testing nondeterministic and probabilistic...
TRANSCRIPT
sfi
Background Testing theory Nondeterminism Probabilities
Testing Nondeterministic and ProbabilisticProcesses
Matthew Hennessy
(joint work with Yuxin Deng, Rocco DeNicola, Rob van Glabbeek, Carroll Morgan, Chenyi Zhang)
BASICS, Shanghai October 09
1/37
sfi
Background Testing theory Nondeterminism Probabilities
Outline
Background why bother ?
Testing theory
Testing nondeterministic processes
Testing Probabilistic and nondeterministic processes
2/37
sfi
Background Testing theory Nondeterminism Probabilities
Outline
Background why bother ?
Testing theory
Testing nondeterministic processes
Testing Probabilistic and nondeterministic processes
3/37
sfi
Background Testing theory Nondeterminism Probabilities
Background
Goal: Specification and proof methodologies forprobabilistic concurrent systems
Nondeterminism + Probability – why necessary ?
◮ “Nondeterminism” intrinsic to specification development a la CSP
◮ underspecified components expressed using “nondeterminism”
COMP ⊓ OPTION ≤ COMP
underspecified more specified
◮ Analysis of concurrent systems requires “nondeterminism”
⊓ - internal choice of CSP
4/37
sfi
Background Testing theory Nondeterminism Probabilities
Background
Goal: Specification and proof methodologies forprobabilistic concurrent systems
Nondeterminism + Probability – why necessary ?
◮ “Nondeterminism” intrinsic to specification development a la CSP
◮ underspecified components expressed using “nondeterminism”
COMP ⊓ OPTION ≤ COMP
underspecified more specified
◮ Analysis of concurrent systems requires “nondeterminism”
⊓ - internal choice of CSP
4/37
sfi
Background Testing theory Nondeterminism Probabilities
Background
Goal: Specification and proof methodologies forprobabilistic concurrent systems
Nondeterminism + Probability – why necessary ?
◮ “Nondeterminism” intrinsic to specification development a la CSP
◮ underspecified components expressed using “nondeterminism”
COMP ⊓ OPTION ≤ COMP
underspecified more specified
◮ Analysis of concurrent systems requires “nondeterminism”
⊓ - internal choice of CSP
4/37
sfi
Background Testing theory Nondeterminism Probabilities
Background
Goal: Specification and proof methodologies forprobabilistic concurrent systems
Nondeterminism + Probability – why necessary ?
◮ “Nondeterminism” intrinsic to specification development a la CSP
◮ underspecified components expressed using “nondeterminism”
COMP ⊓ OPTION ≤ COMP
underspecified more specified
◮ Analysis of concurrent systems requires “nondeterminism”
⊓ - internal choice of CSP
4/37
sfi
Background Testing theory Nondeterminism Probabilities
Analysis of concurrent systems
Sys1:
Sys1 ⇐ (new s)(A | Sw)
A ⇐ up.U + s?down.D
Sw ⇐ s!stop
A Sws
up
down
Sys2:
Sys2 ⇐ (new s)(B | Sw)
B ⇐ s?(up.U + down.D) + s?down.D
Sw ⇐ s!stop
B Sws
up
down
5/37
sfi
Background Testing theory Nondeterminism Probabilities
Analysis of concurent systems
In CSP theory:
Sys1 ≈ Sys2
semantically equivalent
Both equivalent to the nondeterministic
(up.U + down.D) ⊓ down.D
concurrency = nondeterminism + interleaving
probabilistic concurrency= probability + nondeterminism + interleaving
6/37
sfi
Background Testing theory Nondeterminism Probabilities
Analysis of concurent systems
In CSP theory:
Sys1 ≈ Sys2
semantically equivalent
Both equivalent to the nondeterministic
(up.U + down.D) ⊓ down.D
concurrency = nondeterminism + interleaving
probabilistic concurrency= probability + nondeterminism + interleaving
6/37
sfi
Background Testing theory Nondeterminism Probabilities
Analysis of concurent systems
In CSP theory:
Sys1 ≈ Sys2
semantically equivalent
Both equivalent to the nondeterministic
(up.U + down.D) ⊓ down.D
concurrency = nondeterminism + interleaving
probabilistic concurrency= probability + nondeterminism + interleaving
6/37
sfi
Background Testing theory Nondeterminism Probabilities
Analysis of concurent systems
In CSP theory:
Sys1 ≈ Sys2
semantically equivalent
Both equivalent to the nondeterministic
(up.U + down.D) ⊓ down.D
concurrency = nondeterminism + interleaving
probabilistic concurrency= probability + nondeterminism + interleaving
6/37
sfi
Background Testing theory Nondeterminism Probabilities
Outline
Background why bother ?
