1.6 Behavioral Equivalence

1.6 Behavioral Equivalence

Two very important concepts in the study and analysis of programs • Equivalence between programs • Congruence between statements • Replacing statements and programs

•Consider the two programs: P1::[ out x:integer where x=0 l0: x:=1 :l0’ ] P2::[ out x:integer where x=0 local t:integer where t=0 l0: t:=1 :l0’ l1: x:=t :l1’ ]

Computation generated by P1 • <{l0},0>,<{l0’,1}>,<{l0’},1>, … • Computation generated by P2 • <{l0},0,0>,<{l1},0,1>,<{l1’},1,1>,<{l1’},1,1}>,… • Computations contain too much distinguishing information, irrelevant to the correctness of the program, like • Control variable • Local variables

•Observable variables: O a subset of state variables • Usually input or output variables • Control variables are never observable • Label renaming =>equivalent programs

We define the observable state corresponding to s, denoted by s|O, to be the restriction of s to just the observable variables O. • Thus, s|O is an interpretation of O that coincides with s on all the variables in O.

Given a computation • σ :s0, s1, … • We define the observable behavior corresponding to َ σ to be the sequence • َ σo : s0 |O, s1 |O, …

Computation generated by P1 • <{l0},0>,<{l0’,1}>,<{l0’},1>, … • Computation generated by P2 • <{l0},0,0>,<{l1},0,1>,<{l1’},1,1>,<{l1’},1,1}>,… • For P1 and P2, and O={x}, observable behaviors: • σ1O : <0>, <1>, <1>, … • σ2O : <0>, <0>, <1>, <1>, …

Reduced behavior • The reduced behavior σr • relative to O, • corresponding to a computation σ, is the sequence obtained from σby thefollowing transformations: • Replace each state si by its observable part si|O • Omit from the sequence each observable state that is identical to its predecessor but not identical to all of its successors. • Not to delete the infinite suffix.

Applying these transformations to the computations σ1 and σ2 • or just the second transformation to σ2O • σ1r : <0>, <1>, <1>, … • σ2r : <0>, <1>, <1>, …

Equivalence of transition systems • For a basic transition system P, we denote by R(P) the set of all reduced behaviors generated by P. • Let P1 and P2 be two basic transition systems • and O subsetof Π1 intersectΠ2 be a set of variables (observable variables for both systems). • The systems P1 and P2 are defined to be equivalent (relative to O), denoted by P1~P2, if R(P1)=R(P2).

Which is equivalent to which? • Q1::[out x: integer where x=0; x:=2] • Q2::[out x: integer where x=0; x:=1; x:=x+1] • Q3::[out x: integer where x=0; [local t: integer; t:=1; x:=t+1]] • Observable set?

Congruence between statements • To explain the meaning of a statement S by another more familiar statement S’, that is congruent to S (perform the same task as S), but may be more efficient.

Congruence of statements • Consider the two statements: • T1::[x:=1;x:=2] • T2::[x:=1;x:=x+1] Viewing them as the bodies of programs, they are equivalent: • P1::[out x: integer where x=0;T1] • P2::[out x: integer where x=0;T2]

Our expectation about equivalent statements is that they are completely interchangeable: • the behavior of a program containing T1 will not change when we replace an occurrence of T1 with T2.

Consider Q1 and Q2: • Q1:: [out x: integer where x=0;[T1 || x:=0]] • Q2:: [out x: integer where x=0;[T2 || x:=0]] • Are they equivalent? Obtain the set of reduced behaviors of Q1 and Q2.

