Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2015 (2015), Article ID 173012, 13 pages
http://dx.doi.org/10.1155/2015/173012
Research Article

Quantitative Analysis of Software Approximate Correctness

School of Computer Science and Technology, Huaibei Normal University, Huaibei 235000, China

Received 6 November 2014; Accepted 14 June 2015

Academic Editor: Fabio Tramontana

Copyright © 2015 Yanfang Ma. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Parameterized bisimulation provides an abstract description of software correctness. In real world situations, however, many software products are approximately correct. To characterize the approximate correctness, we generalize the parameterized bisimulation to numerical version and probabilistic setting. First, we propose the definition of the parameterized bisimulation index that expresses the degree to which a binary relation is parameterized bisimulation. Then, -parameterized bisimulation over environment and its substitutivity laws are presented. Finally, -parameterized probabilistic bisimulation is established to describe complicated software products with probabilistic phenomena.

1. Introduction

Correctness is a key feature of software trustworthiness [13], which can be abstracted by using various behavior equivalences between processes, such as (strong and weak) bisimilarity, trace equivalence, testing equivalence, and failure equivalence [46]. Specification and implementation of software are considered as two processes. If a certain behavior equivalence exists between specification and implementation, then the software is considered as correctness. Thus a certain behavior equivalence must be established between specification and implementation to prove software correctness.

However, the prerequisites for successful application of software products may not always hold when they are actually running on the computers. As physical devices, computers cannot be assumed to behave reliably. In addition, standard implementations at best approximate the formal definition of semantics. Ying [7] proposed strong/weak bisimulation indexes to establish the approximate description between specification and implementation. The proposed indexes characterize the degree to which a binary relation between processes is strong/weak bisimulations. Ying and Wirsing [8] presented the strong/weak bisimulation limits and obtained the strong/weak bisimulation topologies to describe that the sequence of implementations can be treated as an evolution toward the specification. Girard and Pappas [9] defined a hierarchy of approximate pseudometric between two systems that quantifies the qualities of the approximations. To verify whether a program behaved as desired, Henzinger [10] introduced quantitative fitness measures for programs, particularly to measure the function, performance, and robustness of reactive programs such as concurrent processes. To compare these existing quantitative models of program approximate correctness, Fahrenberg and Legay [11] presented a distance-agnostic approach to quantify the verification. They defined a spectrum of different interesting system distances that corresponds to the given trace distance.

In fact, some complicated software products contain probabilistic phenomena. These software products can be abstracted as probabilistic processes. Similarly, many quantitative models based on probabilistic processes [12] have existed to obtain the degree to which implementations satisfy their specification. For example, Giacalone et al. [13, 14] presented -bisimulation equivalence relation over deterministic probabilistic processes and proposed a kind of measure model to describe the degree of similarity among probabilistic processes. This measure is defined based on the probability differences of the processes that execute the same action. Song et al. [15] proposed a measure model according to the probability of the processes that performs the same trace with a discount factor. Deng et al. [16] defined state-metrics as a natural extension of bisimulation from nonquantitative systems to quantitative ones over action-labeled quantitative systems. Alves de Medeiros et al. [17] built a measure relation based on the observable actions of processes. Abate [18] also established an approximate metric based on probabilistic bisimulation.

However, the running of a software depends on its environment. The environment should be considered when the approximation degree between specification and implementation is discussed. The influences of the environment are absent in the existing quantitative models. In [19], Larsen and Skou presented two-thirds bisimulation based on probabilistic transition systems to characterize that two processes are undistinguished when they have the same sets of observations for all tests. If an environment is considered as a set of actions [20], then two-thirds bisimulation expresses the relation in which the process refuses the environment. We proposed two-thirds simulation index and established a measure model to describe the degree of approximation among processes [21]. In -calculus [22] and applied -calculus [23], the observation equivalences were researched. And the influence of environment on the execution of software was considered as well. In [22], a process context is speaking a process expression containing a hole. In [23], the contexts may be used to represent the adversarial environment in which a process is run. The environment provides the data that the process inputs and consumes the data that it outputs.

