Weak (Probabilistic) Simulation

and G_i (x,{(0.9,k)})⊳l

=========⇒, note we omit the parameter C_Gi,G4,l which is not important here.

As a counterexample, we know G_i 6≈^M_p G₅, since in G₅ the node at location k can receive messages from l with probability 0.5 which is not in [0.6,0.9] while in Gi the probability of the node at location k receiving messages from l is always in [0.6,0.9].

2.5 Weak (Probabilistic) Simulation

In Section 2.4we define weak (probabilistic) bisimulations which are equivalence rela-tions among networks. Two networks E and F are bisimilar iff E can mimic stepwise all the observable transitions of F and vice versa. In this section we relax the sym-metric conditions of weak (probabilistic) bisimulations, and only requires one direction mimicking, which introduces us the definitions of weak (probabilistic) simulation. Sim-ulations are preorders on the networks, which has been used widely for verification purpose (1,8,54,70,71). Intuitively, if F simulates E, then F can be seen as a correct implementation of E. Since often E is more abstract and contains less details, it is much easier to be analyzed. More importantly, certain properties satisfied by E are guaranteed to be true for F too.

Before introducing weak (probabilistic) simulation, as usual we define the weight function in the same way as in (48).

Definition 7 (Weight Function). Let R = N × N be a relation over N . A weight function for µ and µ^′ w.r.t. R is a function ∆ : N × N 7→ [0, 1] such that:

• ∆(E, F ) > 0 implies that E R F ,

• µ(E) =P

F ∈N ∆(E, F ) for any E ∈ N ,

• µ^′(F ) =P

E∈N ∆(E, F ) for any F ∈ N .

We write µ ⊑R µ^′ iff there exists a weight function for µ and µ^′ w.r.t. R.

When µ ⊑R µ^′, it may happen that for a certain set of networks S ⊆ Supp(µ), there exists a set of networks S^′ ⊆ Supp(µ^′) such that µ(S) = µ^′(S^′) where S × S^′ ⊆ R, but this does not mean that for each E ∈ S, there exists E^′ ∈ S^′ such that µ(E) = µ^′(E^′).

For instance if there are two distributions: µ and µ^′ such that µ(E) = 1, and µ^′(E₁) = µ^′(E₂) = 0.5. Apparently, it should hold that µ ⊑R µ^′ provided E R E₁ and E R E₂,

but neither µ(E) = µ^′(E₁) nor µ(E) = µ^′(E₂) holds. Essentially, ∆ corresponds in a way to divide the support of distributions µ and µ^′ such that µ and µ^′ will coincide with probability of sets of network. For the above example, we can let ∆(E, E₁) = 0.5 and ∆(E, E₂) = 0.5 i.e. dividing E into two parts one of which is for E₁, and the other part is for E₂. Clause 1 says that ∆ can only associate two networks when they are in R. Clause 2 guarantees that for each E ∈ Supp(µ) the total probability assigned to E by ∆ i.e. P

F ∈N ∆(E, F ) should coincide with the probability of E in µ. Clause 3 is the counterpart of Clause 2, which guarantees that for each F ∈ Supp(µ^′) the total probability assigned to F by ∆ i.e. P

E∈N ∆(E, F ) should be the same as µ^′(F ).

2.5.1 Weak Simulation

In this section we first introduce the weak simulation without considering the com-bined transitions as before. The weak simulation can be seen as a one direction weak bisimulation in Definition 5. We will also give a few examples to show what the weak simulation can be used for, and also show that it is too fine in some cases which leads us to the definition of weak probabilistic simulation.

Bellow follows the definition of weak simulation.

Definition 8 (Weak Simulation). A relation R ⊆ N × N is a weak simulation if E R F implies that for each k ∈ L and C_E,F,k whenever E ∝ C_E,F,k −→ µ then:^α

1. if α = (x,L) ⊳ k then there exists F ∝ CE,F,k α

=

=⇒ µ^′ such that for each y ∈ N, µ{y/x} ⊑R µ^′{y/x};

2. if α = ν ˜xhx,Li@l then there exists F ∝ CE,F,k

ν ˜xhx,Li@m

=======⇒ µ^′ such that µ ⊑R µ^′; 3. if α = τ then there exists F ∝ C_E,F,k ==⇒ µ^{τ ′} such that µ ⊑R µ^′.

The network E is weakly simulated by F , written as E w^M F , if there exists a weak simulation R such that E R F .

Lemma 4. E ∝ C w^M F ∝ C for any C provided that E w^M F . Proof. Similar with the proof of Lemma3 and is omitted here.

The following theorem shows that w^M is a congruence and preorder.