Let P[S] be a program context, which is a program in which statement variable S appears as one of the statements. • For example: Q[S]:: [out x: integer where x=0;[S|| x:=0]] • Let programs P[S1] and P[S2] be the programs obtained by replacing statement variable S with the concrete statements S1 and S2, respectively. • Statements S1 and S2 are defined to be congruent,denoted by S1~S2, if P[S1]~P[S2] for every program context P[S].

examples • Commutativity • Selection and cooperation constructions are commutative. • [S1 or S2] ~ [S2 or S1] • [S1 || S2] ~ [S2 || S1] • Associativity • Concatenation, selection, and cooperation constructions are all associative. • [S1;[S2;S3]] ~ [[S1;S2];S3]~[S1;S2;S3] • For or and ||

S~ [S; skip] What about: • S1 :: [await x] • S2 :: [skip; m: await x] ? Consider: P[S]:: [out x: boolean where x=F l0: [S or [await !x]]; l1: x:=T :l1’]

P[S2] may deadlock, while P[S1] may not.

await c ~ while !c do skip • Implementing await by busy waiting • Problem 1.3

Implementation versus emulation • Replacement of two programs may be desirable, for example in the case that one is expressed in terms of high-level constructs that are not directly available on a considered machine. • There are two possible relations; • Emulation • implementation

P2 emulates P1 if they are equivalent, i.e., if their sets of reduced behaviors are equal (a symmetric relation). • P2 implements P1 if the set of reduced behaviors of P2 is a subset of the set of reduced behaviors of P1.

Example: P1::[ out x, y: integer where x=0, y=0 loop forever do [x:=x+1 or y:=y+1]] P2::[ out x, y: integer where x=0, y=0 loop forever do [x:=x+1 ; y:=y+1]]

Emulation and implementation relations between statements: • The statement S2 emulates statement S1 if P[S2] emulates P[S1] for every program context P[S]. • S2 emulates S1 iff S2 is congruent to S1. • The statement S2 implements statement S1 if P[S2] implements P[S1] for every program context P[S].

What are the relations? • While !c do skip ?? await c • x:=x+1 ?? [[x:=x+1] or [y:=y+1]] • S2= await x ?? S1=[await x] or [await y] • S3=await (x or y) ?? S1=[await x] or [await y]

An example to compare S1 and S2 and S3: [local x,y : boolean where x=F, y=T out z: integer where z=0 S; z:=1]

1.7 Grouped Statements • In our text language, an atomic step (corresponding to a single transition taken in a computation), consists of the execution of at most one statement of the program.

We definea class of statements as elementary statements. • These statements can be grouped together. • The elementary statements: • Skip, assignment, and await statements • If S, S1, …, Sk are elementary statements, then so are: • When c do S • If c then S1 else S2 • [S1 or … or Sk] • [S1; …; Sk] • Any statement containing: cooperation or a while statement is not elementary.

If S is an elementary statement, then <S> is a grouped statement. • Example: <y:=y-1; await y=0; y:=1> • Execution of this grouped statement calls for the uninterrupted and successful execution of the three statements participating in the group in succession. • This grouped statement is congruent to the statement await y=1 • Thisinterpretation implies that execution of a grouped statement cannot be started unless its successful termination is guaranteed.

The transition associated with a grouped statement • Product of transitions • Let t1 and t2 be two transitions. • Product of t1 and t2 , denoted by t1o t2 , is • s”∈t1 o t2 iff there exists an s’ such that s’ ∈t1(s) and s” ∈t2(s’) • Thus, the (t1o t2)-successors of s can be obtained by the application of t1 to s, followed by the application of t2 to the resulting states.

Assume that • t1: C1 /\ (y’ = e1) and t2: C2 /\ (y’ = e2) Where we assume that t1 andt2 have the same set of modifiable variables. • t1 0 t2 = t1 o t2 : C1 /\ C2[e1/y] /\ (y’=e2[e1/y])

Example: • t1 : (x>y) /\ (x’ = x-y) /\ (y’ = y) • t2 : (x<y) /\ (x’ = x) /\ (y’ = y-x) • What is the transition relation for the product?

Transitions for <S> page 54. • Example : page 55

1.6 Behavioral Equivalence

1.6 Behavioral Equivalence

Presentation Transcript

Equivalence Testing

1.6

Equivalence Testing

Ensemble equivalence

Logical Equivalence

Ambivalent Equivalence

Fault Equivalence

Equivalence:

1.6

1.6 Behavioral Equivalence

CONFOUNDING EQUIVALENCE

Equivalence Checking

1.6

1.6

Equivalence Testing

§ 1.6

Equivalence Relations

1.6

Equivalence