Larsen [24] presented parameterized bisimulation equivalence to obtain flexible hierarchic development methods. In the work of Larsen, bisimulation equivalence is parameterized with information about context called environment. Environment is considered as an object that consumes the actions produced by a process in that environment. However, the abilities of environment to consume actions might be limited. Suppose that is a process, and it can execute action to next process ; that is, . However, cannot consume the action ; then derivation will never be considered when is executed in environment . If and both perform the same action for all transitions of , then we can determine . In particular, strong bisimulation in CCS (Communication and Concurrency Systems) model is generalized by parameterized bisimulation equivalence. Parameterized limit bisimulation and parameterized bisimulation limit were proposed in [25, 26] to describe the infinite evolution mechanism.

The conditions possessing the same observable actions consumed by the environment are rigorous when we choose parameterized bisimulation to verify software correctness. Sometimes we can determine that two processes fail to meet these conditions. However, these processes are still close to parameterized bisimulation in the sense that whenever a process can execute an action of environment consumption, another process can produce an action that is different from but highly similar to the observable action that the first process executed. Alternatively, another process can perform an action that is highly similar to the observable action that the first process made whenever a process can produce an action that is different from the action of the environment consuming.

The aim of this study is to build mathematical tools that are suitable for describing this kind of approximate parameterized bisimulation. First, we propose parameterized bisimulation index over environment in order to describe the degree to which binary relation is a parameterized bisimulation. Then we define -parameterized bisimulation and discuss algebraic properties. We specially prove the congruence of -parameterized bisimulation under various operators. Finally, in order to describe the characterization of software with probabilistic information, we also extend parameterized bisimulation to probabilistic setting and propose the approximate parameterized probabilistic bisimulation.

Compared with the main focuses of [7, 8, 21], the main focus of our work is on parameterized bisimulation. In [7, 8], the set of labels in a labeled transition system is equipped with a metric. Given a binary relation between processes, the degree to which the relation is bisimulation is defined. Similar to [7, 21], we also equip the set of actions with a metric. Parameterized bisimulation that includes the information about context is different from bisimulation. For every environment , is a binary relation between processes. Therefore, in order to obtain the approximate parameterized bisimulation, we need to establish the bisimulation index for every environment . We consider two cases to obtain the bisimulation index for an environment. One case is that when the environment consumes an action, a process can accept this action and another process cannot accept this action. Another case is that when the environment has the transition with an action, two processes cannot both accept this action. Therefore, our definition about bisimulation index on the environment is different from the definition of bisimulation index in [7]. Furthermore, we establish the -parameterized bisimulation on the environment . In order to obtain the hierarchic development and modular decomposition of software, similar to [7, 21], we also consider the substitutivity laws of -parameterized bisimulation on the environment under various combinators.

Meanwhile, we notice that many metric models are proposed based on the difference of probabilities in which two processes execute the same action [16]. But the influence of environment was not considered in these models. In order to describe the approximation of the complicated software with probabilistic information, we extend parameterized bisimulation to probabilistic setting in order to reflect the environment. First, we extend the environment transition system to probabilistic case. Then, we define parameterized probabilistic bisimulation. Finally, we obtain the -parameterized probabilistic bisimulation based on the probabilities that the environment consumes an action and the processes perform the same action. This point is similar to [14, 16]. Our method is different from the method in [18]. In [18], the state space is equipped with a rich structure, whereas the metric is characterized by probabilistic conditional kernels.

In Section 2, we recall the syntax of CCS and parameterized bisimulation. Parameterized bisimulation index over environment and -parameterized bisimulation are defined in Section 3. Their some algebraic properties are researched in Section 3. In Section 4, the substitutivity laws of -parameterized bisimulation under various operators are proved. In Section 5, parameterized probabilistic bisimulation is proposed and -parameterized probabilistic bisimulation is defined. Furthermore, the congruence of -parameterized probabilistic bisimulation is proved. Our conclusions and future work are presented in Section 6.

2. Preliminaries

2.1. CCS Summary

This section recalls some fundamental concepts and the results of process calculus needed in the subsequent sections. The following definitions mainly come from the book by Ying [27].

We introduce the names , the conames , and labels . range over , range over , range over is defined. We also introduce the silent or perfect action . is defined as the set of actions, whereas are defined range over . Furthermore, we introduce set of process variables and set of processes constants. Mapping is a relabeling function if for every We may extend relabeling function to be a mapping from to itself by decreeing that . The syntax of the basic process calculus is presented in the following definition.