Theorem 7. w^M is a congruence and a preorder.

Proof. We first prove that w^M is a preorder. The reflexivity is trivial, we only prove the transitivity here i.e. E w^M F and F w^M G implies that E w^M G. In order to do so, we need another definition of weak simulation, calledw^M₁ . The definition of w^M₁ is almost the same as w^M except that E ∝ C_E,F,k −→ µ is replaced by the weak^α transition E ∝ C_E,F,k ==⇒ µ.^α

It can be proved that w^M = w^M₁ . It is easy to see that E w^M₁ F implies that E w^M F since E ∝ C_E,F,k−→ µ is a special case of E ∝ C^α _E,F,k ==⇒ µ. We prove that^α E w^M F implies E w^M₁ F , it is enough to show that

R= {(E, F ) ∈ N × N | E w^M F }

is a weak simulation under the new definition. For simplicity we will omit the parameter C_E,F,k in the sequel. Suppose that E R F and E ==⇒ µ. If α = (x,^α L) ⊳ k, we need to prove that there exists F ==⇒ µ^{α ′} such that µ ⊑R µ^′. We are going to prove by induction on E==⇒ µ. According to Definition^α 3, there are two cases to be considered:

1. E −→ µ^τ 1 α

=

=⇒ µ. Since E R F i.e. E w^M F , there exists F ==⇒ µ^{τ ′}₁ such that µ₁ ⊑R µ^′₁. By induction there exists F ==⇒^τ ==⇒ µ^{α ′} such that µ ⊑R µ^′.

2. E −→ µ^α ₁ ==⇒ µ. Since E^τ w^M F , there exists F ==⇒ µ^{τ ′}₁ such that µ₁ ⊑R µ^′₁. The following proof is similar with Clause 1, and is omitted here.

The cases when α = τ or ν ˜xhx,Li@l are similar.

Since we have proved that w^M =w^M₁ , in order to show that w^M is a preorder, it is equivalent to prove thatw^M₁ is a preorder. Suppose that E w^M₁ F and F w^M₁ G, we prove that E w^M₁ G. According to the definition ofw^M₁ , there exists weak simulations R₁ and R₂ such that E R₁ F and F R₂ G. Therefore whenever E =====⇒ µ^(x,L)⊳k ₁, there exists F =====⇒ µ^(x,L)⊳k ₂ and G=====⇒ µ^(x,L)⊳k ₃ such that µ₁ ⊑R₁ µ₂ and µ₂ ⊑R₂ µ₃. In other words, there exists ∆₁ and ∆₂ satisfying the conditions in Definition7. Let

R= R₁◦ R₂ = {(E^′, G^′) | ∃F^′.(E^′ R₁ F^′∧ F^′ R₂ G^′)}, then we need to find a ∆ between µ₁ and µ₃ over R. Let

∆(E, G) = X

F ∈N

∆₁(E, F ) ·∆₂(F, G) µ2(F ) ,

we show that ∆ defined in this way does satisfy the conditions in Definition7. Condition one is easy since ∆(E, G) > 0 implies that there exists F such that ∆₁(E, F ) > 0 and

∆₂(F, G) > 0, that is, E R₁ F and F R₂ G, thus E R G, and vice versa. Also

we prove that the second condition is satisfied too. The third condition is similar as the second one, and is omitted here. Therefore µ₁ ⊑R µ₃, this completes the proof.

Finally we prove that w^M is a congruence which is similar with the proof of Theo-rem 2, it is enough to show that

R= {(ν ˜x(E k G), ν ˜x(F k G)) | E w^M F } is a weak simulation. Let

E0 = ν ˜x(E k G), F₀= ν ˜x(F k G).

If E0 α

−→ µ, we need to distinguish among several cases. Again we simply write C as the abbreviation of C_E0,F0,l.

• Suppose

E₀ ∝ C−−−−→ µ^(x,L)⊳l 0 ≡ ν ˜x(µ₁ k µ3 k D(E0 ∝ C)),

where µ₁ and µ₃ do not contain any connection information, hence we infer:

(E k D(G)) ∝ C−−−−→ µ^(x,L)⊳l 1 k D(E0 ∝ C),

because E₀ is well-formed. Then we have

(E k D(G)) ∝ C w^M (F k D(G)) ∝ C, thus

(F k D(G)) ∝ C====⇒ µ^(x,L)⊳l ₂ (2.8) and (µ1k D(E0 ∝ C)){y/x} w^M µ2{y/x} for all y ∈ N. Since

(G k D(E)) ∝ C−−−−→ µ^(x,L)⊳l 3 k D(E0∝ C), by (nREC2) we have

G^{′ (x,∅)⊳l}−−−−→ µ^′₃ (2.9)

where G ≡ G^′ k D(G) and µ3 ≡ µ^′₃•L with L = Dl(E₀∝ C). Also F₀ ∝ C ≡ ν ˜x(G^′ k ((F k D(G)) ∝ C)),

so we can now combine transitions2.8 and 2.9using (nREC2) and (nRES), and obtain the following transition:

F₀∝ C = ν ˜x(F k G) ∝ C====⇒ ν ˜^(x,L)⊳l x(µ₂k µ₃) and µ₀ ≡ ν ˜x(µ₁ k µ3 k D(E0 ∝ C)){y/x} ⊑R ν ˜x(µ₂ k µ3){y/x}.

• The other cases are similar.

To illustrate how weak simulation works, we give two examples. Since our weak simulation is a conservative extension of the standard weak simulation, we are more interested in the examples related to the mobility.

Example 18. Suppose we are given a PMF such that the mobility of Pro(m 7−→ l) and Pro(n 7−→ l) is explicitly defined by Fig.2.2and 2.3respectively, and all the others are implicitly defined. Let

E ≡ ⌊hxi⌋_m k C, F ≡ ⌊hxi⌋_n k C

where C = {{(0.6, l)} 7−→ m} k {{(0.5, l)} 7−→ n}. Apparently, neither E ≈^M F nor E ≈^M_p F holds, since in F the node at location l can receive the x with probability 0.5 which is impossible for E. But according to Definition 8, we have E w^M F . Intuitively, because in E the probability of the node at l receiving x is either 0.6 or 0.9, and the probability can be also 0.6 or 0.9 in F even if it has more choices for instance with probability 0.5.

Example 19. Suppose we are given a PMF such that the mobility of Pro(m 7−→ l) is explicitly defined by Fig. 2.2, while all the others are implicitly defined, therefore the only possible values of Pro(n 7−→ l) are 0 and 1. Let

E ≡ ⌊hxi⌋_mk C, F ≡ ⌊hxi⌋_n k C where

C = {{(0.6, l)} 7−→ m} k {{(0, l)} 7−→ n}.

It turns out E 6w^M F since in E the node at l can receive x with probability 0.6 while it is not possible in F . But since in F the node at l can receive x with probability either 0 or 1, it should be able to simulate E, which introduces us the weak probabilistic simulation in the next section.

2.5.2 Weak Probabilistic Simulation

According to Example 19, w^M seems to be too fine in some cases. In this section we will introduce the weak probabilistic simulation making use of the combined transition as in Definition6. Bellow follows the definition of weak probabilistic simulation.

Definition 9 (Weak Probabilistic Simulation). A relation R ⊆ N × N is a weak probabilistic simulation if E R F implies that for each k ∈ L and C_E,F,k whenever E ∝ C_E,F,k−→ µ then:^α

1. if α = (x,L) ⊳ k then there exists F ∝ CE,F,k α

=

=⇒_c µ^′ such that for each y ∈ N, µ{y/x} ⊑R µ^′{y/x};

2. if α = ν ˜xhx,Li@l then there exists F ∝ CE,F,k

ν ˜xhx,Li@m

=======⇒_c µ^′ such that µ ⊑R µ^′; 3. if α = τ then there exists F ∝ C_E,F,k ==⇒^τ _c µ^′ such that µ ⊑R µ^′.

The network E is weakly probabilistic simulated by F , written as E w^M_p F , if there exists a weak probabilistic simulation R such that E R F .

We can also show thatw^M_p is a congruence and preorder.

Theorem 8. w^M_p is a congruence and preorder.

Proof. Similar with the proof of Theorem 7and is omitted here.

Obviously,w^M is strictly finer thanw^M_p .

Theorem 9. w^M ⊂w^M_p .

Proof. It is straightforward from Definition8 and 9.

In Example 19we show that E 6w^M F , but according to Definition9, E w^M_p F . Example 20. Consider the networks E and F in Example 19. As we said before in E the node at l can receive x with probability 0.6, i.e.

E hx,{(0.6,l)}i@m

−−−−−−−−−→ δ_(⌊0⌋mkC), since there does not exist F hx,{(0.6,l)}i@n

=========⇒, thus E 6w^M F . But we have F hx,{(0,l)}i@n

========⇒ δ_(⌊0⌋nkC), F hx,{(1,l)}i@n

========⇒ δ_(⌊0⌋nkC), therefore there exists

F hx,{(0.6,l)}i@n

=========⇒c δ_(⌊0⌋mkC) such that

δ_(⌊0⌋mkC) ⊑_w^M_p δ_(⌊0⌋nkC), as a result E w^M_p F .