Probabilistic Concurrent Constraint Programming

?? ??? Vineet Gupta ? Radha Jagadeesan Vijay Saraswat

Abstract. We extend cc to allow the speci®cation of a discrete probability distri- bution for random variables. We demonstrate the expressiveness of pcc by syn- thesizing combinators for default reasoning. We extend pcc uniformly over time, to get a synchronous reactive probabilistic programming language, Timed pcc. We describe operational and denotational models for pcc (and Timed pcc). The key feature of the denotational model(s) is that parallel composition is essentially set intersection. We show that the denotational model of pcc (resp. Timed pcc)is

conservative over cc (resp. tcc). We also show that the denotational models are fully abstract for an operational semantics that records probability information.

1 Introduction

Concurrentconstraint programming (CCP,[Sar93]) is an approach to computation which uses constraints for the compositional speci®cation of concurrent systems. It replaces the traditional notion of a store as a valuation of variables with the notion of a store as a constraint on the possible values of variables. Computation progresses by accumulating constraints in the store, and by checking whether the store entails constraints. A salient

aspect of the cc computation model is that programs may be thought of as imposing con- a

straints on the evolution of the system. cc provides four basic constructs: (tell) a (for

a A

a primitive constraint), parallel composition (A; B ), positive ask (if then ) and hid-

A a a A; B 

ing (new X in ). The program imposes the constraint . The program im-

B A B

poses the constraints of both A and Ð logically, this is the conjunction of and .

A A X new X in imposes the constraints of , but hides the variable from the other pro-

grams Ð logically, this can be thought of as a form of existential quanti®cation. The

A A a program if a then reduces to as and when the store entails Ð logically, this is an (intuitionistic) implication. A primary domain of applicability for CCP ideas is the compositional modeling of

physical systems [FBB+ 94, FS95, GSS95]. To handle reactive systems, such as con- trollers for reprographics system components such as paper-feed mechanisms, CCP was extended in [SJG94] to handle discrete time. The basic idea was to adapt to CCP the Syn- chrony Hypothesis of Berry et al: Time is measured by the sequence of instantaneous interactions that the program has with its environment. The need to handle interrupts in- stantaneously (e.g., a paper jam causing power to be interrupted) rather than at the next occasion when the environment interacts with the system was handled by introducing a

? Xerox PARC, 3333 Coyote Hill Road, Palo Alto Ca 94304; [email protected]

?? Department of Mathematics, Loyola University-Lake Shore Campus, Chicago IL 60626. [email protected]

??? AT & T Research, 180 Park Avenue, Florham Park, NJ 07932; [email protected]

A A e new idea [SJG]: a combinator (if a else ) which triggers on the absence of ,thatis

under the assumption that e has not been produced in the store, and will not be produced throughout system execution at the present time instant. This causes the input-output relation of processes to be possibly non-monotonic but [SJG] presents a simple denota- tional model. The resulting theory is considerably smoother and enables the extension to hybrid systems in [GJS], which is necessary to handle continuouslyvarying components such as variable-speed motors. This entire conceptual framework is based, however, on the assumption that enough information will be available to model a given physical system in as accurate detail as is needed so that appropriate causal, determinate constraint-based models can be con- structed. However, this assumption is violated in many physical situations Ð it becomes necessary to work with approximate, incomplete or uncertain information. We consider three paradigmatic examples. Consider ®rst a telephony system that has to respond to alarms being generated from another complicated system that may only be available as a black-box. A natural model to consider for the black-box is a stochastic one, which represents the timing and duration of the alarm by random variables with some given probabilitydistribution.Consider next situationsin which it becomes necessary to model the system stochastically: for instance, not enough may be known about the mechanisms controlling wear-and-tear of rollers so that the actual departure time of a sheet of paper from a worn roller may have to be approximated by a suitably chosen distribution of a random variable. It becomes necessary then to compute system response in a setting in which system models and inputs may behave stochastically. Third, consider model- based diagnosis settings. Often information is available about failure models and their associated probabilities, for instance from ®eld studies and studies of manufacturing practices. Failure models can be incorporated by assigning a variable, typically called the mode of the component to represent the physical state of the component, and associ- ating a failure model with each value of the mode variable. Probabilisticinformation can be incorporated by letting the mode vary according to the given probability distribution [dKW89]. The computational task at hand becomes the calculation of the most probable diagnostic hypothesis, given observations about the current state of the system. In this paper we develop the underlyingtheory for (timed) probabilisticcc Ð (timed) cc augmented with the ability to describe stochastic inputs and system components ± thereby making it possible to address the phenomena above within CCP.Our basic move is to allow the introductionof (discrete) random variables (RVs) with a given probability distribution. A run of the system will choose a value for an RV, with the given proba- bility; these probability values accumulate as more and more choices are made in the course of the run. Alternate choices lead to alternate runs, with their own accumulated probability values. Inconsistencies between chosen values of RVs and constraints in the store lead to some runs being dropped. Now the possibly multiple consistent (normal- ized) outcomes of the various runs can be declared as the probabilistic outputs of the program. The extension to timed pcc is done in exactly the same way as the extension

of cc to tcc [SJG94], using the Synchrony Hypothesis.

Probabilistic cc. In more detail we proceed as follows. We add a single combinator

r;f A r f A new  in where is a variable, is its probability mass function, and is an

agent. Intuitively, such an expression is executed by making a choice for the r accord- ing to the mass function f .

Example 1. Consider the program:

r;f : f0 = f 1 = f 2 = f 3=0:25 [ r =0 a; r =1 b]

new  in if then if then b

On input true, this program can produce outputs a, or true. The probability of

:25 b :5 a being the output is ; similarly for . The probability of the output true is .

Random variables, like any other variables, may be constrained. These constraints may cause portions of the space of the joint probability distribution to be eliminated due to inconsistency.

Example 2. Consider the program below, with the same f as before, and with the con-

2f0;1g

straint r interpreted as ª r is 0 or 1º [HSD92].

r;f [ r =0 a; r =1 b; r 2f0;1g]

new  in if then if then b

On input true, this program will produce outputs a or ; true is not a valid output,

2f0;1g

because of the constraint r . Each of the two execution paths are associated

:25 f with the number 0 because of ; however to compute the probability of each path,

we must normalize these numbers with the sum of the numbers associated with all suc-

:5= 0:25=0:25+0:25 cessful execution paths. This yields the probability 0 for each path.

We make the followingfurther assumptions on RVs (such as r in the above program)

1. RVs are uniquely associated with probability distributions Ð this is achieved syn- tactically by requiring that the probabilitydistributionbe imposed when the variable is declared. 2. Distinct RVs are assumed to be independent Ð correlations between RVs, i.e. joint probability distributions, are achieved by constraints.

Example 3. Consider the program (with f as before):

0 0 0

r;f x = r ]; [ r ;f [ r 2f0;1g x = r ]] [new in new in if then

The ®rst agent causes the generation of four execution paths, each with associated num-

:25

ber 0 . For each of these, the second generates four more; however paths correspond-

0

 r

ing to six choices for r are ruled out. Consequently the following results (with as-

= 00:3;x = 10:3;x = 20:2;x = 30:2 sociated probabilities) are obtained: x .

The presence of RVs such as above allows us to construct program combinators rem- iniscent of combinators that detect ªnegative informationºin synchronous programming languages [Hal93, BB91, Har87, SJG].

Example 4. Consider the program

r;g : g0 = ; g 1 = 1  [ a r =0; r =1 b]

new  in if then if then

1 

This program on input true produces constraint b with probability and true

a a 1

with probability . On input the program results in with probability . Thus, this

a b a b



program can be thought of as if else 1 i.e. if is not present, produce with

 a b

probability 1 . Note however that if is present, isnot produced. Note that the same

 =0:5 result can be obtained by running n-fold parallel composition of components,

for arbitrarily large n.

In essence, we have used the RV to set up a very high expectation that b will be pro-

duced; however, this expectation can be categorically denied on the productionof a since the entire probabilitymass isshifted to the hithertolow end possibility.The construct can

be generalized to arbitrary agents A by:

d

a A = X [ a X; X A]

 1

if else 1 new in if else if then

a b; b a

 1 Note however, that the program if else 1 if else is determinately probabilis-

tic [MMS96] rather than indeterminate: assuming  is very small, it produces on input

a; 0:5; b; 0:5 a b true the distribution  , rather than producing either or indetermi-

nately.

P + Q

Example 5 Probabilistic Or. The probabilistic choice operator of [JP89], r , can

be de®ned as follows:

X; f :f0 = r;f1 = 1 r   X =0 P; X =1 Q

new  in if then if then

P + Q P r Q 1 r 

r reduces to with probability and to with probability . [JP89] require

P +

that this operator satis®es the laws of commutativity, associativity and absorption ( r

= P P ); this will be the case in the model we now develop.

What is a model for pcc? We brie¯y review the model for cc programs, referring the u

reader to [SRP91] for details. An observation of a cc program A is a store in which it is u

quiescent, i.e. running A in the store adds no further information to the store. Formally

u

 A u A u we de®ne the relation A , read as converges on or is quiescent on , with the

evident axioms:

u

u u v

A 

A  A  A  9 u = 9 v

c 62 u

1 2 X X

a 2 u

u

u u

u u

a 

 c A   c A 

A ;A    X A  2

1 if then if then new in

u

u A  The denotation of a program A can be taken to be the set of all such that .

The semantics is compositional since the axioms above are compositional, i.e. the con-

u A u

vergence of A on depends only upon the convergence of the sub-programs of on .

a u a A

The output of A on any given input is now the least containing on which con- u verges. This immediately tells us that the set denoting A must be closed under .Sucha set iscalled a closure operator. It is easy to adjust this view in the presence of divergence, where divergence may arise because of in®nite execution sequences or inconsistency of generated constraints [SRP91]. In essence, the denotation becomes a partial closure op- erator, characterized by sets of constraints closed under non-empty glbs. Weturn now to pcc. We make two crucial observations. First, note that an RV-valuation (i.e., an assignment of values to hidden RVs) reduces a pcc program to a cc program,

which can be represented as a set of its quiescent points. Consider Example 4. The choice

0 f ;a;b;a^bg r 1

of r as yields the®xed-point set true .Similarlythe choice of as yields

bg a

f Ð this is the ®xed-point set of a partial closure operator unde®ned on .

c; p

One might consider, then, the denotation of a pcc process to be a set of pairs  p

where c is a ®xed-point, and is the sum of the probabilities associated with the RV- c valuations which realize c, that is, for which is a ®xed-point. However, from just this informationit is not possible to recover the ®xed-pointset generated by an RV-valuation; hence it is necessary to record correlations explicitly.That is, for an arbitrary set of ®xed-

points X , record (the sum of the probabilities associated with) those valuations on RVs

for which all elements of X are ®xed-points. Technically, this is best done by associat-

ing with the set S of ®xed-points a probability lattice, de®ned formally in Section 2.2,

which associates a probability with each element in the freely-generated complete and P

completely distributive lattice (= free pro®nite lattice, [Joh82]) on S . A process can

P ;P  P P

C A C

then be taken to be a pair A where is a set of constraints, and a proba-

P P

bility lattice on A ; must satisfy conditions that ensure that it is ªgenerableº from a program, intuitively,that it is possible to recover from it a (®nite) set of (partial) closure operators, namely those generated by the reduction of the given program under different

RV-valuations.

;a;b;a^

Thus for instance the program in Example 4 has the ®xed-point set ftrue

g 0:5 ;a;a^b 1

b . The probabilitylattice associated with thisprocess yields for true and

0:5 f ;a;a^b; bg

for b; for the collection true (since each element in this set is a ®xed-

=0 0:5 0:5

point for the RV-valuation X , which has probability ); for the collection

a; bg f etc. The resulting model has the following key properties: (1) parallel composition is es- sentially set intersection (Section 2.3); (2) there is a natural embedding of the space of cc processes into the space of pcc processes (Section 2.3); (3) it is fully abstract with respect to a notion of observation that includes probabilities (Section 2.5).

Timed pcc arises from pcc by the integration of a notion of time. This allows the repre- sentation of (possiblyprobabilistic)timed reactive systems. We use the same mechanism to extend pcc thatwasusedtoextendDefault cc to Default tcc in [SJG]. At each time step the computation executed is a pcc program. Computation progresses in cycles: in- put a constraint from the environment, compute to quiescence and compute the program to be executed at subsequent time instants.

As for Default tcc weaddtotheuntimedpcc a single temporal control construct:

A A

hence A. Declaratively, hence imposes the ªconstraintsº of at every time instant

t A

after the current one. Operationally, if hence A is invoked at time , a new copy of is

0 >t invoked at each instant in t .Asshownin[SJG]hence can combine with ask op- erations to yield rich patterns of temporal evolution. In particular, Timed pcc satis®es probabilisticvariants of followingkey features of synchronous programming languages: (1) The notion of time is multiform Ð any signal can serve as the notion of time. (2) All the ESTEREL-style combinators, including (the probabilisticversions of) the strong pre- emption combinators such as ªdo A watching aº, are expressible. The construction of the denotational model of Timed pcc from pcc follows the idea that ªprocesses are relations extended over timeº ([Abr93, Abr94]). Formally, the con- struction follows the de®nition of the Default tcc model from the Default cc model described in [SJG]. Consequently, the model for Timed pcc ªinheritsº the good formal properties of pcc (Section 3): (1) Parallel composition is essentially set intersection in

this model; (2) The Timed pcc model is conservative over the tcc model of [SJG94]; (3) The Timed pcc model is fully abstract.

Related work The role of probability has been extensively studied in the context of sev- eral models of concurrency. Typically, these studies have involved a marriage of a con- current computation model with a model of probability. For example, stochastic Petri nets [Mar89, VN92] add Markov chains to the underlying Petri net model. Similarly probabilistic process algebras add a notion of randomness to the underlying process al- gebra model. This theory is well developed and is primarily about the interaction be- tween probabilityand non-determinism,see for example [HJ90, vGSST90, JY95, LS91, HS86, CSZ92]. These studies have been carried out in the traditional framework of se- mantic theories of process algebras, e.g. theories of (probabilistic) testing, relationship with (probabilistic) temporal logics etc. We start with the underlying concurrent model being cc. Inspired by [BLFG95], we build an integrated treatment of probabilityand the underlying concurrent programming paradigm. This is revealed in the dual roles played by the underlying cc paradigm. In ad- dition to being utilized in the speci®cation of system (thisis similar to the use of the Petri nets/process algebras in the above approaches), the cc paradigm is exploited to buildand specify joint probability distributionsof several variables (as illustrated in earlier exam- ples). Furthermore, our model remains determinately probablistic. The development of probabilisticframeworks in knowledge representation has been extensive [Pea88]. It is easy to see how to express the joint probability distributions of Bayesian networks within pcc, e.g. by associating a random variable for each row in the joint conditional dependence matrix for each node in the network. In this sense, pcc provides a simple but powerful notation for Bayesian networks. It also seems feasible

to represent probabilistic Dempster-Shafer rules of the form ªIf it is Sunday, John will

:8

go to the baseball gameº with a given strength (say 0 ) as the agent:

today  x; f : f 1=0:8;f0 = 0:2

if sunday then new in

=1 will goj ohn; bg ame if x then However, pcc does not allow the direct manipulation of conditional probability asser- tions e.g. p(fly(tweety) | bird(tweety)) = 0.9 as in the logics of [Nil86, FJM90].

2 Model for Probabilistic cc 2.1 Constraint systems with discrete random variables A constraint system with discrete random variables extends the usual notion of con- straint systems with special variables called random variables, that can take values from non-negative integers N. Such constraint systems have an explicit notion of inconsisten- cies of random variables.

Such a constraint system D is a system of partial information, consisting of a set of

primitive constraints (®rst-order formulas) or tokens D , closed under conjunction and

existential quanti®cation, and an inference relation (logical entailment) ` that relates

tokens to tokens. We use a;b;::: to range over tokens. The entailment relation induces

through symmetric closure the logical equivalence relation, .

De®nition 1. A constraint system with random variables is a structure

hD; `; Var; RandVar Var; f9 j X 2 Varg; 2 D i

X false such that:

^ ` D  D

1. D is closed under conjunction( ); satis®es:

8a[ ` a]

(a)  false

0 0 00 00

` a; a ` a a ^ a ` b a ^ a ` b

(b) Identity: a and imply that .

a ^ b ` a; a ^ b ` b; a ` b a ` b a ` b ^ b

2 1 2

(c) Conjunction: 1 and implies that .

Var X 2 Var 9 : D !

2. is an in®nite set of variables, such that for each variable , X

D is an operation satisfying usual laws on existentials:

a `9 a; 9 a ^9 b 9 a^9 b; 9 9 a 9 9 a; a ` b 9 a`9 b:

X X X X X X Y Y X X X ar

3. RandV is a set of random variables satisfying:

8r 2 RandVar8i 2 N[r = i2 D]

(a)  .

8r 2 RandVar8i; j 2 N[i6= j r = i ^ r = j  ` ] (b)  implies false

4. ` is decidable.

The last condition is necessary to have an effective operational semantics.

S S

A constraint is an entailment closed subset of D . For any set of tokens ,welet

fa 2 D j9fa ;:::;a g S: a ^:::^a ` ag a

k 1 k

stand for the constraint 1 . For any token ,

fag jD j a is just the constraint . The set of constraints, written , ordered by inclusion( ),

forms a complete algebraic lattice with least upper bounds induced by ^, least element

fa j8b2D: b ` ag = = D

true = and greatest element false false . Reverse

9; ` inclusion is written . lift to operations on constraints. An example of such a system is the system FD [HSD92]. In this system, variables are assumed to range over ®nite domains. In addition to tokens representing equality of variables, there are tokens that that restrict the range of a variable to some ®nite set.

In the rest of this paper we will assume that we are working in some constraint system

hD; `;Var; RandVar; f9 j X 2 Varg; i a;b::: D

X false . We will let range over .

We use u;v;w::: to range over constraints.

2.2 Modeling probability information

LA We model probability information using probability lattices. Given a set A let be

the free pro®nite lattice generated by it. In the following de®nition, one should think of

C x 2 LA A as the ®xed-point set of constraints, and think of as mapping each to

the sum of the probabilitiesassociated with the RV-valuationsrealizing x,whereanRV-

W V

fx g x fx g

i i

valuation is considered to realize i if it realizes some and realize if it x

realizes each i . For instance, with this interpretation, the modularity condition below is seen to correspond to taking the union of two overlapping sets.

A LA ! [0; 1]

De®nition 2. A probability lattice C on is a function from satisfying:

 y  C x  C y 

Monotonicity: x .

fx g C _x = C x 

i i

Join Continuity: If i is a directed set then sup .

fx g C ^ x = C x 

i i i

Meet Continuity: If i is a ®lter then inf .

_A= 1

Normality: C .

x _ y =Cx+Cy Cx^y

Modularity: C .

0 0 0

x= Cx=Cx_x 8y [Cx_y=Cx _y]: Extensionality: If C ,then

In what follows we will ®nd useful the following de®nitions: For a probability lattice C

A u v C u= Cu_v u

on ,de®ne C if ; intuitively,the set of RV-valuations realizing

v

is contained in the set of RV-valuations realizing .Let C be the associated symmetric

S A

closure. Note that by extensionality, C is an equivalence relation. Say that is

V

C  S  > 0 C -consistent if ; intuitively there is at least one RV-valuation that jointly

realizes every element of a consistent set. Note that to specify a probability lattice f on

f A f A, it is enough to specify the values of on all ®nite meets (or joins) of ;suchan

can be uniquely extended (via monotonicity, continuity, modularity and extensionality)

A to a map on L .

We de®ne the following operations on probability lattice.

A h : A ! B

Quotient. Suppose C is a probability lattice on ,and is a function. If

C

1

_h B  C h b

C is greater than 0, de®ne ,thequotient of by , as follows. For in

h

W

1

h y = fx2Ajhx=yg

the image of h,let and freely extend it to the lattice

1 0 1 1 0

hA h y ^ y =h y^h y 

L by and so on. (Alternatively we could have

1

LA LhA h

extended h to a homomorphism between and , and then de®ned .) We

0 0 1 0

C hA C b= Ch b C

can quotient C to a probability lattice on , by de®ning .

1

inherits monotonicity, modularity and extensionality from h . Multiplying all values

1

0

C b 1

of by normalizes the resulting probability lattice.

C _h B 

B h : A ! B

Expansion. Suppose C is a probability lattice on ,and is a partial

0

_hA > 0 C = C; h C h

function. If C ,de®ne Exp( ), the expansion of by ,as

0 0

h h C x=

follows. C is a probability lattice on dom (the domain of )givenby

0 0

Chx;C _fx g=C_fhx g;C ^fx g=C^fhx g

i i i

i etc. Multiplying

1

0

a

all values of C by normalizes the resulting probability lattice.

C _hA

C A C A

1 2 2

Product. The product of two probability lattices 1 on and on is a probability

C A  A C hx; y i=CxCy hx; y i2A A

2 1 2 1 2

lattice on 1 . for . Similarly

0 0 0 0

C hx; y i^hx ;y i= C x^xC y^y  2

1 ; use modularity and continuity to de®ne

C LA  A  2 on all elements of 1 .

We can now de®ne a process:

P P ;P  P jDjf g

C A

De®nition 3 Process. A pcc process is a pair A where false

P P A

and C is a probability lattice on that satis®es the following conditions:

u 2 P fug P P u > 0

C C

Consistency: For every A , is -consistent, i.e. .

V

P S P uS 2 P uS  S

C A A

Glb-closure: For every -consistent subset of , and P .

C

Finiteness: The number of P -equivalence classes are ®nite. C

The ®rst condition ensures that every ®xed-point is consistent (generated by at least one

P S

RV-valuation).The second forces every C -consistent set of ®xed-points to have a glb

that is realized by at least every RV-valuation which realizes S ; this ensures that every P

C -consistent set of ®xed-points can be consistently extended to the range of a closure operator. The third condition forces ®niteness of the total number of possible closure operators that can thus be generated.

2.3 Semantics of combinators

d

P [[c]] = fu 2jDjjc2 ug P[[c]] 1 C

Tell. A .is the constant function .

d

P [[ c A]] = fu 2jDjjc 2uu2P[[A]] g c 62 u A

Ask. if then A .If ,then

P [[ c A]] u= 1 P [[ c A]] u=P[[A]] u

C C if then C ,otherwise if then . This is extended

to the rest of the lattice in the usual way.

d

P [[A ;A ]] = P[[A ]] \P[[A ]]

2 A 1 A 2 A

Parallel Composition. 1 . The probability lattice is

P [[A ]] P[[A ]] ;

: jD j! jDj jDj

C 2 C de®ned as Exp( 1 )where is the diagonal

function.

d

P [[ X A]] = fu 2jDjj 9v 2P[[A]];9 u= 9 vg

X X

Hiding. new in A . The probability

P [[A]]

C

; 9 9 : jD j!jDj X

lattice is de®ned as Exp( X ), where is the existential function 9

on constraints from the givenX constraint system.

4 X

Distributions. Let f be a probability lattice of the domain of .De®ne

DistrX; f  = fu 2jDjj 9r:X = r 2u; f r  > 0g DistrX; f  = C

A and

f; h h : DistrX; f  ! f hu=r X = r  2 u

Exp( ), where A ,and if .

d

[[ X; f  A]] = P [[ X DistrX; f ;P]]

Now P new in new in .

P [[A]]= Q; C  Q

Conservativity results. Let A be a cc program. Then, ,where is the

C 1 set of quiescent points of A and is the constant function . Conservativity of pcc over cc follows immediately.

2.4 Operational semantics We de®ne a transition relation to give the operational semantics of pcc programs, and then show that this operational semantics is equivalent to the denotational semantics. The transition relation is similar to the transition relation for cc. We assume that the program is operating in isolation Ðinteraction with the environment can be coded as an

observation and run in parallel with the program. A con®guration is a multiset of agents

  

. is the lub of the tell constraints in .

   ` a

; A; B  ! ; A; B

a B ! ; B

; if then

X A ! ; A[Y=X] Y 

; new in not free in

f r  > 0

X; f  A ! ; Y = r;A[Y=X] Y  ; new in not free in

4 A probability mass function on a ®nite set extends to a probability lattice structure.



f j A; a ! 6!;  6 g C

i i

Consider i false . De®ne a probability lattice on

C  = f r  Y

i Y Y Y

i by setting ,wherethe is the set of new variables introduced

Y = r 2 f

i Y

by the last rule, Y ,and is the probability distribution corresponding to

Y C  ^ = 0 j

. i , so we get a probability lattice by modularity and normalization.

a P; a

The output of a process P on an input , denoted OpsemIO is



f9    j P; a ! 6!; 6 ; Y g

Y false new vars in derivation

C

h =9 

with the probability lattice structure given by ,where Y .

h

P P  P ;P  C

The operational semantics of a process , denoted Opsem is a pair A

P P

where A is the set of quiescent points of the process , i.e



P = fc j P; a ! 6!; 9   =c; Y g Y

A new vars in derivation

P P A C is the natural probabilitylattice structureon induced by thevaluations of (hidden) random variables correspoding to each quiescent point.

2.5 Correspondence Theorems The key ingredient of the correspondence theorems relating the operational and denota- tional semantics is a representation theorem on pcc processes, sketched below. We show that each process corresponds to a set of closure operators with associated probability,

and conversely, given such a set, we can recover a process.

P P P

Let be a process. A consistent closure operator (cco) of is any C -consistent S subset of P closed under glbs of non-empty subsets. Note that to every cco there corre-

sponds at least one RV-valuation jointly realizing S . However, it could be that the valu-

 S

ation also realizes other constraints, that is, it realizes a cco T . Intuitively, the cco's S

exhibited by P are going to be those cco's for which there is an RV-valuation realiz-

T  S pS =

ing S and not any cco . Such cco's can be determined as follows. Let

V W V

P  SP  f TjTSg pS  > 0 S C

C .If then is an exhibited cco. The proba-

pS 

bility of S is .

p :

Conversely, given a set Z of closure operators, each associated with a probability

S

Z ! [0; 1] P P = fS j S 2 Z g P C

, we can recover a process as follows. A . is de®ned

V P P ^V =fpS jS 2Z; S V g C

as follows. For any ®nite subset of A ,let . P

C can be extended to be a probability lattice in the usual way.

The input-output relation. The representation theorem permits the semantic recovery

c P c

of the input output relation from a process P .Let be an input. will associate with

f P c o an output o iff there is closure operator exhibited by which maps to . The proba-

bility associated with o is the (normalized) sum of the probabilitiesassociated with each o closure operator that maps c to .

Full abstraction. The operational and denotational semantics are equivalent. The proof

exploits the representation theorem sketched above, and is omitted for lack of space.

IOP [[A]]u=

Theorem 4. Computational Adequacy: For any pcc program A,

OpsemIOA; u

A ;A P [[A ]] 6= P [[A ]]

2 1 2

Full Abstraction: For any pcc programs 1 ,if then there is a

C OpsemC [A ] 6= OpsemC [A ] 2 context such that 1 . 3 Adding time Ð Timed pcc

Timed pcc arises from pcc by adding a notionof discrete time. In adding time, we would also like to keep the characteristic properties of synchronous programming languages alluded to earlier. We ensure this by extending pcc to Timed pcc using the same method

used to extend Default cc to Default tcc in [SJG, SJG94]. Concretely, we add a single

t A

temporal construct hence A Ð when this is invoked at time , then a new copy of is

0 >t started at each time instant t .

Notation. We will be working with sequences, i.e. partial functions on the natural num- ::n

bers Ð their domains will be initial segments of the natural numbers of the form 0 .

0 00

;s ;::: 

We let s; t; s denote sequences. We use to denote the empty sequence. The u

concatenation of sequences is denoted by ª
º; for this purpose a singleton is regarded

ui S s

as the one-element sequence h . Given a subset of sequences , and a sequence ,we

s ft 2 j s
t 2 S g sn n

will write S after for the set Obs . denotes its 'th element of

S 0 = fu j9s: u
s 2 S g

s.Wealsode®ne .

hS; ; i S

We de®ne a sequence algebra with the signature Pref i length ,where is the

s:S !N : S ! S s=s s  i

set of all sequences, length and Pref i ,Pref if length

i s=hs0;s1;:::;si 1i i

, otherwise Pref i , the sequence consisting of the ®rst

elements of s. Homomorphisms on sequence algebras will preserve pre®xes and lengths.

Denotational Model. An observation of a Timed pcc program is a quiescent sequence of a program. Let Obs be the set of all ®nite sequences of consistent(i.e. not false) constraints. A process is a collection of observations that satis®es the condition that in- stantaneous execution at any time instant is modeled by a pcc process. The probability

information is kept as a probability lattice for each sequence s in the process Ð this in- formation is interpreted as the conditional probability information associated with the

process at the ®rst instant after the history s. Formally, we proceed as follows.

P P s 2 P A

De®nition 5. is a Timed pcc process if A Obs, and for each we are P

given a probability lattice s , satisfying the following conditions:

 2 P

Non-emptiness: A ,

s 2 P s
t 2 P A

Pre®x-closure: A whenever ,

8s 2 P  P s0;P 

A s Point execution: A , after is a pcc process.

We can combine the probability lattices into a single indexed set of probability lat-

d

P s
z  = P z  P

s s

tices by de®ning C , and similarly for joins and meets in . P

Probability Lattice operations on C . We generalize the de®nitions of operations on

probability lattices to indexed sets of probability lattices.

: A ! B P

Quotienting. Let h be a sequence algebra homomorphism. Let be an Q indexed set of probability lattices on A, we want to de®ne an indexed set on the image

of h. We will do this in an inductive fashion on the tree of sequences. The basic idea is

that we will at each stage collapse the sequences identi®ed by h, and assume that for any

0 0

0

t; t 2 A t 6= t P P t two sequences ,if then the probabilitylattices t and are independent.

s

2 B R

For each sequence s we will also de®ne inductively a probability lattice on

s

ft
v 2 A j ht=sg R Q

the set .will be quotiented to produce s .



R



R = P Q = 

De®ne  and .

h

s

Q R s 2 B s
u 2 B ht
v =s
u

Assume we have de®ned s and for .Let .If ,de®ne

s
u s s
u 0 s 0

R t
v
w = R t
vP w R t
v
w ^ t
v
w = R t
vP w^w 

v t
v

t .Also, .

0 0 0 0 s
u 0 0 0 s

t
v = s
u t
v 6= t
v R t
v
w ^ t
v
w =R t
v^

If h ,and then

0 0 0

0 0

t
vP wP w

v t
v

t . This follows from the independence assumption. Now

s
u

R

0 0 0

Q = h t
v
w = u ht
v
w =s
u
u

0
u

s ,where if .

h

: A ! B

Expansion. Let h be a partial sequence algebra homomorphism, i.e. the

A Q B

domain of h is a subalgebra of .Let be an indexed set of probability lattices on .

P h P =

Then we de®ne an indexed set of probability lattices on the domain of by s

0 0

Q ;h h u=hs
u

Exp( s ), where .

P P A A

2 1 2

Product. Let 1 and be two indexed sets of probabilitylattices on and .De®ne

A A fs
hu; v ijs
u2A ;s
v 2 A g

2 1 2

the ®bered product of 1 and as the set .De®ne

Q Q = P  P

1 2

on this ®bered product as s .

s s We will overload the symbols for quotient, expansion and product to stand for the

corresponding operations on indexed sets of probability lattices also.

c A; A; B  Combinators of Timed pcc. c; if then are inherited from pcc and their

denotations are induced by their pcc de®nitions.

d

D [[a]] = fg[fu
s 2 j a 2 ug D [[a]] =1 C

Tell. A Obs . .

d

D [[ a A]] = fg[fu
s 2 j a 2 u  u
s 2D[[A]] g A

Ask. if then A Obs .For

u
s a 2 u D [[ a A]] u
s= D[[A]] u
s C

any sequence ,if then if then C ,otherwise

D [[ a A]] u
s=1 D [[ a A]] C if then C . The rest of if then is de®ned by monotonicity,

continuity and modularity.

d

D [[A; B ]] = D [[A]] \D[[B]] D[[A; B ]]

A A C

Parallel Composition. A .is given as before

P [[A ]] P[[A ]] ;

= 
s
u= s
hu; ui

C 2 C

by Exp( 1 )where and .

0

s 2D[[ X A]] s 2

Hiding. Every observation new in A is induced by some observation

D [[A]] t st X

A , i.e. at every time instant , must equal the result of hiding in the pcc

t1

t s

process given by A at time after history .

0 0 0

9 s = 9 s jsj = js j 8i

X X X

Formally, let X denote ,and .Then

d

0 0

D [[ X A]] = fs 2 j9s 2D[[A]]:9 s = 9 s g X

new in Obs X

D [[A]]

C

; 9 9 : jD j!jDj X

The set of probability lattices is de®ned as Exp( X ), where is 9 the existential on sequences. X

X; f  X f

Distributions. Distr ensures that follows distribution for all time, i.e. after

DistrX; f  DistrX; f  =

every sequence, we must get the pcc process . Thus, we have: A

fs 2 j8i< s: 9r : X = r  2 si;fr  > 0g DistrX; f  =

i i C

Obs length i ,and

F F s=f hs
u= hs
r

Exp(F; h), where is an indexed set of lattices de®ned by ,

X = r  2 u

if  .Asinpcc,de®ne

d

[[ X; f  A]] = D [[ X DistrX; f ;A]] D new in new in

Hence. The de®nition for hence is as expected Ð observations have to ªsatisfyº A

everywhere after the ®rst instant; the probabilitylattice codes the fact that at time t there

1 B

are t copies of running in parallel.

d

D [[ B ]] = fu
s 2 j 8s ;s s = s
s  s 2D[[B]] g

1 2 1 2 2 A

hence A Obs

D[[ B ]] u
s=1 s =  D [[ B ]] u
s=fD [[B ]] s  j

C C 2

hence C if ,otherwise hence

s = s
s g 2 1 .

De®nable combinators. Since all the basic combinators of Default tcc[SJG] are avail- able here, (probabilistic approximations to) all the de®ned combinators of Default tcc are de®nable in Timed pcc demonstrating that Timed pcc is an expressive synchronous

language.

A A 1 

next  start at the next instant with probability

a A a A 1 

®rst then  whenever becomes true start with probability

A c A 1  c

do watching  do with probability at each instant, until becomes true

A c A 1  c

time  on do with probability during the instants holds

Operational semantics. The operational semantics for Timed pcc is built on the op- erational semantics for pcc Ð in this section, we focus on the aspects of the transition system that involve time. Following the synchronous paradigm, values of variables are not carried across time Ð in particular, a fresh ªcoin tossº is performed for random vari-

ables at each time instant.

;
 A con®guration consists of a pair Ð the agents currently active and the ªcon- tinuationº Ð the program to be executed at subsequent times. The rules for asks, hiding and parallel composition and new random variables are instantaneous and remain as be-

fore, in each case the
is unchanged after the transition. The rule for hence is also

instantaneous and is given by

; A;
 ! ; A; A;


 hence hence C The instantaneous outputs of and the associated probability lattice is derived as

in pcc.



u
:::
; ; ! n

For a given possible instantaneous output ,let 1 be such that

0 0

 ; 9   ;
 6!; Y =u

Y i

i are the new variables introduced in derivation .Also,

i

i i

C

f = h ;
 = i u ; i

let ,where i . For output , the timestep transition relation is h de®ned as

; X; f   X =1 Y
; 1

new in if then new 1 in

:::

X = n Y
 n

if then new n in

Y Y; g
g i In the above, for all random variables in i , we write new in ,where was the distribution in the prior time instant.

Correspondence theorems. As in pcc, the operational and denotational semantics are equivalent. The proof is essentially just a ªliftingº of the proof for pcc, and is omitted lack of space.

Acknowledgements. We would like to thank Lise Getoor for bringing up the problem of probability modeling, and Daphne Koller, Moses Charikar and Fernando Pereira, for several discussions. This work was supported by grants from NSF, ARPA and ONR.

References

[Abr93] S. Abramsky. Interaction categories. Available by anonymous ftp from pa- pers/Abramsky:theory.doc.ic.ac.uk, 1993. [Abr94] Samson Abramsky. Interaction categories and communicating sequential processes. In A. W. Roscoe, editor, A Classical Mind: Essays in honour of C. A. R. Hoare, pages 1±16. Prentice Hall International, 1994. [BB91] A. Benveniste and G. Berry. The synchronous approach to reactive and real-time systems. In Special issue on Another Look at Real-time Systems, Proceedings of the IEEE, September 1991. [BLFG95] Albert Benveniste, Bernard C. Levy, Eric Fabre, and Paul Le Guernic. A calculus of stochastic systems for the speci®cation, simulation, and hidden state estimation of mixed stochastic/nonstochastic systems. Theoretical Computer Science, 152(2):171± 217, Dec 1995. [CSZ92] R. Cleaveland, S. A. Smolka, and A. Zwarico. Testing preorders for probabilistic processes. Lecture Notes in Computer Science, 623, 1992. [dKW89] Johan de Kleer and Brian C. Williams. Diagnosis with behavioral modes. In Pro- ceedings of the Eleventh International Joint Conference on Arti®cial Intelligence, pages 1324±1330, August 1989. [FBB + 94] M. Fromherz, D. Bell, D. Bobrow, et al. RAPPER: The Copier Modeling Project. In Working Papers of the Eighth International Workshop on Qualitative Reasoning About Physical Systems, pages 1±12, June 1994. [FJM90] R. Fagin, J.Y.Halpern, and N. Megiddo. A logic for reasoning about probabilities. Information and Computation, 87:78±128, 1990. [FS95] Markus P.J. Fromherz and Vijay A. Saraswat. Model-based computing: Using concurrent constraint programming for modeling and model compilation. In U. Montanari and F. Rossi, editors, Principles and Practice of Constraint Program- ming - CP'95, pages 629±635. Springer-Verlag, LNCS 976, Sept. 1995. [GJS] Vineet Gupta, Radha Jagadeesan, and Vijay Saraswat. Computing with continuous change. Science of Computer Programming. To appear. [GSS95] Vineet Gupta, Vijay Saraswat, and Peter Struss. A model of a photocopier paper path. In Proceedings of the 2nd IJCAI Workshop on Engineering Problems for Qualitative Reasoning, August 1995. [Hal93] N. Halbwachs. Synchronous programming of reactive systems. The Kluwer inter- national series in Engineering and Computer Science. Kluwer Academic publishers, 1993. [Har87] D. Harel. Statecharts: A visual approach to complex systems. Science of Computer Programming, 8:231 ± 274, 1987. [HJ90] H. Hansson and B. Jonsson. A calculus for communicating systems with time and probabilities. In Proceedings of the 11th IEEE Real-Time Systems Symposium, pages 278±287. IEEE Computer Society Press, 1990. [HS86] S. Hart and M. Sharir. Probabilistic propositional temporal logics. Information and Control, 70:97±155, 1986. [HSD92] Pascal Van Hentenryck, Vijay A. Saraswat, and Yves Deville. Constraint processing in cc(fd). Technical report, Computer Science Department, Brown University, 1992. [Joh82] P. T. Johnstone. Stone Spaces, volume 3 of Cambridge Studies in Advanced Mathe- matics. Cambridge University Press, Cambridge, 1982. [JP89] C. Jones and G. D. Plotkin. A probabilistic powerdomain of evaluations. In Pro- ceedings, Fourth Annual Symposium on Logic in Computer Science, pages 186±195, Asilomar Conference Center, Paci®c Grove, California, 1989. [JY95] Bengt Jonsson and Wang Yi. Compositional testing preorders for probabilistic pro- cesses. In Proceedings, Tenth Annual IEEE Symposium on Logic in Computer Sci- ence, pages 431±441, San Diego, California, 1995. [LS91] Kim G. Larsen and Arne Skou. Bisimulation through probabilistic testing. Informa- tion and Computation, 94(1):1±28, September 1991. [Mar89] M. Ajmone Marsan. Stochastic petri nets: an elementary introduction. In Advances in Petri Nets 1989, pages 1±29. Springer, June 1989. [MMS96] Carroll Morgan, Annabelle McIver, and Karen Seidel. Probabilistic predicate trans- formers. ACM Transactions on Programming Languages and Systems, 18(3):325± 353, May 1996. [Nil86] N.J. Nilsson. Probabilistic logic. Arti®cial Intelligence, 28:71±87, 1986. [Pea88] J. Pearl. Probabilistic Reasoning in Intelligent Systems. Morgan-Kaufmann Publish- ers, 1988. [Sar93] Vijay A. Saraswat. Concurrent constraint programming. Doctoral Dissertation Award and Logic Programming Series. MIT Press, 1993. [SJG] V. A. Saraswat, R. Jagadeesan, and V. Gupta. Timed Default Concurrent Constraint Programming. Journal of Symbolic Computation. To appear. Extended abstract ap- peared in the Proceedingsof the 22nd ACM Symposiumon Principles of Programming Languages, San Francisco, January 1995. [SJG94] V. A. Saraswat, R. Jagadeesan, and V. Gupta. Foundations of Timed Concurrent Constraint Programming. In Samson Abramsky, editor, Proceedings of the Ninth An- nual IEEE Symposium on Logic in Computer Science. IEEE Computer Press, July 1994. [SRP91] V. A. Saraswat, M. Rinard, and P. Panangaden. Semantic foundations of concurrent constraint programming. In Proceedings of Eighteenth ACM Symposium on Princi- ples of Programming Languages, Orlando, January 1991. [vGSST90] Rob van Glabbeek, S. A. Smolka, B. Steffen, and C. M. N. Tofts. Reactive, gener- ative, and strati®ed models of probabilistic processes. In Proceedings, Fifth Annual IEEE Symposium on Logic in Computer Science, pages 130±141, Philadelphia, Penn- sylvania, 1990. [VN92] N. Viswanadham and Y. Narahari. Performance Modeling of Automated Manufac- turing Systems. Prentice-Hall Inc., 1992.

This article was processed using the LATEX macro package with LLNCS style