Timed CTL Model Checking in Real-Time Maude⋆ - IfI

More documents

Recommendations

Info

$G:\MISQ\2006\September 2006\Gregor.wpd - IfI$

26 D. Lepri, E. Ábrahám, and P. Cs. Ölveczky – ϕ = E ϕ1 UI ϕ2: We need to show both implication directions. “⇐”: Assume T K gcd , t |=p ϕ. By definition T K gcd , t |=p ϕ iff there exists π ∈ tfPathsT Kgcd(t) and an index j s.t. dπ j ∈ I, T K gcd , t π j |=p ϕ2, and ∀ 0 ≤ i < j T K gcd , t π i |=p ϕ1. Let π be such a path and j such an index. Note that all tick steps in π have duration ¯r/2. This path π is also in tfPaths T K(t). We show that for each time refinement π ′ ∈ tfPathsT K(t) of π there is an index j ′′ s.t. dπ′ j ′′ ∈ I, T K, tπ′ j ′′ |=c ϕ2, and T K, t π′ i |=c ϕ1 for all 0 ≤ i < j ′′ . Let π ′ ∈ tfPaths T K(t) be a time refinement of π. Then t π j also appears in π ′ at the same time point dπ j at some index j′ , i.e., dπ′ j ′ ∈ I. By induction T K, t π j |=c ϕ2 and from t π j dπ j is a multiple of ¯r/2 we have that dπ′ j ′ = dπj Let π0 be the concatenation of πpre and π ′ . Then tπ′ = tπ′ j ′ we get T K, tπ′ j ′ |=c ϕ2. Furthermore, since is also a multiple of ¯r/2. j ′ appears in π0 at position n0 + j ′ and time point d π0 n0+j ′. If dπ0 n0+j ′ is a multiple of ¯r then we define j ′′ = j ′ . Otherwise let d π0 n0+j ′ be in the time interval (n¯r, (n + 1)¯r) for some n ∈ N0. Let j ′′ be the smallest index such that d π0 n0+j ′′ ∈ (n¯r, (n + 1)¯r). Then by Lemma 1 we conclude from T K, tπ′ j ′ |=c ϕ2 and tπ′ ′ = tπ0 ′ that also T K, t π0 n0+j ′′ |=c ϕ2, i.e., T K, t π′ j ′′ |=c ϕ2. j n0+j Similarly, by induction we get that T K, t π′ i |=c ϕ1 for all i < j ′′ in case d π′ i is a multiple of ¯r/2, since these states also appear in π at the same time points and they satisfy ϕ1 in the pointwise semantics by assumption. For the other states t π′ i in π ′ appearing before the index j ′′ we use the concatenation π0 of π pre and π ′ to show that they satisfy ϕ1 using Lemma 1. Note that those states t π′ i all appear in π0 in some time interval (n¯r, (n+1)¯r). Furthermore, in this interval there is also a state tmid at the time point n¯r + ¯r/2, for which we have already shown that T K, tmid |=c ϕ1. Thus by Lemma 1 and using the path π0, also t π′ i satisfies ϕ1. “⇒”: Assume T K, t |=c E ϕ1 UI ϕ2. By definition T K, t |=c E ϕ1 UI ϕ2 iff there is a path π ∈ tfPaths T K(t) s. t. for each time refinement π ′ ∈ tfPaths T K(t) of π there is an index j ′ s.t. dπ′ j ′ ∈ I, T K, tπ′ j ′ |=c ϕ2, and ∀ 0 ≤ i < j ′ T K, t π′ i |=c ϕ1. Let π be such a path. Let π ′ be a time refinement of π in which a state appears at all time points n¯r/2 for n ∈ N0. By the above definition we conclude that there is an index j ′ such that dπ′ j ′ ∈ I, T K, tπ′ j ′ |=c ϕ2, and T K, t π′ i |=c ϕ1 for all 0 ≤ i < j ′ . Next we define an index j ′′ satisfying the same conditions as j ′ but addi- tionally such that d π′ j ′′ is a multiple of ¯r/2. If dπ′ j then let j ′′ = j ′ . Otherwise let again π0 be the concatenation of πpre and π ′ . ′′ is already a multiple of ¯r/2
