Bisimilar control affine systems

The notion of bisimulation plays a very important role in theoretical computer science where it provides several notions of equivalence between models of computation. These equivalences are in turn used to simplify verification and synthesis for these models as well as to enable compositional reasoning. In systems theory, a similar notion is also of interest in order to develop modular verification and design tools for purely continuous or hybrid control systems. In this paper, we introduce two notions of bisimulation for nonlinear systems. We present differential geometric characterizations of these notions and show that bisimilar systems of different dimensions are obtained by factoring out certain invariant distributions. Furthermore, we also show that all bisimilar systems of different dimension are of this form.     

On Gödel speed-up and succinctness of language representations

In this note we discuss the similarities and differences between Gödel's result about non-recursive shortening of proofs of formal systems by additional axioms and the corresponding results about the succinctness of different representations of languages.     

Comparative semantics for flow of control in logic programming without logic

We study semantic issues concerning control flow notions in logic programming languages by exploring a two-stage approach. The first considers solely uninterpreted (or schematic) elementary actions, rather than operations such as unification, substitution generation, or refutation. Accordingly, logic is absent at this first stage. We provide a comparative survey of the semantics of a variety of control flow notions in (uninterpreted) logic programming languages including notions such as don't know versus don't care nondeterminism, the cut operator, and/or parallel logic programming, and the commit operator. In all cases considered, we develop operational and denotational models, and prove their equivalence. A central tool both in the definitions and in the equivalence proofs is Banach's theorem on (the uniqueness of) fixed points of contracting functions on complete metric spaces. The second stage of the approach proceeds by interpreting the elementary actions, first as arbitrary state transformations, and next by suitably instantiating the sets of states and of state transformations (and by articulating the way in which a logic program determines a set of recursive procedure declarations). The paper concentrates on the first stage. For the second stage, only a few hints are included. Furthermore, references to papers which supply details for the languages PROLOG and CONCURRENT PROLOG are provided.     

Extensional equivalences for transition systems

Summary Various notions of systems equivalence based on the reactions of systems to stimuli from the outside world are presented and compared. These notions have been proposed in the literature to allow abstraction from unwanted details in models of concurrent and communicating systems. The equivalences, already defined for different theories of concurrency, will be compared by adapting their definitions to labelled transition systems, a model which underlies many others. In the presentation of each equivalence, the aspects of system behaviours which are ignored and the identifications which are forced will be stressed. It will be shown that many equivalences, although defined very differently by following different intuitions about systems behaviour, turn out to be the same or to differ only in minor detail for a large class of transition systems.     

Complete inference systems for weak bisimulation equivalences in the π-calculus

Proof systems for weak bisimulation equivalences in the π-calculus are presented, and their soundness and completeness are shown. Two versions of π-calculus are investigated, one without and the other with the mismatch operator. For each version of the calculus proof systems for both late and early weak bisimulation equivalences are studied. Thus there are four proof systems in all. These inference systems are related in a natural way: the inference system for early equivalence is obtained from the one for late equivalence by replacing the inference rule for input prefix, while the inference system for the version of π-calculus with mismatch is obtained by adding a single inference rule for mismatch to the one for the version without it. The proofs of the completeness results rely on the notion of symbolic bisimulation.     

Behavioural equivalence in simulation modelling

Discrete event simulation has grown up as a practical technique for estimating the quantitative behaviour of systems, where direct measurement is undesirable or impractical. It is also used to understand the detailed functional behaviour of such systems. Its theory is largely that of experimental science, centering on statistical approaches to validation, rather than on the verification of detailed behaviour. On the other hand, much work has been done on understanding and proving functional properties of systems, using techniques of formal specification and concurrency modelling. This article presents an approach to understanding equivalence of behaviour of discrete event simulation models, using a technique from the concurrency world, Milner’s Calculus of Communicating Systems (CCS). This yields a significant advance over the main previous work, Schruben and Yücesan’s simulation graphs. CCS allows for the use of observational equivalence, which can capture a more flexible, behavioural notion of equivalence than the structural equivalence defined there.A common framework based on the process view of models is constructed, using a hierarchical graphical modelling language (Extended Activity Diagrams). This language is shown to map onto both the major constructs of the DEMOS discrete event simulation language and the corresponding CCS models. A graphically driven tool based on such a framework is presented, which generates both types of models. Using the CCS model, behavioural equivalences and differences in simulation models are demonstrated.     

Infinitary rewriting: closure operators, equivalences and models

Infinitary Term Rewriting allows to express infinite terms and transfinite reductions that converge to those terms. Underpinning the machinery of infinitary rewriting are closure operators on relations that facilitate the formation of transfinite reductions and transfinite equivalence proofs. The literature on infinitary rewriting has largely neglected to single out such closure operators, leaving them implicit in definitions of (transfinite) rewrite reductions, or equivalence relations. This paper unpicks some of those definitions, extracting the underlying closure principles used, as well as constructing alternative operators that lead to alternative notions of reduction and equivalence. A consequence of this unpicking is an insight into the abstraction level at which these operators can be defined. Some of the material in this paper already appeared in Kahrs (2010). The paper also generalises the notion of equational model for infinitary rewriting. This leads to semantics-based notions of equivalence that tie in with the equivalences constructed from the closure operators.     

Refinement of actions and equivalence notions for concurrent systems

We study an operator for refinement of actions to be used in the design of concurrent systems. Actions on a given level of abstraction are replaced by more complicated processes on a lower level. This is done in such a way that the behaviour of the refined system may be inferred compositionally from the behaviour of the original system and from the behaviour of the processes substituted for actions. We recall that interleaving models of concurrent systems are not suited for defining such an operator in its general form. Instead, we define this operator on several causality based, event oriented models, taking into account the distinction between deadlock and successful termination. Then we investigate the interplay of action refinement with abstraction in terms of equivalence notions for concurrent systems, considering both linear time and branching time approaches. We show that besides the interleaving equivalences, also the equivalences based on steps are not preserved under refinement of actions. We prove that linear time partial order semantics are invariant under refinement. Finally we consider various bisimulation equivalences based on partial orders and show that the finest two of them are preserved under refinement whereas the others are not. Termination sensitive versions of these equivalences are even congruences for action refinement. Received 11 May 1998 / 19 June 2000     

Formal communication elimination and sequentialization equivalence proofs for distributed system models

Equivalence reasoning with distributed system models, expressed directly as imperative programs with explicit parallelism, communication operations, storage variables and boolean conditions, remains virtually unexplored. Only reasoning with models expressed as process algebras has been amply dealt with in literature. However, these formalisms do not contemplate either storage variables or Boolean conditions as fundamental items, although these items become essential in most situations. This article develops the foundation of the until now non existent theory of equivalence reasoning with the aforementioned imperative notation and two novel equivalence proof techniques: communication elimination and sequentialization. The development is grounded on state systems and transition interleavings, as treated by Manna and Pnueli. Equivalence proofs safely transform a model via the application of a sequence of equivalence laws; aiming to obtain an equivalent model which is purely sequential, free from internal communication operations and parallelism, as a simplification of the initial model. After this, verification of the original model can be carried out, indirectly, in the simplified model, thus reducing complexity. Some of the presented novel notions are: (1) modular procedure for decomposition of both models and proofs, (2) interface behavior for statement semantics, (3) interface equivalence between behaviors, between statements and between procedures, (4) a set of communication elimination laws and (5) substitution rules of procedure references by their bodies or by references to equivalent procedures. An elimination proof construction algorithm is also presented; when it terminates, deadlock freedom of the original model can be decided. The main design lines of a computer aided equivalence reasoning tool are outlined as well. This is the foundation for a more widely applicable tool. As an illustration, the sequentialization proof of a simplified pipelined processor is overviewed. It is modeled as a distributed system with procedures and two levels of parallelism. The model obtained at the end of the equivalence proof is the sequential loop of a Von Neumann processor. This result establishes that the original model is deadlock-free, behaves as a processor and, as a consequence, the partition of processor functions among parallel processes is correct. The ratio of the upper bounds on the number of states of the final over the initial models, \(\frac{final}{initial}\) , is \(\frac{1}{2^{672}}\) .     