Definition 1 (process expression [28]). The class of process expressions is the smallest class of symbol strings that satisfies the following conditions:(1).(2)If and , then . .(3)If is an indexing set and , then (4)If , then .(5)If and , then .(6)If and is a relabeling function, then .

The process expressions without process variables are called processes and the class of processes is denoted by For any , we assume that there is a defining equation , such as Constants provide us a mechanism of recursion in the process calculus.

The transitional semantics of the basic calculus is presented in the style of Plotkin’s structural operational semantics [29]. We have the following definition.

Definition 2 (labeled transition system [7]). Let be a labeled transition system, where the transition relations are presented by the following rules:

Transitions with strings of labels may be defined in a natural way. If , then we write provided that for some . In this case, we call an action sequence of and is a -derivative of . If for some is a -derivative of , then is called a derivative of .

In the subsequent sections, we mainly consider the restriction of on , where, for each is restriction of on . For simplicity, we always write for .

For example, suppose that a vending machine that sells CocaCola can be described as an expression of CCS:

Its behavior can be expressed as a transition diagram as in Figure 1.

Figure 1: An example of CCS.
2.2. Parameterized Bisimulation

The definition of environment must be introduced because the motivation of parameterized bisimulation is to parameterize the bisimulation equivalence with a special type of information about context called environment. Similar to the assumption that a process may change after performing an action, the assumption that an environment may change after consuming an action is reasonable. Thus environments and their behaviors can be described by labeled transition system , where is the set of environments, is the set of actions (identical to the set of actions used in the transition system of process), and is a subset of called consumption relation.   means that “ may consume the action and in doing so become the environment .”

At this point, let us review the parameterized bisimulation equivalence. First, we recall the bisimulation equivalence without environment.

Definition 3 (bisimulation [24]). Bisimulation is a binary relation on such that whenever and , then(1) such that and ,(2) such that and

Two processes, and , are considered bisimulation if and only if bisimulation exists and satisfies (.

Definition 4 (-parameterized bisimulation [24]). Let be a transition system of environments. Then an -parameterized bisimulation, , is an -indexed family of binary relations, for , s.t. whenever and , then we have the following:(1)If , then there exists , s.t. and .(2)If , then there exists , s.t. and .

Two processes, and , are said to be bisimulation equivalence in the environment if and only if - parameterized bisimulation exists, such that , which is denoted by

Example 5 (see [24]). Let , , and be presented by Figure 2. The -indexed family is shown as follows:

Figure 2: and are parameterized bisimulation on environment .

We can prove that is a parameterized bisimulation. Thus, , Therefore, can accept the action , can also accept the same action, and their next states have the relation when the environment can consume the action to the next environment . By contrast, if can accept the action , then can also accept the same action, and their next states have the relation . Similarly, and have the same behavior when environment can consume action to the next environment . Thus, . However, according to Definition 3, we can observe that

Although and will never be considered when and are executed in environment . The reason is that when consumes the action to the environment , and cannot execute the action to the next state.

Proposition 6 (see [24]). For all and for all , implies that

This proposition indicates that parameterized bisimulation equivalence generalizes bisimulation equivalence.

3. Approximate Parameterized Bisimulation

For the approximate version of parameterized bisimulation, we present the definition of parameterized bisimulation index over the environment that indicates the degree to which a binary relation is parameterized bisimulation. We also generalize some algebraic properties of parameterized bisimulation.

Definition 7 (metric space [30]). Let be a nonempty set. is a mapping from into . Then the pair is called a metric space if the following conditions are satisfied:(1) if and only if .(2).(3) for any .If   is weakened by : for each , then is called a pseudometric. If is strengthened by : for any , then is called an ultrametric.

Let be a metric on . As expected, we can extend to a mapping from to , which is denoted by in the following way: for any ,(1),(2),(3).

is clearly a metric on . In addition, is also an ultrametric provided that is an ultrametric. For simplicity, we always write for . Then the numerical generalization of Definition 4 will be defined. Similar to the parameterized bisimulation, the following assumption is obtained: if can consume an action to , and have the relation , but no transitions exist that can make and execute certain actions to obtain some states that are included in , then and will never be considered when and are executed in .

Definition 8. Let be a labeled transition system and let be a metric on . is an environment transition system. is an -indexed family of binary relations . For , , and , we define that where We call an index in which simulates on the transition

Definition 9. Let be a labeled transition system and let be a metric on . is an environment transition system. is an -indexed family of binary relations . If , such that where then is called parameterized bisimulation index of over environment .

As expected, if , and given, and and , then and are the infimum of distances between transitions and where and are close to . From this point, Definition 9 is clearly a numerical counterpart of Definition 4 and expresses the degree to which is parameterized bisimulation. We should indicate that the smaller the value of , the higher the degree to which is a bisimulation. We can obtain the conclusion that, for every , when is parameterized bisimulation.

Proposition 10. (1) is parameterized bisimulation if and only if, for every , . In particular, , where is the identical relation between processes.
(2) For all , .
(3) For all , . In particular, if is an ultrametric, then .
(4) For all , .

Proof. and are direct from Definition 9.
If or , then it is clear. At this point, suppose that and . Sequences and exist, such that and , , , for any , , and .
For any , if , then there exists with and . For any and , . If , then leads to the idea that there exist and such that , , and At the same time, if , also leads to the idea that there exist and such that with , , and
Furthermore, leads to the following: if , . Thus, and exist, such that with and . Moreover, if , . We can obtain and such that with , , and . Therefore, with and And .
is similar to

(1) in Proposition 10 indicates that, for any , the parameterized bisimulation index is , which is the least value of the bisimulation index over the environment . states that, for any environment , the bisimulation index of relation and the bisimulation index of its inverse are the same. means that, for any environment , the bisimulation index of the composition of two relations is not greater than the sum of the bisimulation indexes of the relation. If the presumed metric on actions is an ultrametric, then it does not exceed even the greatest of the bisimulation indexes of the factor relations. Finally, means that if the degree to which is a bisimulation is not less than some values for all , then the degree to which is a bisimulation is also not less than that value.

Example 11. Let and , be illustrated by Figure 3. The -indexed family is shown as follows:

Figure 3: An example of parameterized bisimulation index.

Let the metric on be defined as

Then, we can obtain that , , , and

In fact, given that , we should first compute when is computed. Moreover, leads to the idea that and should be gained. Since , we only need to compute . By and , the metric can be obtained according to Definition 9. Meanwhile, , but , so this transition should not be considered. Thus, we obtain . Similarly, we get that , . Thus .

By contrast, we only need to compute when because . Furthermore, we should obtain . Since , we only choose the transition of which satisfies the metric between and the action of executing less than . All transitions of both satisfy the metric between and the actions that can perform is less than and equal to 0.1. However, . Thus, we can obtain . Similarly, we can gain . Thus, . Moreover, . Furthermore, we also get when . Therefore, .

In particular, will never be considered when we compute and . The reason is that the next states of are not in . The other results can be obtained in the same way.

Proposition 12. Let be an environment transition system. If is a strong bisimulation relation, then, for every , , where is the bisimulation index defined in [7].

Definition 13. Let be a labeled transition system. is an environment transition system. is an -indexed family of binary relations on ; that is, for , . If , then is called a -parameterized bisimulation over the environment .

If is an -indexed family of binary relations on , , then is clearly an -parameterized bisimulation. If and is -parameterized bisimulation, then is also a -parameterized bisimulation. Moreover, if is -parameterized bisimulation , then is a -parameterized bisimulation.

Corollary 14. Let be a labeled transition system. is an environment transition system. is an -indexed family of binary relations on .(1)If is a parameterized bisimulation, then, for any environment , is a -parameterized bisimulation.(2)If is a parameterized bisimulation, , is a -parameterized bisimulation, if and only if so is .(3)If, for , is a -parameterized bisimulation , then is a -parameterized bisimulation. In particular, if is an ultrametric and and are all -bisimulation, so is .(4)If, for , is a -bisimulation , so is .

Using the concept of -bisimulation, we can define the notion of -parameterized bisimulation in the usual way over the environment .

Definition 15. Let be an -indexed family of binary relations on . For any , we define -bisimulation over the environment as

In other words, if , then and are said to be -bisimilar over the environment whenever -parameterized bisimulation exists such that If , can consume some actions to , but and do not have any transition such that their next states are included in , then and will never be considered when and are executed in the environment .

Next, we illustrate Definitions 9 and 15 with the following example.