Testing theory
Testing nondeterministic processes
Testing Probabilistic and nondeterministic processes
7/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing scenario
◮ a set of processes Proc
◮ a set of tests T
◮ a set of outcomes O
◮ Apply : T × Proc → P+(O) – the non-empty set of possible
results of applying a test to a process
Comparing sets of outcomes:
◮ O1 ⊑Ho O2 if for every o1 ∈ O1 there exists some o2 ∈ O2
such that o1 ≤ o2
◮ O1 ⊑Sm O2 if for every o2 ∈ O2 there exists some o1 ∈ O1
such that o1 ≤ o2
o1 ≤ o2 : means o2 is as least as good as o1
8/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing scenario
◮ a set of processes Proc
◮ a set of tests T
◮ a set of outcomes O
◮ Apply : T × Proc → P+(O) – the non-empty set of possible
results of applying a test to a process
Comparing sets of outcomes:
◮ O1 ⊑Ho O2 if for every o1 ∈ O1 there exists some o2 ∈ O2
such that o1 ≤ o2
◮ O1 ⊑Sm O2 if for every o2 ∈ O2 there exists some o1 ∈ O1
such that o1 ≤ o2
o1 ≤ o2 : means o2 is as least as good as o1
8/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing preorders
◮ P ⊑may Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑must Q if Apply(T , P) ⊑Sm Apply(T , Q) for every test T
Standard testing:
Use as outcomes O = {⊤, ⊥} with ⊥ ≤ ⊤
Comparisions:
Possible outcome sets: {⊥} {⊥,⊤} {⊤}
◮ May: {⊥} <Ho {⊥,⊤} =Ho {⊤}
◮ Must: {⊥} =Sm {⊥,⊤} <Sm {⊤}
9/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing preorders
◮ P ⊑may Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑must Q if Apply(T , P) ⊑Sm Apply(T , Q) for every test T
Standard testing:
Use as outcomes O = {⊤, ⊥} with ⊥ ≤ ⊤
Comparisions:
Possible outcome sets: {⊥} {⊥,⊤} {⊤}
◮ May: {⊥} <Ho {⊥,⊤} =Ho {⊤}
◮ Must: {⊥} =Sm {⊥,⊤} <Sm {⊤}
9/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing preorders
◮ P ⊑may Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑must Q if Apply(T , P) ⊑Sm Apply(T , Q) for every test T
Standard testing:
Use as outcomes O = {⊤, ⊥} with ⊥ ≤ ⊤
Comparisions:
Possible outcome sets: {⊥} {⊥,⊤} {⊤}
◮ May: {⊥} <Ho {⊥,⊤} =Ho {⊤}
◮ Must: {⊥} =Sm {⊥,⊤} <Sm {⊤}
9/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing preorders
◮ P ⊑may Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑must Q if Apply(T , P) ⊑Sm Apply(T , Q) for every test T
Probabilistic testing:
Use as O the unit interval [0, 1]Intuition: with 0 ≤ p ≤ q ≤ 1, passing a test with probability q
better than passing with probability p
Comparisions:
◮ May: O1 ⊑Ho O2 is every possibility p ∈ O1 can be improvedon by some q ∈ O2
◮ Must: O1 ⊑Sm O2 if every possibility q ∈ O2 is animprovement on some p ∈ O1
10/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing preorders
◮ P ⊑may Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑must Q if Apply(T , P) ⊑Sm Apply(T , Q) for every test T
Probabilistic testing:
Use as O the unit interval [0, 1]Intuition: with 0 ≤ p ≤ q ≤ 1, passing a test with probability q
better than passing with probability p
Comparisions:
◮ May: O1 ⊑Ho O2 is every possibility p ∈ O1 can be improvedon by some q ∈ O2
◮ Must: O1 ⊑Sm O2 if every possibility q ∈ O2 is animprovement on some p ∈ O1
10/37
sfi
Background Testing theory Nondeterminism Probabilities
Outline
Background why bother ?
Testing theory
Testing nondeterministic processes
Testing Probabilistic and nondeterministic processes
11/37
sfi
Background Testing theory Nondeterminism Probabilities
Nondeterministic processes
Intensional semantics:
A process is a state in an LTS
Labelled Transition Systems:
〈S , Actτ ,−→〉
◮ S - states
◮ −→ ⊆ S × Actτ × S
s1µ−→ s2: process s1 can perform action µ and continue as s2
s1τ−→ s2 special internal action
12/37
sfi
Background Testing theory Nondeterminism Probabilities
Nondeterministic processes
Intensional semantics:
A process is a state in an LTS
Labelled Transition Systems:
〈S , Actτ ,−→〉
◮ S - states
◮ −→ ⊆ S × Actτ × S
s1µ−→ s2: process s1 can perform action µ and continue as s2
s1τ−→ s2 special internal action
12/37
sfi
Background Testing theory Nondeterminism Probabilities
Process calculi: Syntax for LTSs
Example process calculus CCS:
◮ 0 Do nothing
◮ µ.P Perform µ then act as P
◮ P | Q Run P and Q in parallel . . . communicating via complementary actions
◮ P + Q Nondeterministic choice between P and Q
◮ recursive definitions D ⇐ P
ActionsP µ−→ Q defined inductively
lots of other process calculi
13/37
sfi
Background Testing theory Nondeterminism Probabilities
Process calculi: Syntax for LTSs
Example process calculus CCS:
◮ 0 Do nothing
◮ µ.P Perform µ then act as P
◮ P | Q Run P and Q in parallel . . . communicating via complementary actions
◮ P + Q Nondeterministic choice between P and Q
◮ recursive definitions D ⇐ P
ActionsP µ−→ Q defined inductively
lots of other process calculi
13/37
sfi
Background Testing theory Nondeterminism Probabilities
Process calculi: Syntax for LTSs
Example process calculus CCS:
◮ 0 Do nothing
◮ µ.P Perform µ then act as P
◮ P | Q Run P and Q in parallel . . . communicating via complementary actions
◮ P + Q Nondeterministic choice between P and Q
◮ recursive definitions D ⇐ P
ActionsP µ−→ Q defined inductively
lots of other process calculi
13/37
sfi
Background Testing theory Nondeterminism Probabilities
Process calculi: Syntax for LTSs
Example process calculus CCS:
◮ 0 Do nothing
◮ µ.P Perform µ then act as P
◮ P | Q Run P and Q in parallel . . . communicating via complementary actions
◮ P + Q Nondeterministic choice between P and Q
◮ recursive definitions D ⇐ P
ActionsP µ−→ Q defined inductively
lots of other process calculi
13/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing nondeterministic processes
Tests:Any process which may contain new report success action/state ω
T ⇐ a.ω + b.T + c . 0:
◮ requests an a action . . .
◮ after an arbitrary number of b actions . . .
◮ without doing any c action
Applying test T to process P :
◮ Run the combined process (T | P)
◮ Each execution succeeds or fails
◮ Each execution contributes ⊤ or ⊥ to Apply(T , P)
Nondeterministic (T | P) resolved to a set of deterministicexecutions
14/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing nondeterministic processes
Tests:Any process which may contain new report success action/state ω
T ⇐ a.ω + b.T + c . 0:
◮ requests an a action . . .
◮ after an arbitrary number of b actions . . .
◮ without doing any c action
Applying test T to process P :
◮ Run the combined process (T | P)
◮ Each execution succeeds or fails
◮ Each execution contributes ⊤ or ⊥ to Apply(T , P)
Nondeterministic (T | P) resolved to a set of deterministicexecutions
14/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing nondeterministic processes
Tests:Any process which may contain new report success action/state ω
T ⇐ a.ω + b.T + c . 0:
◮ requests an a action . . .
◮ after an arbitrary number of b actions . . .
◮ without doing any c action
Applying test T to process P :
◮ Run the combined process (T | P)
◮ Each execution succeeds or fails
◮ Each execution contributes ⊤ or ⊥ to Apply(T , P)
Nondeterministic (T | P) resolved to a set of deterministicexecutions
14/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Test:T ⇐ a.ω + b.T + c . 0 Process:P ⇐ b.(a.Q + b.P)
Deterministic executions:
T | P τ−→bτ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→bτ−→a ω | ⊤
T | P . . . ⊤
T | P τ−→bτ−→b
τ−→b . . . . . .τ−→b . . . ⊥
Result:Apply(T , P) = {⊥, ⊤}
15/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Test:T ⇐ a.ω + b.T + c . 0 Process:P ⇐ b.(a.Q + b.P)
Deterministic executions:
T | P τ−→bτ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→bτ−→a ω | ⊤
T | P . . . ⊤
T | P τ−→bτ−→b
τ−→b . . . . . .τ−→b . . . ⊥
Result:Apply(T , P) = {⊥, ⊤}
15/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Test:T ⇐ a.ω + b.T + c . 0 Process:P ⇐ b.(a.Q + b.P)
Deterministic executions:
T | P τ−→bτ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→bτ−→a ω | ⊤
T | P . . . ⊤
T | P τ−→bτ−→b
τ−→b . . . . . .τ−→b . . . ⊥
Result:Apply(T , P) = {⊥, ⊤}
15/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Test:T ⇐ a.ω + b.T + c . 0 Process:P ⇐ b.(a.Q + b.P)
Deterministic executions:
T | P τ−→bτ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→a ω | ⊤
T | P τ−→bτ−→b
τ−→bτ−→a ω | ⊤
T | P . . . ⊤
T | P τ−→bτ−→b
τ−→b . . . . . .τ−→b . . . ⊥
Result:Apply(T , P) = {⊥, ⊤}
15/37
sfi
Background Testing theory Nondeterminism Probabilities
May-testing nondeterministic processes
Divergence not important:
P + τ.τ∞ ≃may P
Choice not important:
a
b c
≃may
a a
b c
16/37
sfi
Background Testing theory Nondeterminism Probabilities
May-testing nondeterministic processes
Divergence not important:
P + τ.τ∞ ≃may P
Choice not important:
a
b c
≃may
a a
b c
16/37
sfi
Background Testing theory Nondeterminism Probabilities
Must testing nondeterministic processes
Divergence catastrophic:
P + τ.τ∞ ≃must τ
∞
Internal choices not very important:
a
τ τ
τb
c
bc
≃must
a
τ τ
b c
17/37
sfi
Background Testing theory Nondeterminism Probabilities
Must testing nondeterministic processes
Divergence catastrophic:
P + τ.τ∞ ≃must τ
∞
Internal choices not very important:
a
τ τ
τb
c
bc
≃must
a
τ τ
b c
17/37
sfi
Background Testing theory Nondeterminism Probabilities
Characterising nondeterministic processes
Ingredients:
◮ Traces: a1a2 . . . an in Traces(P) whenever
P τ−→∗ a1−→ τ−→∗. . . . . .
τ−→∗ an−→ τ−→∗ P ′
◮ Divergences/convergences: P ⇓ whenever there is no infiniteexecution
P τ−→ τ−→ . . . . . .τ−→ . . . . . .
◮ Failures/Acceptances: P accA whenever P ⇓ and
P τ−→∗ P ′ implies P ′ a=⇒ for some a in A
18/37
sfi
Background Testing theory Nondeterminism Probabilities
Characterising nondeterministic processes
Ingredients:
◮ Traces: a1a2 . . . an in Traces(P) whenever
P τ−→∗ a1−→ τ−→∗. . . . . .
