Timed CTL Model Checking in Real-Time Maude⋆ - IfI

Timed CTL Model Checking in Real-Time Maude 21
π ′ i of πi and an index k s.t. d π′
i
i
k ∈ I, T K, tπ′
k |=c ϕ2, and T K, t π′ i
l |=c ϕ1 for
all 0 ≤ l < k. Let π ′ i be such a path and k such an index.
Note that π ′ i contains the state tπj at time point d2. Let π pre′
i and π ′′
j be
the prefix resp. suffix of π ′ i ending resp. starting at that state. Let v be the
number of states in π pre′
i and let π ′ be the concatenation of πpre and π ′ i . We
show that the bounded until is satisfied along π ′′
j , being a time refinement
of πj.
Remember that ml¯r is the lower bound of I. We distinguish between (i)
d π′
i
k ∈ I1 = [ml¯r, ml¯r + d2 + d3) and (ii) d π′
i
k ∈ I2 = I\I1.
(i) Assume first that d π′ i
k ∈ I1 = [ml¯r, ml¯r + d2 + d3). We observe that π ′ i
contains the state t∗∗ at time point ml¯r + d2 (we added this sample
point when refining πj to π ′ j ), thus t∗∗ appears in π ′ at time point (n +
ml)¯r + d1 + d2. Furthermore, we assumed that d π′
i
k ∈ I1, i.e., ml¯r ≤
d π′
i
k < ml¯r + d2 + d3, implying that t π′ i
[(n + ml)¯r + d1, (n + ml + 1)¯r). Thus both t∗∗ and t π′ i
k appear in π′ in
the interval ((n + ml)¯r, (n + ml + 1)¯r), and from T K, t π′
i
k |=c ϕ2 we get
by induction that T K, t∗∗ |=c ϕ2.
k appears in π′ at a time point in
Note that t ∗∗ also appears in π ′′
j . We want to show that the index of t∗∗ in
π ′′
j
satisfies the conditions for the satisfaction of the until formula by π′′
j .
We already have shown that T K, t ∗∗ |=c ϕ2. Additionally, t ∗∗ appears in
π ′′
j at time point ml¯r, which is the left end point of the interval I.
In case ml = 0 we are done, because there are no states prior to t∗∗ in
π ′′
j . Otherwise, if ml > 0, it remains to show that all states prior to t∗∗ in π ′′
j satisfy ϕ1. There are two cases.
∗ We know that all states t π′
i
l
with l < k (especially all states at time
points less than ml¯r) satisfy ϕ1. We conclude that the states in π ′′
j at
time points less than ml¯r − d2, building a subset of the above states,
all satisfy ϕ1.
∗ It remains to show that all states at time points from [ml¯r −d2, ml¯r)
in π ′′
j also satisfy ϕ1. Notice that π ′ i contains the state t∗ at time
point ml¯r − d1/2. Since this time point is below the lower bound of
I we have T K, t ∗ |=c ϕ1.
This state t ∗ appears in π ′ is at time point
(n¯r + d1) + (ml¯r − d1/2) = (n + ml)¯r + d1/2 .
By induction we get that all states appearing in π ′ at time points
from the interval ((n + ml)¯r, (n + ml + 1)¯r) satisfy ϕ1. I.e., all states
in π ′′
j at time points from
((n + ml)¯r − (n¯r + d1 + d2), (n + ml + 1)¯r − (n¯r + d1 + d2))
= (ml¯r − d1 − d2, (ml + 1)¯r − d1 − d2)
⊇ [ml¯r − d2, ml¯r)
satisfy ϕ1.