulation up-to techniques

As the complexity of the proofs for bisimilarity increase, so does the com-plexity of their candidate relations. The relations we have seen so far have been relatively simple, generally of the form that they contain the pair that is to be proven bisimilar, and a few standard requisites such as reflexivity, or that the relation is compositional.

In the coinduction rule for weak bisimilarity, Lemma 9.14, the derivatives of any agents in the candidate relation must either be in the candidate re-lation, or bisimilar. Bisimulation up-to techniques allow for a more gen-eral treatment of the derivative agents – they must be equivalent to agents either in the candidate relation or agents which are bisimilar. The equiv-alence, here denoted .

=, differs for each proof, but in the general case any

derivatives of the members of a candidate relationX must be in the rela-tion .

= ◦(X ∪ .

≈)◦ .

=.

It is generally desirable for the equivalence relation to be as large as pos-sible – the more general the relation, the less specific the requirements of the candidate relation. However, bisimulation up-to techniques are not ap-plicable for all equivalence classes. In the original printing of Milner’s book Communication and Concurrency [55], Milner proposed

Y = .

≈ ◦ (X ∪ .

≈) ◦ .

≈,

i.e. bisimulation up to weak bisimilarity. However, this technique equates agents which should not be bisimilar. The following counterexample was discovered by Sjödin and Jonsson. Consider the agentsτ.P and 0, where P is any agent not bisimilar to 0. Clearly these agents are not weakly bisimilar, but they are bisimilar up to weak bisimilarity. Set the candidate relationX to {(τ.P, 0), (0, τ.P)}. The only possible transition is τ.P −→ P, which 0 can^τ mimic by doing nothing, and the derivatives P and 0 are inY ; the agents P andτ.P are weakly bisimilar, hence P can be rewritten to τ.P using the up to techniques, andτ.P and 0 are in X .

Bisimulation up to techniques which are available are bisimulation up to structural congruence, and strong bisimilarity. Moreover, a variant of bisim-ulation up to weak bisimilarity is attainable.

Lemma 9.28.

(P, Q) ∈ Y ^R S. (R, S) ∈ Y

R ;c_{≈ ◦ (Y ∪}^. _{≈ ) ◦ ∼}^{. S ^R S.}

(R, S) ∈ Y (S, R) ∈ Y P .

≈ Q Proof. By coinduction withX set to .

≈ ◦ (Y ∪ .

≈) ◦ .

≈.

This coinductive lemma requires the derivatives to be in the relation .

≈ ◦ (Y ∪ .

≈) ◦ ∼, and therefore the counterexample above does not hold – even thoughτ.P is weakly bisimilar to P, they are not strongly bisimilar, and the rewriting technique used in the counter-example does not work.

With these techniques in place, we can prove that weak bisimilarity is preserved by replication.

Lemma 9.29. If P .

≈ Q then P | R .

≈ Q | R.

Proof. The Isabelle proof for this lemma can be found in Figure 9.5.

The remaining operator which bisimilarity is preserved by is Parallel. In order to prove this we need to use bisimulation up-to techniques.

lemma weakSimParPres:

fixes P :: ccs and Q :: ccs and R :: ccs and T :: ccs

andR :: (ccs × ccs) set and R⁰:: (ccs × ccs) set and R⁰⁰:: (ccs × ccs) set assumes P c;R Q and (P, Q) ∈ R

and R ;c_R⁰ T and (R, T) ∈ R⁰

and C1:VP⁰Q⁰R⁰T⁰. [[(P⁰, Q⁰) ∈ R; (R⁰, T⁰) ∈ R⁰]] =⇒

(P⁰| R⁰, Q⁰| T⁰) ∈ R⁰⁰ shows P | R c;R⁰⁰ Q | T

proof(induct rule: weakSimI) — Apply introduction rule;c-I case(Simα U)

from^〈Q | T −→ U^{α 〉} show ?case

proof(induct rule: parCases) — Apply PARinversion rule from Figure 6.4 PAR1 case

Given that Q −→ Q^{α 0}prove that there exists an S such that P | R==⇒ S and (S, Q^{αb 0} | T) ∈ R⁰⁰.

case(cPar1 Q⁰)

from^〈P c;R Q^{〉 〈}Q −→ Q^{α 0〉}obtain P⁰where P==⇒ P^{αb 0}and (P⁰, Q⁰) ∈ R by(rule weakSimE)

from^〈P==⇒ P^{αb 0〉}have P | R==⇒ P^{αb 0}| R by(rule weakPar1)

moreover from^〈(P⁰, Q⁰) ∈ R^{〉 〈}(R, T) ∈ R^0〉have (P⁰| R, Q⁰| T) ∈ R⁰⁰ by(rule C1)

ultimately show ∃S. P | R==⇒ S ∧ (S, Q^{αb 0}| T) ∈ R⁰⁰by blast next

PAR2 case

Given that T −→ T^{α 0}prove that there exists an S such that P | R==⇒ S and (S, Q | T^{αb 0}) ∈ R⁰⁰.

case(cPar2 T⁰)

from^〈R ;cR⁰ T^{〉 〈}T −→ T^{α 0〉}obtain R⁰where R==⇒ R^{αb 0}and (R⁰, T⁰) ∈ R⁰ by(rule weakSimE)

from^〈R==⇒ R^{αb 0〉}have P | R==⇒ P | R^{αb 0}by(rule weakPar2) moreover from^〈(P, Q) ∈ R^{〉 〈}(R⁰, T⁰) ∈ R^0〉

have (P | R⁰, Q | T⁰) ∈ R⁰⁰by(rule C1)

ultimately show ∃S. P | R==⇒ S ∧ (S, Q | T^{αb 0}) ∈ R⁰⁰by blast

next

COMMcase

Given that Q −→ Q^{a 0}and T −→ T^{a 0}prove that there exists an S such that P | R −→ S and (S, Q^{τ 0}| T⁰) ∈ R⁰⁰.

case(cComm Q⁰T⁰α)

from^〈P c;R Q^{〉 〈}Q −→ Q^{α 0〉}obtain P⁰where P==⇒ P^{αb 0}and (P⁰, Q⁰) ∈ R by(rule weakSimE)

from^〈R ;c_R⁰ T^{〉 〈}T −→ T^{α 0〉}obtain R⁰where R==⇒ R^{αb 0}and (R⁰, T⁰) ∈ R⁰ by(rule weakSimE)

from^〈P==⇒ P^{αb 0〉 〈}R==⇒ R^{αb 0〉 〈}α 6= τ^〉have P | R==⇒ P^{τ 0}| R⁰ by(auto intro: weakCongSync simp add: weakTrans-def) hence P | R==⇒ P^{τb 0}| R⁰by(simp add: weakTrans-def) moreover from^〈(P⁰, Q⁰) ∈ R^{〉 〈}(R⁰, T⁰) ∈ R^0〉

have (P⁰| R⁰, Q⁰| T⁰) ∈ R⁰⁰by(rule C1)

ultimately show ∃S. P | R==⇒ S ∧ (S, Q^{bτ 0}| T⁰) ∈ R⁰⁰by blast qed

qed

Figure 9.4: The Isabelle proof that simulation is preserved by the Parallel. It is very similar to the corresponding proof for strong simulation, found in Figure 7.2, but the lifted semantic rules are used instead of their regular semantic counterparts.

lemma weakBisimParPres:

fixes P :: ccs and Q :: ccs and R :: ccs assumes P ≈ Q

shows P | R ≈ Q | R proof −

let ?X = {(P | R, Q | R) | P Q R. P ≈ Q}

from assms have (P | R, Q | R) ∈ ?X by auto thus P | R ≈ Q | R

proof(coinduct rule: weakBisimCoinduct) case(cSim S T)

{

fix P Q R assume P ≈ Q

moreover hence P ;c_≈^{. Q} by(rule weakBisimulationE)

moreover haveVP Q R. P ≈ Q =⇒ (P | R, Q | R) ∈ ?X by auto ultimately have P | R ;c?X Q | R

by(rule-tac weakSimPres.parPres) hence P | R ;c_{?X ∪≈}^. Q | R

by(rule-tac weakSimMonotonic) auto }

thus S c;_{?X ∪≈}^. T using^〈(S, T) ∈ ?X^〉by auto next

case(cSym PR QR)

from^〈(PR, QR) ∈ ?X^〉show (QR, PR) ∈ ?X by(blast dest: weakBisimulation.symmetric) qed

qed

Figure 9.5: The proof that weak bisimulation is preserved by Parallel.

9.6.1 Replication

The preservation properties for replication are a bit more complicated than for its strong counterparts. The reason for this is that the simulating agent has the possibility of doing nothing when mimicking aτ-action. As the lifted semantics rule in Figure 9.3 dictates, the REPLrule may only be used if an action is actually performed. This puts special constraints on the candidate relations for bisimulation, which is demonstrated by the simulation lemmas.

Lemma 9.30.

(P, Q) ∈ R bangRelR ⊆ R⁰ ^R S.(R, S) ∈ R R c;R S

^R S T U. (R, S) ∈ R (T , U) ∈ R⁰

(R | T, S | U) ∈ R⁰ ^R S. (R | !R, S) ∈ R⁰ (!R, S) ∈ R⁰

!P ;cR⁰ !Q

Proof. Similar to the corresponding proof for strong simulation, Lemma 7.20. However, in the replication case the REPLrule from Figure 9.3 can only be used when the mimicking agent mimics at least oneτ-action;

if it does nothing, the last assumption from the lemma is used to ensure that the derivatives remain inR⁰.

Lemma 9.31. If P .

≈ Q then !P .

≈ !Q.

Proof. Follows the same pattern as the corresponding lemma for strong bisimilarity, Lemma 7.21, but by coinduction up to weak bisimilarity withY set to bangRel .

≈. The simulation case is discharged by Lemma 9.30, where its final requisite is proven by the fact that !P .

≈ P | !P, by Theorem 9.1.

With this lemma in place, we can prove that the main preservation theo-rem for weak bisimilarity.

Theorem 9.2. Weak bisimulation is preserved by all operators except the