Programs as proofs: a synopsis

Programs are like constructive proofs of their specifications. This analogy is a precise equivalence for certain classes of programs. The connection between formal logic and programs is a foundation for programming methodology superior to that usually adopted. Moreover this equivalence suggests programming languages which are far richer than all others currently in use. These claims are established in this paper introducing parts of the PL/CV programming logics as a source of precision and examples.     

Elucidating concurrent algorithms via layers of abstraction and reification

Arguing that intricate concurrent programs satisfy their specifications can be difficult; recording understandable explanations is important for subsequent readers. Abstraction is a key tool even for sequential programs. The purpose here is to explore some abstractions that help readers (and writers) understand the design of concurrent programs. As an illustration, the paper presents a formal development of a non-trivial parallel program: Simpson’s implementation of asynchronous communication mechanisms. Although the correctness of this “4-slot algorithm” has been shown elsewhere, earlier proofs fail to offer much insight into the design. From an understandable (yet formal) design history of this one algorithm, the techniques employed in the explanation are teased out for wider application. Among these techniques is using a “fiction of atomicity” as an aid to understanding the initial steps of development. The rely-guarantee approach is, here, combined with notions of read/write frames and “phased” specifications; furthermore, the atomicity assumptions implied by the rely/guarantee conditions are achieved by clever choice of data representations.     

关系代数派生算子语义表达式间等价性证明

关系代数的派生算子在关系数据库查询语言中得到了广泛应用。它们的语义有两种常见的表示方式,一种是基于原始算子的表达式,一种是基于一阶逻辑的表达式。但有关的文献资料都没有给出这两种表达式等价性的严格证明。文章尝试通过一系列等价变换,证明派生算子语义的这两种表达式间的等价性。从派生算子(主要是除算子)语义的原始算子表达式出发,根据关系代数表达式的特点,通过一步步的等价变换,得到派生算子语义的一阶逻辑表达式。所使用的变换方法能为关系代数表达式的正确性证明打下基础。     

Structured development of a virtual shared memory system

In this paper we formalise three different views of a virtual shared memory system and show that they are equivalent. The formalisation starts with five basic component processes specified in the language of CSP [Hoa85], which can be adapted as necessary by two operations called labelling and clamping, and are combined in two basic ways: either they are chained, so that the output of one component becomes the input of the next, or they are put in parallel, so that their communications are arbitrarily interleaved. Using the laws of CSP we show that these basic processes and operators satisfy a number of algebraic equivalences, which enable us to prove equivalence of the different models of the memory system by reasoning entirely at the level of processes, instead of at the lower and more complicated level of events. As a result the proofs of equivalence of the different models are purely algebraic and very simple.The specification is intended to provide a general framework for any architecture using an interconnection network, such as the on-chip interconnect between macrocells or the networks of processor nodes connected by bit-serial interconnect which are described in [Jon93]. It addresses architecture independent design issues such as access transparency, connectivity, addressing models and serialisability. By structuring it as a hierarchy of models it is hoped that the treatment of these many issues is made as clear and tractable as possible, whilst the proofs of equivalence ensure consistency.Funded by Esprit Project 7267/ OMI-Standards.     

A topoiogical formulation of linguistic typology

The problem of classifying formal languages with respect to isomorphism is shown to reduce to the equivalence problem for a certain class of triples of topological spaces, and associated pairs of continuous mappings; and this problem can, in turn, be translated into the category of compacta. The computation of topological invariants of languages is illustrated by simple finite examples. An approach to computational applications of these notions to the study of natural and programming languages is indicated, further theoretical problems are posed, and directions for further research are suggested.     

Compositional semantics of spiking neural P systems

The aim of the paper is to give a formal compositional semantics for spiking neural P systems (SNP systems) by following the Structural Operational Semantics (SOS) approach. A process algebra is introduced whose terms represent SNP systems. The algebra is equipped with a semantics, given as a labelled transition system. This semantics allows notions of behavioural equivalences over SNP systems to be studied. Some known equivalences are considered and their definition based on the given semantics is provided. Such equivalences are proved to be congruences.     

Alternating simulation and IOCO

We propose a symbolic framework called guarded labeled assignment systems or GLASs and show how GLASs can be used as a foundation for symbolic analysis of various aspects of formal specification languages. We define a notion of i/o-refinement over GLASs as an alternating simulation relation and provide formal proofs that relate i/o-refinement to ioco. We show that non-i/o-refinement reduces to a reachability problem and provide a translation from bounded non-i/o-refinement or bounded non-ioco to checking first-order assertions.     

Relations between diagonalization,proof systems,and complexity gaps

In this paper we study diagonal processes over time bounded computations of one-tape Turing machines by diagonalizing only over those machines for which there exist formal proofs that they operate in the given time bound. This replaces the traditional “clock” in resource bounded diagonalization by formal proofs about running times and establishes close relations between properties of proof systems and existence of sharp time bounds for one-tape Turing machine complexity classes. These diagonalization methods also show that the Gap Theorem for resource bounded computations can hold only for those complexity classes which differ from the corresponding provable complexity classes. Furthermore, we show that there exist recursive time bounds T(n) such that the class of languages for which we can formally prove the existence of Turing machines which accept them in time T(n) differs from the class of languages accepted by Turing machines for which we can prove formally that they run in time T(n). We also investigate the corresponding problems for tape bound computations and discuss the difference time and tapebounded computations.     

A note on an identity-based ring signature scheme with signer verifiability

Recently, Herranz presented an identity-based ring signature scheme featuring signer verifiability where a signer can prove that he or she is the real signer by releasing an authorship proof. In this paper we show that this scheme is vulnerable to a key recovery attack in which a user’s secret signing key can be efficiently recovered through the use of two known ring signatures and their corresponding authorship proofs. In addition, we present a simple method to fix this security vulnerability by slightly modifying the authorship proof. Our modified scheme simplifies the original scheme and improves performance. To show that the modified scheme is unforgeable, we define two types of unforgeability notions for both signatures and authorship proofs. In these notions an adversary has opening capability to confirm the real signers of ring signatures and thus can manipulate authorship proofs in an adaptive way. We then prove that our modified scheme is secure in terms of these unforgeability notions.     

Algebraic query optimisation for database programming languages

A major challenge still facing the designers and implementors of database programming languages (DBPLs) is that of query optimisation. We investigate algebraic query optimisation techniques for DBPLs in the context of a purely declarative functional language that supports sets as first-class objects. Since the language is computationally complete issues such as non-termination of expressions and construction of infinite data structures can be investigated, whilst its declarative nature allows the issue of side effects to be avoided and a richer set of equivalences to be developed. The language has a well-defined semantics which permits us to reason formally about the properties of expressions, such as their equivalence with other expressions and their termination. The support of a set bulk data type enables much prior work on the optimisation of relational languages to be utilised. In the paper we first give the syntax of our archetypal DBPL and briefly discuss its semantics. We then define a small but powerful algebra of operators over the set data type, provide some key equivalences for expressions in these operators, and list transformation principles for optimising expressions. Along the way, we identify some caveats to well-known equivalences for non-deductive database languages. We next extend our language with two higher level constructs commonly found in functional DBPLs: set comprehensions and functions with known inverses. Some key equivalences for these constructs are provided, as are transformation principles for expressions in them. Finally, we investigate extending our equivalences for the set operators to the analogous operators over bags. Although developed and formally proved in the context of a functional language, our findings are directly applicable to other DBPLs of similar expressiveness. Edited by Matthias Jarke, Jorge Bocca, Carlo Zaniolo. Received September 15, 1994 / Accepted September 1, 1995