Timed CTL Model Checking in Real-Time Maude⋆ - IfI

22 D. Lepri, E. Ábrahám, and P. Cs. Ölveczky 

(ii) For the case d π′ 

i 

k ∈ I2 = I\I1 let v be the number of states in π pre′ 

i . We 

show that k − v is a proper index for the satisfaction of the bounded 

until along π ′′ 

j . 

We observe that t π′′ 

j 

l 

T K, t π′′ 

j 

i = tπ′ 

l+v 

i 

for all l. Therefore, T K, tπ′ 

k |=c ϕ2 implies 

k−v |=c ϕ2. Since d π′ i 

k ∈ I2 we have d π′ i 

k ≥ ml¯r + d2 + d3 and 

thus d π′′ j 

i 

k−v = dπ′ 

k − d2 ≥ ml¯r + d3, i.e., the duration of π ′′ 

j until the 

(k − v)-th state is above the lower bound of I. It is easy to see that this 

duration is also below the upper bound (d π′ 

i 

k is below the upper bound 

and d π′′ j 

i 

k−v = dπ′ 

k − d2 < d π′ i 

k ). 

Finally, T K, t π′ 

i 

l+v |=c ϕ1 implies T K, t π′′ 

j 

l |=c ϕ1 for all l < k−v Therefore, 

the index (k − v) is appropriate to show that the path π ′′ 

j satisfies the 

bounded until property. 

“⇐”: This proof case is quite analogous to the “⇐” case of the existentially 

quantified bounded until. The proof structure is illustrated in Figure 4. 

Assume that R, t π j |=c A ϕ1 UI ϕ2 holds. Then by definition for all paths 

πj ∈ tfPaths T K(t π j ) there is a time refinement π′ j ∈ tfPaths T K(t π j ) of πj and 

an index k s.t. d π′ 

j 

j 

k ∈ I, T K, tπ′ 

k |=c ϕ2, and T K, t π′ 

j 

l |=c ϕ1 for all 0 ≤ l < k. 

We show that R, tπ i |=c A ϕ1 UI ϕ2 holds. Let πi ∈ tfPathsT K(tπ i ) be a path. 

Due to time robustness, πi has a time refinement π ′ i ∈ tfPathsT K(tπ i ) which 

contains the state tπ j at time point d2, and in case the upper bound of I is 

finite also a state t∗∗ at time point mu¯r. Note that time robustness assures 

that the state at time point d2 is tπ j . 

Let π pre′ 

i and πj be the prefix resp. suffix of π ′ i 

ending resp. starting at 

time point d2, i.e., at the state tπ j . From R, tπj |=c A ϕ1 UI ϕ2 we conclude 

that there is a time refinement π ′ j of πj and an index k such that d π′ 

j 

k 

T K, t π′ 

j 

∈ I, 

k |=c ϕ2, and T K, t π′ 

j 

l |=c ϕ1 for all 0 ≤ l < k. 

Let π ′′ 

i be the concatenation of πpre′ i and π ′ j . Note that π′′ i is a time refinement 

of πi. We show that the bounded until holds along π ′′ 

i . We distinguish 

between k = 0 and k > 0. 

k = 0 For the case k = 0 notice that t π′ 

j 

0 = tπj and thus T K, tπj |=c ϕ2. Using the 

path π, by induction we get T K, tπ i |=c ϕ2. Furthermore, since d π′ 

j 

0 = 0 

and d π′ j 

0 ∈ I, the lower bound of I must be 0. I.e., the index 0 satisfies 

the condition for the bounded until on the path π ′′ 

i . 

k > 0 Otherwise, if k > 0 then T K, tπ j |=c ϕ1 and we get by induction that 

T K, t π′′ 

i 

l |=c ϕ1 for all l < v (i.e., all states in the prefix π pre′ 

i 

ending at tπ j at time point d2 satisfy ϕ1). 

of π ′′ 

i 

(i) If the upper bound of I is INF then from T K, t π′′ 

j 

k |=c ϕ2 and t π′′ 

j 

k = 

t π′ 

i 

k+v 

i 

we conclude that T K, tπ′ 

k+v |=c ϕ2. Furthermore, d π′′ 

j 

k is above 

the lower bound of I and d π′ 

i 

k+v 

j 

= dπ′′ 

k + d2, i.e., d π′ 

i 

k+v 

∈ I.

Previous page

Next page

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

Timed CTL Model Checking in Real-Time Maude⋆ - IfI

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?