Timed CTL Model Checking in Real-Time Maude⋆ - IfI

More documents

Recommendations

Info

$G:\MISQ\2006\September 2006\Gregor.wpd - IfI$

22 D. Lepri, E. Ábrahám, and P. Cs. Ölveczky (ii) For the case d π′ i k ∈ I2 = I\I1 let v be the number of states in π pre′ i . We show that k − v is a proper index for the satisfaction of the bounded until along π ′′ j . We observe that t π′′ j l T K, t π′′ j i = tπ′ l+v i for all l. Therefore, T K, tπ′ k |=c ϕ2 implies k−v |=c ϕ2. Since d π′ i k ∈ I2 we have d π′ i k ≥ ml¯r + d2 + d3 and thus d π′′ j i k−v = dπ′ k − d2 ≥ ml¯r + d3, i.e., the duration of π ′′ j until the (k − v)-th state is above the lower bound of I. It is easy to see that this duration is also below the upper bound (d π′ i k is below the upper bound and d π′′ j i k−v = dπ′ k − d2 < d π′ i k ). Finally, T K, t π′ i l+v |=c ϕ1 implies T K, t π′′ j l |=c ϕ1 for all l < k−v Therefore, the index (k − v) is appropriate to show that the path π ′′ j satisfies the bounded until property. “⇐”: This proof case is quite analogous to the “⇐” case of the existentially quantified bounded until. The proof structure is illustrated in Figure 4. Assume that R, t π j |=c A ϕ1 UI ϕ2 holds. Then by definition for all paths πj ∈ tfPaths T K(t π j ) there is a time refinement π′ j ∈ tfPaths T K(t π j ) of πj and an index k s.t. d π′ j j k ∈ I, T K, tπ′ k |=c ϕ2, and T K, t π′ j l |=c ϕ1 for all 0 ≤ l < k. We show that R, tπ i |=c A ϕ1 UI ϕ2 holds. Let πi ∈ tfPathsT K(tπ i ) be a path. Due to time robustness, πi has a time refinement π ′ i ∈ tfPathsT K(tπ i ) which contains the state tπ j at time point d2, and in case the upper bound of I is finite also a state t∗∗ at time point mu¯r. Note that time robustness assures that the state at time point d2 is tπ j . Let π pre′ i and πj be the prefix resp. suffix of π ′ i ending resp. starting at time point d2, i.e., at the state tπ j . From R, tπj |=c A ϕ1 UI ϕ2 we conclude that there is a time refinement π ′ j of πj and an index k such that d π′ j k T K, t π′ j ∈ I, k |=c ϕ2, and T K, t π′ j l |=c ϕ1 for all 0 ≤ l < k. Let π ′′ i be the concatenation of πpre′ i and π ′ j . Note that π′′ i is a time refinement of πi. We show that the bounded until holds along π ′′ i . We distinguish between k = 0 and k > 0. k = 0 For the case k = 0 notice that t π′ j 0 = tπj and thus T K, tπj |=c ϕ2. Using the path π, by induction we get T K, tπ i |=c ϕ2. Furthermore, since d π′ j 0 = 0 and d π′ j 0 ∈ I, the lower bound of I must be 0. I.e., the index 0 satisfies the condition for the bounded until on the path π ′′ i . k > 0 Otherwise, if k > 0 then T K, tπ j |=c ϕ1 and we get by induction that T K, t π′′ i l |=c ϕ1 for all l < v (i.e., all states in the prefix π pre′ i ending at tπ j at time point d2 satisfy ϕ1). of π ′′ i (i) If the upper bound of I is INF then from T K, t π′′ j k |=c ϕ2 and t π′′ j k = t π′ i k+v i we conclude that T K, tπ′ k+v |=c ϕ2. Furthermore, d π′′ j k is above the lower bound of I and d π′ i k+v j = dπ′′ k + d2, i.e., d π′ i k+v ∈ I.
π : πi : π ′ i : πj : π ′ j : π ′′ i : π ′ : Timed CTL Model Checking in Real-Time Maude 23 0 ¯r 2¯r 3¯r 4¯r 5¯r t π i t π j n¯r d1 d2 d3 π pre π pre i t π i t π i π pre′ i d2 t π j t π j t π j I πj I1 mu ¯r t ∗∗ t ∗∗ t ∗∗ t π i t π j t ∗∗ π pre′ i t π i t π j t ∗∗ π pre π ′′ i Fig. 4: Lemma 1: Proof structure for the “⇐” direction of universally quantified bounded until I π ′ j I I2
Page 1 and 2: Timed CTL Model Checking in Real-Ti
Page 15 and 16: π : πi : π ′ i : πj : π ′
Page 21: Timed CTL Model Checking in Real-Ti

Timed CTL Model Checking in Real-Time Maude⋆ - IfI

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?