Example 16. Two vending machines are assumed to exist. They can be expressed by the following process expressions: A person who wants to buy a cup of CocaCola can be treated as an environment of the vending machines. According to CCS, the behaviors of the person can be described as a process: The transition diagrams are described in Figure 4. Metric exists on the set of actions , where . Consider , , , and . The distance between other actions is .

Figure 4: and are -bisimilar on the environment .

The following relations can be defined:

We can get that , , So, , , , , and . The value means that when the person does not do anything, the approximate degree between two vending machines is 0.7. When the person puts , then the approximate degree between two vending machines is 0.8. Finally, when the person chooses the CocaCola, the distance between them is .

Next, we will try to prove various properties of -parameterized bisimulation over environment .

Proposition 17. Consider
(1) . If , then .
(2) For any , is a -parameterized bisimulation and it is reflexive and symmetric;

Proposition 18. Let . if and only if, for any , and .

Proof. If , then we have that and
Conversely, we define that if and only if and for all . From , we know that, for any and with , if , then, for any , there exist and such that and and ; if , then, for any , there exist and such that and , , and . By noting that implies , we obtain . Similarly, . Therefore, is a -parameterized bisimulation over the environment , and

4. Congruence of -Parameterized Bisimulation over Environment

In order to support hierarchic development and modular decomposition of software, it is necessary to ensure that equivalences are congruent with respect to processes combinators. It means that if two processes are equivalent, then the new processes obtained by combining the given processes are also equivalent. In this section, we will mainly discuss these substitutivity laws of -parameterized bisimulation under various combinators.

Definition 19 (-round [7]). Let be a metric space; If, for any and implies , then is said to be -round. If, for some is -round, then is said to be strongly -round.

Definition 20 (isomorphism mapping [7]). Let be a metric space. is a mapping from into itself. If, for any , then is said to be isomorphism mapping.

From the definition above, we can see that -round is a rigorous condition. In [7], they prove that there are only two -round sets in the real line when One is the empty set and the other is the real line itself. They also show that it is not the same case as in the real line in general. For example, if and is pairwise disjoint and for any with and , then each is -round for every

We now consider the substitutivity laws of -parameterized bisimulation over environment under various combinators in our process calculus.

Proposition 21. Let be an environment transition system; ,(1)If and , then .(2)If is -round and , then .(3)If is isomorphism mapping on and , then .(4)If , then .

Proof. We need to show and . By Definition 2, and , so there exists such that with and . So Similarly, .
Let , . Next, we need to show .
Let . If , then , , and . If , since , there exist and such that with , , and . Since is -round, . By the transition rule, with , , and . If , then leads to the idea that there exist and such that with and . Since is -round, . By the transition rule, with and . Therefore, .
For any , let . Next, we only need to show .
In fact, let . If , then there exists , such that , , and . If , since , and there exist and such that with , , , and . By the transition rule, . Let and since is isomorphism, and , and .
On the other hand, if , tells us and there exist and such that with , , and . By the transition rule, . Let and since is isomorphism, , and . Therefore, .
We need to prove that, for any , and In fact, if , then or . Furthermore, if , then leads to the idea that there exist and such that with , , and So, , and And if , then , and , so Thus,
On the other hand, if , then leads to the idea that there exist and such that , with and So, , and And tells us , , and Thus,
Similarly, we can obtain that So,

5. Parameterized Probabilistic Bisimulation

The behaviors of some complicated software systems are often probabilistic in nature. Usually, a system with probabilistic behaviors may typically be described as a probabilistic process. van Glabbeek et al. [31] introduced three models of probabilistic processes in accordance with the relation between the occurrences of actions and transition probabilities: a reactive system, a generative system, and a stratified model. For example, Larsen and Skou [19] adopted a reactive model for probabilistic processes; Giacalone et al. [14] considered generative probabilistic processes. The probabilistic processes dealt by Smolka and Steffen [32] are in a stratified setting. These models are the extension of SCCS proposed by Milner [33]. Ying [34] proposed a new model of probabilistic process, APPA, which is a probabilistic extension of CCS. Giacalone et al. [13] relaxed the notion of probabilistic bisimulation on the class of deterministic PCCS processes, called -bisimulation. Two processes can simulate each other with bound of deviation in probability. Furthermore, a natural notion of distance between deterministic PCCS processes and an accompanying metric space are proposed.