Timed CTL Model Checking in Real-Time Maude 27 Then dπ′ j ′ is in π0 in an interval (n¯r, (n + 1)¯r) for some n ∈ N0. Furthermore there is another state tmid at time point n¯r + ¯r/2 and index n0 + j ′′ in π0. Again by Lemma 1 we have T K, tπ′ j ′′ |=c ϕ2. Now we can build a time abstraction of π ′ which we obtain by replacing each rl tick step sequence tl −→ . . . rl+i−1 −→ tl+i with dπ′ l = n¯r/2 and dπ′ l+i = (n+1)¯r/2 r for some n ∈ N0 by tl −→ tl+i with r = l+i−1 ri. This time abstraction π ′′ is a path of T K gcd , and the states of π ′′ appear at the same time points also in π ′ . Furthermore, since dπ′ j ′′ is a multiple of ¯r/2, it also appears in π ′′ at some position j ′′′ . Finally, since all states in π ′ with index less that j ′′ satisfy ϕ1, also all states in π ′′ with index less that j ′′′ , building a subset of the previous ones, satisfy ϕ1. Thus π ′′ satisfies the bounded until path formula, i.e., T K gcd , t |=p E ϕ1 UI ϕ2. – ϕ = A ϕ1 UI ϕ2: We need to show both implication directions. “⇐”: Assume that T K gcd , t |=p A ϕ1 UI ϕ2. By definition T K gcd , t |=p A ϕ1 UI ϕ2 iff for each π ∈ tfPathsT Kgcd(t) there is an index j s.t. dπ j ∈ I, i=l T K gcd , t π j |=p ϕ2 and ∀ 0 ≤ i < j T K gcd , t π i |=p ϕ1. In order to prove that T K, t |=c A ϕ1 UI ϕ2, we have to show that for each path π ∈ tfPathsT K(t) there exists a time refinement π ′ ∈ tfPathsT K(t) of π and an index j s.t. dπ′ j ∈ I, T K, tπ′ j |=c ϕ2, and ∀ 0 ≤ i < j T K, tπ′ i |=c ϕ1. Let π ∈ tfPathsT K(t) and let π ′ ∈ tfPathsT K(t) be a refinement of π containing a state at each time point n¯r/2, n ∈ N0. We obtain π ′′ from π ′ rl by replacing each tick step sequence tl −→ . . . rl+i−1 −→ r −→ tl+i tl+i with d π′ l with r = l+i−1 i=l = n¯r/2 and dπ′ l+i = (n + 1)¯r/2 for some n ∈ N0 by tl ri. Note that π ′′ is in tfPaths T K gcd(t) and thus by assumption there is an index j such that d π j ∈ I, T Kgcd , t π j |=p ϕ2 and T K gcd , t π i |=p ϕ1 for all 0 ≤ i < j. Let j be such an index. Then by construction and induction there exists an index j ′ such that dπ′ j ′ is a multiple of ¯r/2, dπ′ j ′ ∈ I, T K, tπ′ j ′ |=c ϕ2 and T K, tπ′ i |=c ϕ1 for all 0 ≤ i < j ′ with d π′ i being a multiple of ¯r/2. For the other states prior to the index j′ we construct π0 as the composition of π pre and π ′ . Note that in each interval (n¯r, (n + 1)¯r) with (n + 1)¯r < tπ′ j ′ there is a point at n¯r + ¯r/2, for which we have already shown to satisfy ϕ1. Thus by Lemma 1 also the states that are prior to the index j ′′ and are not at multiples of ¯r/2 satisfy ϕ1. Hence π ′ |=c ϕ. “⇒”: Assume T K, t |=c A ϕ1 UI ϕ2. T K, t |=c A ϕ1 UI ϕ2 iff for each path π ∈ tfPathsT K(t) there is a time refinement π ′ ