Homework for Modelling Concurrent Systems, Fall 2024

INFR10089/INFR11248 — 2024	Main page	Lectures and handouts	Homework
	Piazza	Notes	HW Submissions

Homework 1, Tuesday 17-9-2024

(Due: 24-9-2024 at 10am; accepted without penalty until 25-9-2024 at 10am)

A binary relation ~ on a set D is an equivalence relation if it is

reflexive: p ~ p for all processes p in D,
symmetric: if p ~ q then q ~ p,
and transitive: if p ~ q and q ~ r then p ~ r.

Give an example of an equivalence relation on the domain of all people.
For each of these three requirements, give an example of a relation on people that is not an equivalence relation, because it fails this one requirement but satisfies the other two requirements.
If ~ is an equivalence relation on D, and p is in D, then [p]_~ denotes the set of all processes in D that are equivalent to p. Such a set is called an equivalence class. Show (formally, by means of a mathematical proof) that the collection of all equivalence classes form a partitioning of D. This means that every p in D belongs to one and only one equivalence class.

[None of this has been treated in class; (c) is a test of prior mathematical exposure to the notion of a mathematical proof. If this is hard, it is a good warm-up for bits of mathematical proof yet to come.]

Consider a vending machine that accept pieces of 20 cents, 50 cents and 1 dollar, and that can dispense (multiple) chocolate and pretzels, each of which costs 1 dollar. Draw an LTS whose transitions are labelled with "20c", "50c" or "$\$$1", indicating the reception by the machine of a coin inserted by a user, and by the actions "chocolate" or "pretzel", indicating the opening of the glass door of the machine behind which chocolate or pretzels are stored. (We abstract from the closing of the door after extraction of the pretzel, which happens automatically, and the appearance of a new pretzel behind the glass door afterwards.) Assume that the machine does not give change, and that it accepts any amount of surplus money. Try to make the number of states in your LTS as small as possible.
Answer
Consider the process graph depicted in Counterexample 17, on page 49 of this paper. In that paper, the initial state is the unique one without incoming transitions. Formalise this graph in two ways:
1. As a triple $(S,I,\rightarrow)$ of states, initial state and transition relation, as in the notes.
2. As a tuple $(S,I,T,\textit{source},\textit{target},\ell)$, discussed in class.

Homework 2, Thursday 19-9-2024

(Also due: 24-9-2024 at 10am; accepted without penalty until 25-9-2024 at 10am)

Draw a process graph for the ACP expression a(bc+b(c+d)).

[Harder; can be skipped by students that merely aim for a basic good grade.]
Give a formal definition of the sequential composition operator of ACP (see notes), in the style of the notes.
Give an example of two processes that have the same partial traces but different completed traces. Moreover, the completed traces of the one should not be a subset of the completed traces of the other.
Give an example of a process that has no finite completed traces at all.
[Harder; can be skipped by students that merely aim for a basic good grade.]
Consider a more bureaucratic version of the relay race that was presented in class. This time runner 1 may only pass the stick to runner 2 in the presence of a bureaucrat, who is stationed halfway the start and finish. The bureaucrat will watch the transaction and subsequently make a note of it in his notebook, that will be kept for posterity. Consider a specification that mentions the start of the race (start), the delivery of the parcel (finish) and the making of the bureaucratic note (note). Describe the specification and the implementation in ACP.

Note: Whereas students of the third year course MCS-10 may skip both harder questions for a basic good grade, students of the fourth year course MCS (or MCS-11) ought to do at least one of them.

Homework 3, Tuesday 24-9-2024

(Due: 1-10-2024 at 10am; accepted without penalty until 2-10-2024 at 10am)

Give an example of two processes without infinite traces that are weakly completed trace equivalent and also strongly partial trace equivalent but not strongly completed trace equivalent.
Consider a process called "gatekeeper" that makes sure that of 2 other processes "1" and "2", at most one is in its critical section. Its action are "hear request of process i to enter critical section", or h(i) for short; "admit process i into critical section", or a(i); and "observe that process i exits the critical section", e(i). Here i can have the values 1 or 2. Keep in mind that each of the processes i may enter the critical section multiple times. The actions h(i), a(i) and e(i) all synchronise with corresponding actions h(i), a(i) and e(i) from the processes 1 and 2. Processes 1 and 2 have the form P(i)=h(i).a(i).e(i).P(i). The gatekeeper should be able to hear (and remember) a request in any state. Deadlock should be avoided.
- Draw a process graph describing the correct behaviour of the gatekeeper.
We do not ask you to calculate the parallel composition of the gatekeeper with the two client processes.

Homework 4, Thursday 26-9-2024

(Also due: 1-10-2024 at 10am; accepted without penalty until 2-10-2024 at 10am)

Give an example of two strongly bisimilar process graphs, one with 5 reachable states, and one with 7.
Show, for labelled transition systems without τ-transitions, and without termination predicate, that bisimulation equivalence is strictly finer than infinitary completed trace equivalence. This means that it makes strictly fewer identifications. This involves two things:
- show that whenever two processes are bisimulation equivalent, they are surely also infinitary completed trace equivalent.
- give an example of two processes that are infinitary completed trace equivalent but not bisimulation equivalent.
Draw the process graph for a single Boolean variable $x$ kept in some memory system. The process should support the following actions:
- $w_x(0)$: write the value 0 to the variable $x$.
- $w_x(1)$: write the value 1 to the variable $x$.
- $r_x(0)$: read $x$ and retrieve the value 0.
- $r_x(1)$: read $x$ and retrieve the value 1.
Let's assume the initial value of $x$ is 0.

Homework 5, Tuesday 1-10-2024

(Due: 8-10-2024 at 10am; accepted without penalty until 9-10-2024 at 10am)

Out of the following processes, which pairs are weak bisimulation equivalent?

a.(b+τ.c)+τ.a.d

a.(b+τ.c)+τ.a.d+a.b

a.(b+τ.c)+τ.a.d+a.c

a.(b+τ.c)+τ.a.d+a.d

Show the bisimulation or informally describe why there isn't any.

Also tell which pairs are weak completed trace equivalent, and why or why not.
And which pairs are strong completed trace equivalent, and why or why not.
And which pairs are branching bisimulation equivalent, and why or why not.

Given an example of two processes of which some of the states may be marked with the termination predicate ✔, such that the two are (strong) bisimulation equivalent when discarding the termination predicate (without changing the states and transitions in any way), yet with the termination predicate taken into account they are completed trace equivalent but not bisimulation equivalent.

[Harder; can be skipped by students that merely aim for a basic good grade.]
We write $Q \Longrightarrow Q$ if there are $Q_0$, $Q_1$, ... , $Q_n$ for some $n \geq 0$, such that $Q=Q_0$, $Q=Q_n$, and $Q_{i-1} \stackrel{\tau}\longrightarrow Q_i$ for all $i=1,...,n$.
Here $Q$, $Q$ and the $Q_i$ are either processes or states in labelled transition systems. (In the next lecture we will drop the distinction between processes and states.) We write $P =_{BB} Q$ if there exists a branching bisimulation that relates the states $P$ and $Q$.

Show that if $P =_{BB} Q$, $Q \Longrightarrow Q'$ and $P =_{BB} Q'$, then $P =_{BB} Q_i$ for any process $Q_i$ on the $\tau$-path from $Q$ to $Q'$.
Does the same property also holds for weak bisimilarity $=_{WB}$? Give a proof or a counterexample.
In class I defined a branching bisimulation $\mathcal{B}$ to satisfy the following transfer property:
if $P \mathrel{\mathcal{B}} Q$ and $P \stackrel{\alpha}\longrightarrow P'$, then there are $Q_0$, $Q_1$, ... , $Q_n$ for some $n \geq 0$, and $Q'_0$, $Q'_1$, ... , $Q'_m$ for some $m \geq 0$
such that $Q=Q_0 \stackrel{\tau}\longrightarrow Q_1 \stackrel{\tau}\longrightarrow \dots \stackrel{\tau}\longrightarrow Q_n \stackrel{(\alpha)}\longrightarrow Q'_0 \stackrel{\tau}\longrightarrow Q'_1 \stackrel{\tau}\longrightarrow \dots \stackrel{\tau}\longrightarrow Q'_m$,
and moreover $P \mathrel{\mathcal{B}} Q_i$ for all $i=1,...,n$ and $P' \mathrel{\mathcal{B}} Q'_j$ for all $j=0,...,m$.
The handout, on the other hand, requires the following transfer property:
if $P \mathrel{\mathcal{B}} Q$ and $P \stackrel{\alpha}\longrightarrow P'$, then there are $Q_0$, $Q_1$, ... , $Q_n$ for some $n \geq 0$,
such that $Q=Q_0 \stackrel{\tau}\longrightarrow Q_1 \stackrel{\tau}\longrightarrow \dots \stackrel{\tau}\longrightarrow Q_n \stackrel{(\alpha)}\longrightarrow Q'$,
and moreover $P \mathrel{\mathcal{B}} Q_n$ and $P' \mathrel{\mathcal{B}} Q'$.
Prove that these two definitions lead to the very same notion of branching bisimilarity.
(As always, you may also answer the question by giving a counterexample showing that this is not the case.)

Homework 6, Thursday 3-10-2024

(Also due: 8-10-2024 at 10am; accepted without penalty until 9-10-2024 at 10am)

Let P be the process given by the recursive equation X = a.(b.X + c.X)
and Q be the process (c+e).a. Assume an ACP communication function γ given by γ(a,c)=γ(c,a)=d.
1. Draw a process graph representation of P and Q.
2. Draw a process graph representation of P||Q.
3. Draw a process graph representation of ∂_{a,c}(P||Q).
Answer
Express the behaviour of the gatekeeper from Homework 3.2 by a system of recursive equations.
Answer
Describe the relay race in CCS in a similar way as the class notes describe it in ACP.
Answer

Homework 7, Tuesday 8-10-2024

(Due: 15-10-2024 at 10am; accepted without penalty until 16-10-2024 at 10am)

For which possible choices of Q and R are there transitions of the form a.(c+b) | ((c+a) | b) --τ--> Q --τ--> R in the labelled transition system of CCS? (In CCS expressions action prefixing binds strongest of all operators. Moreover, I leave out trailing 0s, so c+b means c.0+b.0 .) Give a proof tree of the formal derivation of one of those transitions from the structural operational rules of CCS.
Answer
[Fairly hard] An equivalence ~ is a congruence for a language L if P ~ Q implies that C[P] ~ C[Q] for every context C[ ]. Here a context C[ ] is an L-expression with a hole in it, and C[P] is the result of plugging in P for the hole.
Consider a language L without recursion. A different definition of a congruence ~ requires for any $n$-ary operator $f$ of L that
$P_i \sim Q_i$ for $i=1,...,n$ implies $f(P_1,...,P_n) \sim f(Q_1,...,Q_n)$.
Show that this definition is equivalent to the one above.
[Hard; can be skipped by students that merely aim for a basic good grade.]
The congruence closure ~_L of ~ is defined by
P ~_L Q if and only if C[P] ~ C[Q] for any L-context C[ ].
Prove that ~_L is the coarsest congruence finer than ~.

Homework 8, Thursday 10-10-2024

(Also due: 15-10-2024 at 10am; accepted without penalty until 16-10-2024 at 10am)

Show that (strong, finitary) partial trace equivalence is a congruence for the CCS relabelling operator. This means that whenever P =_PT Q and f: A -> A is a relabelling operator, it must be the case that P[f] =_PT Q[f].
Sequencing is a binary operation defined on process graphs without the state-label ✔; it starts with its second component as soon as its first component cannot do any further actions.
Sequential composition, on the other hand, is defined on process graphs equipped with a state-labelling, where some states are marked with the symbol for successful termination, ✔. Here the second component starts only when the first one successfully terminates. This is the operator that occurs in ACP.
In (c) and (d) below, work with a form of LTS in which any state (possibly with outgoing transitions) can have the label $\surd$. Moreover, the label $\surd$ can occur in a (partial or completed) trace, as explained in the notes.
1. Give a definition of sequencing as an operator on process graphs.
2. Give an example that shows the difference between these two operators.
3. Is sequential composition (as used e.g. in ACP) compositional for partial trace equivalence? Give a counterexample, or show why.
4. Is sequential composition compositional for completed trace equivalence? Give a counterexample, or show why.
5. Is sequencing compositional for partial trace equivalence? Give a counterexample, or show why.
6. Is sequencing compositional for (strong) completed trace equivalence? Give a counterexample, or show why.
7. Is partial trace equivalence a congruence for sequencing? Show why your answer is correct.
8. Is (strong) completed trace equivalence a congruence for sequencing? Show why your answer is correct.
Use the axioms of CCS to proof by means of equational logic that $((a.(b+c.\bar{e})) \mid (e + \bar{b}.c))\backslash \{b,e\}$ is strongly bisimilar to $a.(c|\tau)$. Here the CCS constant $0$ is elided, meaning that we abbreviate $a.0$ to $a$. Moreover, $P\backslash\{b,e\}$ is the same as $P \backslash b \backslash e$. Which CCS law(s) for restriction do you need to show this?

Homework 9, Tuesday 15-10-2024

(Due: 22-10-2024 at 10am; accepted without penalty until 23-10-2024 at 10am)

Consider the processes a.0 + b.0, τ.(a.0 + b.0), τ.a.0 + b.0, a.τ.0 + b.0 and τ.(a.0 + b.0) + a.0.
1. Which of these processes are weak bisimulation equivalent to each other, and why (or why not)?
2. Which of these processes are branching bisimulation equivalent to each other, and why (or why not)?
3. Which of these processes are rooted weak bisimulation equivalent to each other, and why (or why not)?
4. Which of these processes are rooted branching bisimulation equivalent to each other, and why (or why not)?
Answer
Formally derive the axiom (B) for branching bisimilarity (see notes) from the axioms for weak bisimilarity for CCS.
Answer

Homework 10, Thursday 17-10-2024

(Also due: 22-10-2024 at 10am; accepted without penalty until 23-10-2024 at 10am)

Give a CCS expression for the vending machine intended by Q2 of HW1. This involves declaring a recursive specification.
Answer: \[\begin{array}{lcl} X_0 &=& 20.X_{20} + 50.X_{50} + 100.X_{100} \\ X_{20} &=& 20.X_{40} + 50.X_{60/70} + 100.X_{100} \\ X_{40} &=& 20.X_{60/70} + 50.X_{80/90} + 100.X_{100} \\ X_{50} &=& 20.X_{60/70} + 50.X_{100} + 100.X_{100} \\ X_{60/70} &=& 20.X_{80/90} + 50.X_{100} + 100.X_{100} \\ X_{80/90} &=& 20.X_{100} + 50.X_{100} + 100.X_{100} \\ X_{100} &=& 20.X_{100} + 50.X_{100} + 100.X_{100} + \textit{pretzel}.X_0 + \textit{chocolate}.X_0\\ \end{array}\]
Recall the specification and implementation of the relay race in CCS (HW 6, Q3):

Specification: start.finish.0
Implementation: (R₁ | R₂)\$\{$handover$\}$ where
R₁ = start.handover.0
R₂ = handover.finish.0
Prove the rooted branching bisimulation equivalence between the specification and the implementation by means of equational logic, using the equational axiomatisation of CCS.
Let the processes $X$, $Y$, $Z$ and $W$ be defined by the equations \[\begin{array}{lcl} X &=& b.Y + c.X \\ Y &=& d.(e.X+b.Y) \\ Z &=& b.d.W + c.(b.d.W + c.Z) \\ W &=& e.Z + b.d.W \end{array}\] Proof that $X=Z$, using the CCS axiomatisation of strong bisimilarity with RDP and RSP.
Answer: Consider the recursive specification $\mathcal{S}$ given by \[\begin{array}{lcl} U &=& b.V + c.(b.V + c.U) \\ V &=& d.(e.U + b.V) \end{array}\] Clearly, $\mathcal{S}$ is guarded. Filling in $(Z,d.W)$ for $(U,V)$ yields two true equations, as followed directly from the equations for $Z$ and $W$. Hence $(Z,d.W)$ is a solution of $\mathcal{S}$. Likewise, filling in $(X,Y)$ for $(U,V)$ yields two true equations. Here we apply RDP to replace the $X$ in the body of the defining equation for $X$ by that body itself. So $(X,Y)$ is also a solution of $\mathcal{S}$. By RSP, two solutions of the same guarded recursive specification must be equal, so it follows that $X=Z$ (and $Y=d.W$).

Homework 11, Tuesday 22-10-2024

(Due: 29-10-2024 at 10am; accepted without penalty until 30-10-2024 at 10am)

Model the relay race in CSP.
Answer
How would you translate the CSP expressions (a ☐ b) ⊓ c and (a ⊓ b) ☐ c into CCS? Here I omitted trailing .0's.
Answer
Does the CCS recursive specification $Y = (b.Y | d.Y | e.Y)\backslash \{d\}$ have a unique solution up to strong bisimilarity? How do you know this?
Answer: This recursive specification is guarded, because each call to $Y$ sits in the scope of an action-prefixing operator ($a.$, $d.$ and $e.$). Therefore, by RDP and RSP, it has a unique solution up to strong bisimilarity. The presence of the parallel and restriction operators plays no role.
In a proposed extension of CSP there is a "sliding choice" operator $\triangleright$, which treats its left argument as an external choice, and its right argument as an internal one. Its operational rules are \[ \frac{P \stackrel{a}{\rightarrow} P'}{P \triangleright Q \stackrel{a}{\rightarrow} P'}~(a \neq \tau) \qquad \frac{P \stackrel{\tau}{\rightarrow} P'}{P \triangleright Q \stackrel{\tau}{\rightarrow} P'\triangleright Q} \qquad \frac{}{P \triangleright Q \stackrel{\tau}{\rightarrow} Q} \] Is this operator compositional for strong bisimilarity? How do you know this?
Answer: Yes, because the above rules are on GSOS format.

Here is an attempted operational semantics of the sequencing operator:

P --a--> P'
------------------------ (for P' $\neq$ 0)
P;Q --a--> P';Q

P --a--> 0
----------------
P;Q --a--> Q

Is it in GSOS format? What is wrong with this operational semantics? Show that strong bisimulation is not a congruence for the operator ";" defined by these operational rules (in the context of CCS).
Answer: No, it is not in GSOS format. The second rule fails this format because the right-hand side of its premise features a constant. (The first rule also fails this format, because it has a side-condition that cannot be expanded away.)
To show that strong bisimulation is not a congruence, consider the processes $P=a.0$, $Q=a.(0+0)$ and $R=b.0$. Now $P$ and $Q$ are strongly bisimilar, but $P;R$ and $Q:R$ are not. In fact $P;R$ has a trace $ab$, whereas $Q;R$ can never do a $b$. Here it is important that to match the second rule for ;, being equal to $0$ is taken literally; not up to bisimilarity or so.

Homework 12, Thursday 24-10-2024

(Also due: 29-10-2024 at 10am; accepted without penalty until 30-10-2024 at 10am)

In the paper available at https://www.cse.unsw.edu.au/~rvg/pub/spec1.pdf there are a number of pictures, called Counterexample 1, 2, 3, etc. For each of counterexamples 2 to 6, provide a HML formula (if needed with infinite conjunctions) that holds for the left process, but not for the right one.
Answer
Give an example of a process that satisfies the HML formulas [a]⟨b⟩T and ⟨a⟩([b]⟨c⟩T) but does not satisfy [a]⟨b⟩⟨c⟩T.
Answer

Homework 13, Tuesday 29-10-2024

(Due: 5-11-2024 at 10am; accepted without penalty until 6-11-2024 at 10am)

Consider the HML formula φ = [a]([b]⟨c⟩T $\wedge$ ⟨b⟩[a]F).
Give an example process $P$ that satisfies the formula φ.
Give an example process $Q$ that does not satisfy the formula φ.
Also, give another HML formula without using the negation symbol, that holds for all processes for which φ does not hold.
Answer
Show that (infinitary, strong) completed trace equivalence is incomparable with (strong) simulation equivalence. This means that neither of them is finer-or-equal than the other.
Answer
Given a preorder $\sqsubseteq$ on a set $X$, let $\equiv$ be the kernel of $\sqsubseteq$, and let $\leq$ be the relation on the equivalence classes of $\equiv$ defined by $[x]_\equiv \leq [y]_\equiv$ iff $x \sqsubseteq y$. Here $[x]_\equiv$ denotes the $\equiv$-equivalence class of $x\in X$.
1. Show that $\leq$ is well-defined, in the sense that whether $A \leq B$ holds, for $\equiv$-equivalence classes $A$ and $B$, is independent of the choice of representatives $x\in A$ and $y \in B$ of these equivalence classes, when applying the above definition.
2. Show that $\leq$ is a partial order.
Answer

Homework 14, Thursday 31-10-2024: Partition refinement

(Also due: 5-11-2024 at 10am; accepted without penalty until 6-11-2024 at 10am)

Use the partition refinement algorithm on the states of a.(a.(a+a.a)+a.a)+a.a.a. Trailing .0's are elided. Show the steps. With how many bisimulation equivalence classes do you end up?
Use the partition refinement algorithm for branching bisimilarity on the states of τ.(τ.(a+τ)+τ.a)+τ.(τ.(a+τ)+a). Show the steps. Provide a branching bisimilar process graph with as few states as possible.
Provide an efficient algorithm for deciding rooted branching bisimilarity of process graphs. You may use the partition refinement algorithm for branching bisimilarity as a subroutine, without explaining it further.
Answer: First run the partition refinement algorithm for branching bisimilarity, terminating with exactly one block $B_e$ for each branching bisimilarity equivalence class of states $e$. Next, consider all strong potentials $(a,B_e)$ for that partition; they hold for a state $s$ iff $s$ can do an $a$-transition to a state in block $B_e$. Finally, consider two states rooted branching bisimilar iff they have the same potentials as defined above. (Thus, this algorithm does all the rounds for BB and then one round as for strong bisimilarity.)

Homework 15, Tuesday 5-11-2024

(Due: 12-11-2024 at 10am; accepted without penalty until 13-11-2024 at 10am)
This is a hard question. Yet, for students doing MCS-11, it is obligatory to include it in your portfolio. This is one of the few places where MCS-11 is a bit harder than MCS-10, as the university asked me to ensure.

Modify the definition of weak completed trace semantics (or invent new semantic equivalences from scratch) in six different ways, namely such that
1. deadlock = livelock and escapable divergence = normal progress,
2. escapable divergence = normal progress, and livelock differs from deadlock and from normal progress,
3. deadlock = livelock and escapable divergence differs from livelock and from normal progress,
4. livelock = escapable divergence, different from deadlock and progress,
5. deadlock = livelock = escapable divergence, different from progress,
6. all four phenomena are distinguished.
In all cases deadlock should be distinguished from normal progress. Your notions of weak completed trace equivalence should all be strictly finer than finitary weak partial trace equivalence, as defined in the class notes, and strictly coarser than strong bisimilarity. Also, the definitions should be such that upon restricting attention to processes without divergence, the resulting equivalences coincide with (finitary or) infinitary weak completed trace equivalence as in the notes. They should also be congruences for abstraction (τ_I); no need to prove this. Finally, they should make sense from the perspective of comparing general processes (not just these examples).

Homework 16, Thursday 7-11-2024

(Also due: 12-11-2024 at 10am; accepted without penalty until 13-11-2024 at 10am)

1. Formulate a safety property that is satisfied by $a.b+a.c$, but not by $c.a+b.a$.
2. Formulate a safety property that is satisfied by $a.b+a.c$, but not by $a.(b+c)$.
Translate the ACP implementation of the alternating bit protocol that you can find in the book of Fokkink into CCS and into CSP. Would you have to adapt the specification as well (and how)?
Exercise 6.1.2 in Fokkink.
Let's simplify the alternating bit protocol by omitting the alternating bit. Instead, the receiver send back the signal "success" or "failure" depending on whether it received a correct or a corrupted message. The sender simply resends the last message if it receives a "failure" or the corrupted acknowledgement $\bot$; upon receiving a "success" it proceeds with the next message. Does this version of the protocol work correctly? Explain your answer.

Rob van Glabbeek

main MCS page

notes

Rob.van.Glabbeek@ed.ac.uk

INFR10089/INFR11248 — 2024