τ−→∗ an−→ τ−→∗ P ′
◮ Divergences/convergences: P ⇓ whenever there is no infiniteexecution
P τ−→ τ−→ . . . . . .τ−→ . . . . . .
◮ Failures/Acceptances: P accA whenever P ⇓ and
P τ−→∗ P ′ implies P ′ a=⇒ for some a in A
18/37
sfi
Background Testing theory Nondeterminism Probabilities
Outline
Background why bother ?
Testing theory
Testing nondeterministic processes
Testing Probabilistic and nondeterministic processes
19/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic and nondeterministic processes
Intensional semantics:
A process is a distribution in an pLTS
Probabilistic Labelled Transition Systems:
〈S , Actτ ,−→〉
◮ S - states
◮ −→ ⊆ S × Actτ ×D(S)
D(S): Mappings ∆ : S → [0, 1] with∑
s∈S ∆(s) = 1
s1µ−→ ∆: process s1
◮ can perform action µ
◮ with probability ∆(s2) it continues as process s2
20/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic and nondeterministic processes
Intensional semantics:
A process is a distribution in an pLTS
Probabilistic Labelled Transition Systems:
〈S , Actτ ,−→〉
◮ S - states
◮ −→ ⊆ S × Actτ ×D(S)
D(S): Mappings ∆ : S → [0, 1] with∑
s∈S ∆(s) = 1
s1µ−→ ∆: process s1
◮ can perform action µ
◮ with probability ∆(s2) it continues as process s2
20/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic and nondeterministic processes
Intensional semantics:
A process is a distribution in an pLTS
Probabilistic Labelled Transition Systems:
〈S , Actτ ,−→〉
◮ S - states
◮ −→ ⊆ S × Actτ ×D(S)
D(S): Mappings ∆ : S → [0, 1] with∑
s∈S ∆(s) = 1
s1µ−→ ∆: process s1
◮ can perform action µ
◮ with probability ∆(s2) it continues as process s2
20/37
sfi
Background Testing theory Nondeterminism Probabilities
Example probabilistic processes
Pτ τ
12 1
2
τ
a
12 1
2
a
What is the probability of action a happening?
21/37
sfi
Background Testing theory Nondeterminism Probabilities
Example probabilistic processes
Pτ τ
12 1
2
τ
a
12 1
2
a
What is the probability of action a happening?
21/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic process calculi: Syntax for pLTSs
Example process calculus pCCS:
State terms S , T :
◮ 0
◮ µ.P
◮ S | T S + T
◮ recursive definitions
Process terms P, Q:
◮ S
◮ P p⊕ Q probabilistic choice between P and Q
Actionss µ−→ ∆ defined inductively
process terms are distributions over states
22/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic process calculi: Syntax for pLTSs
Example process calculus pCCS:
State terms S , T :
◮ 0
◮ µ.P
◮ S | T S + T
◮ recursive definitions
Process terms P, Q:
◮ S
◮ P p⊕ Q probabilistic choice between P and Q
Actionss µ−→ ∆ defined inductively
process terms are distributions over states
22/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic process calculi: Syntax for pLTSs
Example process calculus pCCS:
State terms S , T :
◮ 0
◮ µ.P
◮ S | T S + T
◮ recursive definitions
Process terms P, Q:
◮ S
◮ P p⊕ Q probabilistic choice between P and Q
Actionss µ−→ ∆ defined inductively
process terms are distributions over states
22/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic process calculi: Syntax for pLTSs
Example process calculus pCCS:
State terms S , T :
◮ 0
◮ µ.P
◮ S | T S + T
◮ recursive definitions
Process terms P, Q:
◮ S
◮ P p⊕ Q probabilistic choice between P and Q
Actionss µ−→ ∆ defined inductively
process terms are distributions over states
22/37
sfi
Background Testing theory Nondeterminism Probabilities
Probabilistic process calculi: Syntax for pLTSs
Example process calculus pCCS:
State terms S , T :
◮ 0
◮ µ.P
◮ S | T S + T
◮ recursive definitions
Process terms P, Q:
◮ S
◮ P p⊕ Q probabilistic choice between P and Q
Actionss µ−→ ∆ defined inductively
process terms are distributions over states
22/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing probabilistic processes
Tests:Any (prob. . . ) process which may contain report success
action/state ω
a.ω 14⊕ (b + c .ω):
◮ 25% of time requests an a action
◮ 75% requests a c action
◮ 75% requires that b is not possible in a must test
Applying test T to process P :
◮ Execute the combined process (T | P)
◮ Each execution contributes some probability p to Apply(T , P)
◮ Each execution is a deterministic resolution of (T | P)
23/37
sfi
Background Testing theory Nondeterminism Probabilities
Testing probabilistic processes
Tests:Any (prob. . . ) process which may contain report success
action/state ω
a.ω 14⊕ (b + c .ω):
◮ 25% of time requests an a action
◮ 75% requests a c action
◮ 75% requires that b is not possible in a must test
Applying test T to process P :
◮ Execute the combined process (T | P)
◮ Each execution contributes some probability p to Apply(T , P)
◮ Each execution is a deterministic resolution of (T | P)
23/37
sfi
Background Testing theory Nondeterminism Probabilities
Executing probabilistic nondeterministic processes (T | P)
◮ Choice points occur during an execution
◮ choices are made◮ statically◮ or dynamically
◮ choices are made◮ by schedulers◮ adversaries◮ policies
Executions:
◮ give deterministic behaviour - but may be probabilistic
◮ contribute a probability to Apply(T , P)
24/37
sfi
Background Testing theory Nondeterminism Probabilities
Executing probabilistic nondeterministic processes (T | P)
◮ Choice points occur during an execution
◮ choices are made◮ statically◮ or dynamically
◮ choices are made◮ by schedulers◮ adversaries◮ policies
Executions:
◮ give deterministic behaviour - but may be probabilistic
◮ contribute a probability to Apply(T , P)
24/37
sfi
Background Testing theory Nondeterminism Probabilities
Executing probabilistic nondeterministic processes (T | P)
◮ Choice points occur during an execution
◮ choices are made◮ statically◮ or dynamically
◮ choices are made◮ by schedulers◮ adversaries◮ policies
Executions:
◮ give deterministic behaviour - but may be probabilistic
◮ contribute a probability to Apply(T , P)
24/37
sfi
Background Testing theory Nondeterminism Probabilities
Executing probabilistic nondeterministic processes (T | P)
◮ Choice points occur during an execution
◮ choices are made◮ statically◮ or dynamically
◮ choices are made◮ by schedulers◮ adversaries◮ policies
Executions:
◮ give deterministic behaviour - but may be probabilistic
◮ contribute a probability to Apply(T , P)
24/37
sfi
Background Testing theory Nondeterminism Probabilities
Example of executions
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
Static Policies:
pp1 : s1 7−→ s0
pp2 : s1 7−→ tbd
Possible results:
Using pp1:1
4+
3
4·1
4+ (
3
4)2 ·
1
4+ . . . + . . . = 1
Using pp2:1
4+
3
4· 0 =
1
4
25/37
sfi
Background Testing theory Nondeterminism Probabilities
Example of executions
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
Static Policies:
pp1 : s1 7−→ s0
pp2 : s1 7−→ tbd
Possible results:
Using pp1:1
4+
3
4·1
4+ (
3
4)2 ·
1
4+ . . . + . . . = 1
Using pp2:1
4+
3
4· 0 =
1
4
25/37
sfi
Background Testing theory Nondeterminism Probabilities
Example of executions
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
Static Policies:
pp1 : s1 7−→ s0
pp2 : s1 7−→ tbd
Possible results:
Using pp1:1
4+
3
4·1
4+ (
3
4)2 ·
1
4+ . . . + . . . = 1
Using pp2:1
4+
3
4· 0 =
1
4
25/37
sfi
Background Testing theory Nondeterminism Probabilities
More executionsT | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
Arbitrary policies:combinations of
pp1 : s1 7−→ s0
pp2 : s1 7−→ tbd
Possible results:
Using pp1: 1
Using pp2:1
4
In general: p · 1 + (1 − p) ·1
4for some 0 ≤ p ≤ 1
26/37
sfi
Background Testing theory Nondeterminism Probabilities
More executionsT | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
Arbitrary policies:combinations of
pp1 : s1 7−→ s0
pp2 : s1 7−→ tbd
Possible results:
Using pp1: 1
Using pp2:1
4
In general: p · 1 + (1 − p) ·1
4for some 0 ≤ p ≤ 1
26/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions I
From pLTSS to LTSs
∆ µ−→ Θ
◮ ∆ represents a cloud of possible process states
◮ each possible state must be able to perform µ
◮ all possible residuals combine to Θ
Examples:
◮ (a.b + a.c) 12⊕ a.d a−→ b 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b 1
2⊕ c) 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b p⊕ c) 1
2⊕ d
◮ (τ.a + τ.b) 12⊕ (τ.a + τ.c) τ−→ a 1
2⊕ (b 1
2⊕ c)
27/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions I
From pLTSS to LTSs
∆ µ−→ Θ
◮ ∆ represents a cloud of possible process states
◮ each possible state must be able to perform µ
◮ all possible residuals combine to Θ
Examples:
◮ (a.b + a.c) 12⊕ a.d a−→ b 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b 1
2⊕ c) 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b p⊕ c) 1
2⊕ d
◮ (τ.a + τ.b) 12⊕ (τ.a + τ.c) τ−→ a 1
2⊕ (b 1
2⊕ c)
27/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions I
From pLTSS to LTSs
∆ µ−→ Θ
◮ ∆ represents a cloud of possible process states
◮ each possible state must be able to perform µ
◮ all possible residuals combine to Θ
Examples:
◮ (a.b + a.c) 12⊕ a.d a−→ b 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b 1
2⊕ c) 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b p⊕ c) 1
2⊕ d
◮ (τ.a + τ.b) 12⊕ (τ.a + τ.c) τ−→ a 1
2⊕ (b 1
2⊕ c)
27/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions I
From pLTSS to LTSs
∆ µ−→ Θ
◮ ∆ represents a cloud of possible process states
◮ each possible state must be able to perform µ
◮ all possible residuals combine to Θ
Examples:
◮ (a.b + a.c) 12⊕ a.d a−→ b 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b 1
2⊕ c) 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b p⊕ c) 1
2⊕ d
◮ (τ.a + τ.b) 12⊕ (τ.a + τ.c) τ−→ a 1
2⊕ (b 1
2⊕ c)
27/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions I
From pLTSS to LTSs
∆ µ−→ Θ
◮ ∆ represents a cloud of possible process states
◮ each possible state must be able to perform µ
◮ all possible residuals combine to Θ
Examples:
◮ (a.b + a.c) 12⊕ a.d a−→ b 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b 1
2⊕ c) 1
2⊕ d
◮ (a.b + a.c) 12⊕ a.d a−→ (b p⊕ c) 1
2⊕ d
◮ (τ.a + τ.b) 12⊕ (τ.a + τ.c) τ−→ a 1
2⊕ (b 1
2⊕ c)
27/37
sfi
Background Testing theory Nondeterminism Probabilities
From pLTSS to LTSs: formally
∆ µ−→ Θ
whenever
◮ ∆ =∑
i∈I pi · si , I a finite index set
◮ For each i ∈ I there is a distribution Θi s.t. siµ−→ Θi
◮ Θ =∑
i∈I pi · Θi
◮
∑
i∈I pi = 1
Note: in decomposition∑
i∈I pi · si states si are not necessarilyunique
28/37
sfi
Background Testing theory Nondeterminism Probabilities
From pLTSS to LTSs: formally
∆ µ−→ Θ
whenever
◮ ∆ =∑
i∈I pi · si , I a finite index set
◮ For each i ∈ I there is a distribution Θi s.t. siµ−→ Θi
◮ Θ =∑
i∈I pi · Θi
◮
∑
i∈I pi = 1
Note: in decomposition∑
i∈I pi · si states si are not necessarilyunique
28/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions IIExecuting (T | P) to Θ: (T | P) =⇒≻ Θ
(T | P) = ∆→
0 + ∆stop0
∆→
0τ−→ ∆→
1 + ∆stop1
. . . . . .
∆→
kτ−→ ∆→
(k+1)+ ∆stop(k+1)
. . . . . .
. . . . . .
Total: Θ =∑
∞
k=0 ∆stopk
◮ ∆stop: all states in ∆ which note: subdistributions
◮ are successful s ω−→
◮ or are stuck s 6 τ−→
◮ ∆→: all other states, which can proceed s τ−→
29/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions IIExecuting (T | P) to Θ: (T | P) =⇒≻ Θ
(T | P) = ∆→
0 + ∆stop0
∆→
0τ−→ ∆→
1 + ∆stop1
. . . . . .
∆→
kτ−→ ∆→
(k+1)+ ∆stop(k+1)
. . . . . .
. . . . . .
Total: Θ =∑
∞
k=0 ∆stopk
◮ ∆stop: all states in ∆ which note: subdistributions
◮ are successful s ω−→
◮ or are stuck s 6 τ−→
◮ ∆→: all other states, which can proceed s τ−→
29/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions IIExecuting (T | P) to Θ: (T | P) =⇒≻ Θ
(T | P) = ∆→
0 + ∆stop0
∆→
0τ−→ ∆→
1 + ∆stop1
. . . . . .
∆→
kτ−→ ∆→
(k+1)+ ∆stop(k+1)
. . . . . .
. . . . . .
Total: Θ =∑
∞
k=0 ∆stopk
◮ ∆stop: all states in ∆ which note: subdistributions
◮ are successful s ω−→
◮ or are stuck s 6 τ−→
◮ ∆→: all other states, which can proceed s τ−→
29/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions IIExecuting (T | P) to Θ: (T | P) =⇒≻ Θ
(T | P) = ∆→
0 + ∆stop0
∆→
0τ−→ ∆→
1 + ∆stop1
. . . . . .
∆→
kτ−→ ∆→
(k+1)+ ∆stop(k+1)
. . . . . .
. . . . . .
Total: Θ =∑
∞
k=0 ∆stopk
◮ ∆stop: all states in ∆ which note: subdistributions
◮ are successful s ω−→
◮ or are stuck s 6 τ−→
◮ ∆→: all other states, which can proceed s τ−→
29/37
sfi
Background Testing theory Nondeterminism Probabilities
Formalising executions IIExecuting (T | P) to Θ: (T | P) =⇒≻ Θ
(T | P) = ∆→
0 + ∆stop0
∆→
0τ−→ ∆→
1 + ∆stop1
. . . . . .
∆→
kτ−→ ∆→
(k+1)+ ∆stop(k+1)
. . . . . .
. . . . . .
Total: Θ =∑
∞
k=0 ∆stopk
◮ ∆stop: all states in ∆ which note: subdistributions
◮ are successful s ω−→
◮ or are stuck s 6 τ−→
◮ ∆→: all other states, which can proceed s τ−→
29/37
sfi
Background Testing theory Nondeterminism Probabilities
Applying tests to processes: Apply(T , P)
◮ find all executions from (T | P): (T | P) =⇒≻ Θ
◮ calculate contribution of each Θ
Contribution of Θ:
◮ all states in Θ are successful s ω−→ or stuck s 6 τ−→
◮ V(Θ) =∑
{Θ(s) | s ω−→} weight of success
Apply(T , P) = { V(Θ) | (T | P) =⇒≻ Θ }
Problem: set of executions { Θ | (T | P) =⇒≻ Θ } difficultto calculate
30/37
sfi
Background Testing theory Nondeterminism Probabilities
Applying tests to processes: Apply(T , P)
◮ find all executions from (T | P): (T | P) =⇒≻ Θ
◮ calculate contribution of each Θ
Contribution of Θ:
◮ all states in Θ are successful s ω−→ or stuck s 6 τ−→
◮ V(Θ) =∑
{Θ(s) | s ω−→} weight of success
Apply(T , P) = { V(Θ) | (T | P) =⇒≻ Θ }
Problem: set of executions { Θ | (T | P) =⇒≻ Θ } difficultto calculate
30/37
sfi
Background Testing theory Nondeterminism Probabilities
Applying tests to processes: Apply(T , P)
◮ find all executions from (T | P): (T | P) =⇒≻ Θ
◮ calculate contribution of each Θ
Contribution of Θ:
◮ all states in Θ are successful s ω−→ or stuck s 6 τ−→
◮ V(Θ) =∑
{Θ(s) | s ω−→} weight of success
Apply(T , P) = { V(Θ) | (T | P) =⇒≻ Θ }
Problem: set of executions { Θ | (T | P) =⇒≻ Θ } difficultto calculate
30/37
sfi
Background Testing theory Nondeterminism Probabilities
Applying tests to processes: Apply(T , P)
◮ find all executions from (T | P): (T | P) =⇒≻ Θ
◮ calculate contribution of each Θ
Contribution of Θ:
◮ all states in Θ are successful s ω−→ or stuck s 6 τ−→
◮ V(Θ) =∑
{Θ(s) | s ω−→} weight of success
Apply(T , P) = { V(Θ) | (T | P) =⇒≻ Θ }
Problem: set of executions { Θ | (T | P) =⇒≻ Θ } difficultto calculate
30/37
sfi
Background Testing theory Nondeterminism Probabilities
Alternative strategy
Recall:
◮ P ⊑pmay Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑pmust Q if Apply(T , P) ⊑Sm Apply(T , Q) for every testT
Maybe:
◮ P ⊑pmay Q if sup(Apply(T , P)) ≤ sup(Apply(T , Q)) forevery test T
◮ P ⊑pmust Q if inf(Apply(T , P)) ⊑Sm inf(Apply(T , Q)) forevery test T
Strategy:
◮ calculate inf(Apply(T ,−)) and sup(Apply(T ,−)) directly
◮ do not calculate the entire set Apply(T ,−)31/37
sfi
Background Testing theory Nondeterminism Probabilities
Alternative strategy
Recall:
◮ P ⊑pmay Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑pmust Q if Apply(T , P) ⊑Sm Apply(T , Q) for every testT
Maybe:
◮ P ⊑pmay Q if sup(Apply(T , P)) ≤ sup(Apply(T , Q)) forevery test T
◮ P ⊑pmust Q if inf(Apply(T , P)) ⊑Sm inf(Apply(T , Q)) forevery test T
Strategy:
◮ calculate inf(Apply(T ,−)) and sup(Apply(T ,−)) directly
◮ do not calculate the entire set Apply(T ,−)31/37
sfi
Background Testing theory Nondeterminism Probabilities
Alternative strategy
Recall:
◮ P ⊑pmay Q if Apply(T , P) ⊑Ho Apply(T , Q) for every test T
◮ P ⊑pmust Q if Apply(T , P) ⊑Sm Apply(T , Q) for every testT
Maybe:
◮ P ⊑pmay Q if sup(Apply(T , P)) ≤ sup(Apply(T , Q)) forevery test T
◮ P ⊑pmust Q if inf(Apply(T , P)) ⊑Sm inf(Apply(T , Q)) forevery test T
Strategy:
◮ calculate inf(Apply(T ,−)) and sup(Apply(T ,−)) directly
◮ do not calculate the entire set Apply(T ,−)31/37
sfi
Background Testing theory Nondeterminism Probabilities
Example: Calculating the sup
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
sup-equation:
rsup =3
4· s1 +
1
4· s2
s1 = max{rsup, tbd}
s2 = tgd
tbd = 0
tgd = 1
sup(Apply(T , P)) is least solution: rsup = 1
32/37
sfi
Background Testing theory Nondeterminism Probabilities
Example: Calculating the sup
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
sup-equation:
rsup =3
4· s1 +
1
4· s2
s1 = max{rsup, tbd}
s2 = tgd
tbd = 0
tgd = 1
sup(Apply(T , P)) is least solution: rsup = 1
32/37
sfi
Background Testing theory Nondeterminism Probabilities
Example: Calculating the sup
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
sup-equation:
rsup =3
4· s1 +
1
4· s2
s1 = max{rsup, tbd}
s2 = tgd
tbd = 0
tgd = 1
sup(Apply(T , P)) is least solution: rsup = 1
32/37
sfi
Background Testing theory Nondeterminism Probabilities
Example: Calculating the inf
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
inf-equation:
rinf =3
4· s1 +
1
4· s2
s1 = min{rinf , tbd}
s2 = tgd
tbd = 0
tgd = 1
inf(Apply(T , P)) is least solution: rinf = 14
33/37
sfi
Background Testing theory Nondeterminism Probabilities
Example: Calculating the inf
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
inf-equation:
rinf =3
4· s1 +
1
4· s2
s1 = min{rinf , tbd}
s2 = tgd
tbd = 0
tgd = 1
inf(Apply(T , P)) is least solution: rinf = 14
33/37
sfi
Background Testing theory Nondeterminism Probabilities
Example: Calculating the inf
T | P
s1 s2
tbd tgd
τ
34
14
τ
τ τ
ω
inf-equation:
rinf =3
4· s1 +
1
4· s2
s1 = min{rinf , tbd}
s2 = tgd
tbd = 0
tgd = 1
inf(Apply(T , P)) is least solution: rinf = 14
33/37
sfi
Background Testing theory Nondeterminism Probabilities
Finitary pLTSs
Whenever
◮ set of states are finite
◮ set of actions are finite
In a finitary pLTS:
◮ execution sets {Θ | Apply(T , P) =⇒≻ Θ } are closed
◮ P ⊑may Q iff inf(Apply(T , P)) ≤ inf(Apply(T , Q)) for everytest T
◮ P ⊑must Q iff sup(Apply(T , P)) ⊑Sm sup(Apply(T , Q)) forevery test T
◮ inf(Apply(T ,−)) is least solution of inf-equation
◮ sup(Apply(T ,−)) is least solution of sup-equation
34/37
sfi
Background Testing theory Nondeterminism Probabilities
Finitary pLTSs
Whenever
◮ set of states are finite
◮ set of actions are finite
In a finitary pLTS:
◮ execution sets {Θ | Apply(T , P) =⇒≻ Θ } are closed
◮ P ⊑may Q iff inf(Apply(T , P)) ≤ inf(Apply(T , Q)) for everytest T
◮ P ⊑must Q iff sup(Apply(T , P)) ⊑Sm sup(Apply(T , Q)) forevery test T
◮ inf(Apply(T ,−)) is least solution of inf-equation
◮ sup(Apply(T ,−)) is least solution of sup-equation
34/37
sfi
Background Testing theory Nondeterminism Probabilities
Finitary pLTSs
Whenever
◮ set of states are finite
◮ set of actions are finite
In a finitary pLTS:
◮ execution sets {Θ | Apply(T , P) =⇒≻ Θ } are closed
◮ P ⊑may Q iff inf(Apply(T , P)) ≤ inf(Apply(T , Q)) for everytest T
◮ P ⊑must Q iff sup(Apply(T , P)) ⊑Sm sup(Apply(T , Q)) forevery test T
◮ inf(Apply(T ,−)) is least solution of inf-equation
◮ sup(Apply(T ,−)) is least solution of sup-equation
34/37
sfi
Background Testing theory Nondeterminism Probabilities
Finitary pLTSs
Whenever
◮ set of states are finite
◮ set of actions are finite
In a finitary pLTS:
◮ execution sets {Θ | Apply(T , P) =⇒≻ Θ } are closed
◮ P ⊑may Q iff inf(Apply(T , P)) ≤ inf(Apply(T , Q)) for everytest T
◮ P ⊑must Q iff sup(Apply(T , P)) ⊑Sm sup(Apply(T , Q)) forevery test T
◮ inf(Apply(T ,−)) is least solution of inf-equation
◮ sup(Apply(T ,−)) is least solution of sup-equation
34/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
r1 = a.(τ.b + τ.c) r2 = a.b + a.c T = a.(b.ω 12⊕ c .ω)
r1
ω ω
τ
12
12
τ τ
τ
ττ
τ
r2
ω ω
τ τ
τ
12 1
2
τ
τ
12
12
τ
Apply(T ,r1)=
(
inf : 0
sup : 1Apply(T ,r2)=
(
inf : 12
sup : 12
So choice points do matter: r1 6≃pmay r2 r1 6≃pmust r2
35/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
r1 = a.(τ.b + τ.c) r2 = a.b + a.c T = a.(b.ω 12⊕ c .ω)
r1
ω ω
τ
12
12
τ τ
τ
ττ
τ
r2
ω ω
τ τ
τ
12 1
2
τ
τ
12
12
τ
Apply(T ,r1)=
(
inf : 0
sup : 1Apply(T ,r2)=
(
inf : 12
sup : 12
So choice points do matter: r1 6≃pmay r2 r1 6≃pmust r2
35/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Pτ τ
12 1
2
τ
a
12 1
2
a
a.ω | P
ω ω
τ τ
12 1
2
τ
τ
12 1
2
τ
Apply(a.ω, P) =
{
inf : 12
sup : 1
P ≃pmay a. 0 P ⊑pmust a. 0 a. 0 6⊑pmust P
36/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Pτ τ
12 1
2
τ
a
12 1
2
a
a.ω | P
ω ω
τ τ
12 1
2
τ
τ
12 1
2
τ
Apply(a.ω, P) =
{
inf : 12
sup : 1
P ≃pmay a. 0 P ⊑pmust a. 0 a. 0 6⊑pmust P
36/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Pτ τ
12 1
2
τ
a
12 1
2
a
a.ω | P
ω ω
τ τ
12 1
2
τ
τ
12 1
2
τ
Apply(a.ω, P) =
{
inf : 12
sup : 1
P ≃pmay a. 0 P ⊑pmust a. 0 a. 0 6⊑pmust P
36/37
sfi
Background Testing theory Nondeterminism Probabilities
Example
Pτ τ
12 1
2
τ
a
12 1
2
a
a.ω | P
ω ω
τ τ
12 1
2
τ
τ
12 1
2
τ
Apply(a.ω, P) =
{
inf : 12
sup : 1
P ≃pmay a. 0 P ⊑pmust a. 0 a. 0 6⊑pmust P
36/37
sfi
Background Testing theory Nondeterminism Probabilities
Coming up:
Reasoning techniques for probabilistic processes
Are these distinguishable by any test ?
P
d12
12
ab c
Q
d12
12
a b a c
37/37
sfi
Background Testing theory Nondeterminism Probabilities
Coming up:
Reasoning techniques for probabilistic processes
Are these distinguishable by any test ?
P
d12
12
ab c
Q
d12
12
a b a c
37/37