However, to show the effect of environment on the execution of software, we can extend parameterized bisimulation to the probabilistic case. Firstly, the syntax and semantics of the probabilistic processes are reviewed. As in SCCS [33], let be the Abelian monoid. Intuitively, action of the form represents the simultaneous execution by a process of the actions and . It will often use juxtaposition to denote products of actions, for example, . It is convenient to assume that and vice versa.

Then is an Abelian group. Let be a subset of such that and let be a monoid morphism. is assumed as a process variable. The syntax of PCCS is defined as the following definition.

Definition 22 (the syntax of PCCS [13]). The set of probabilistic process expressions is the smallest set which includes , , and the following expressions:

An expression that has no free variables is called a process, and is the set of all PCCS processes. Intuitively, has no derivations, whereas performs action with probability and then behaves like . A summation expression offers a probabilistic choice among its constituent behaviors, where is accountable, so is a probabilistic distribution. When , then . Product represents synchronized process composition. For the restricted expression , only actions in are visible to an observer, while morphism specifies relabeling of actions. Finally defines a recursive process.

Then, similar to [13], we introduce an unindexed arrow that represents the cumulative probabilistic derivation of one process by another. For and , we write exactly when , where the indices that appear on the arrows are used to distinguish different occurrences of the same probabilistic derivation. For , , and , we write exactly when .

Let be the class of deterministic PCCS processes; that is, if , then, for any , has at most one probabilistic derivation of type . Then, the operational semantics of deterministic PCCS process can be described as follows.

Definition 23 (see [13]). The structure operational semantics of deterministic PCCS process based on probabilistic derivation is given as a set of inference rules, in the style of Plotkin:

Similar to the assumption on parameterized bisimulation, the assumption that an environment and its behaviors can be described as a deterministic PCCS process is reasonable. is the set of environments, is the set of actions (identical to the set of actions used in the transition system of processes), and is a subset of , and means that may consume the action with the probability and after that becomes the environment .

Then, parameterized probabilistic bisimulation is defined.

Definition 24. Let be a probabilistic environment transition system. Then an -parameterized probabilistic bisimulation, , is an -indexed family of binary relations for , such that whenever and , then we have the following: (i)If , then there exists s.t. and .(ii)If , then there exists s.t. and .

Define Two processes, and , are said to be probabilistic bisimulation equivalence on the environment if and only if there exists -parameterized probabilistic bisimulation such that . We write parameterized probabilistic bisimulation by using the following signal, , to distinguish the difference between parameterized bisimulation and parameterized probabilistic bisimulation.

Example 25. Let , , and be given in Figure 5. The -indexed family is shown as follows:

Figure 5: and are probabilistic bisimulation on the environment .

Then, according to Definition 24, is -parameterized probabilistic bisimulation. So, , , , but , .

Next, we try to relax the -parameterized probabilistic bisimulation to establish the approximate parameterized probabilistic bisimulation. In [18], there is a rather rich state-space structure and a metric between two processes employs the probabilistic conditional kernels underlying the two stochastic processes. Another metric is based on the dynamical properties of the two processes. Compared with the metric in [18], our model only focuses on the difference of probabilities where two processes can execute the same action.

Definition 26. Let be a probabilistic environment transition system. Consider . is an -indexed family of binary relations, . If, for any and , the following conditions are satisfied: (1)If , then there exists such that , , and .(2)If , then there exists such that , , and .Then we call   -probabilistic bisimulation. and are said to be -probabilistic bisimilar on the environment if -probabilistic bisimulation exists such that .

Proposition 27. Let be a probabilistic environment transition system. Consider . is an -indexed family of binary relations; :(1)If is a parameterized probabilistic bisimulation, then, for , is -probabilistic bisimulation.(2)For , is -probabilistic bisimulation if and only if so is .(3)For , is a -probabilistic bisimulation (); then is a -probabilistic bisimulation.(4)For , (, where is indexed set) is -probabilistic bisimulation and so is .

Definition 28. Let be a probabilistic environment transition system. Consider . is an -indexed family of binary relations, ; we define

If and are said to be -probabilistic bisimilar on the environment , then -probabilistic bisimulation exists such that . Thus, we can write .

Proposition 29. Consider
(1) forms a sequence of successively larger relations; that is, implies .
(2) ; coincides with the parameterized probabilistic bisimulation.

Example 30. Let , , and be given in Figure 6. The -indexed family is shown as follows: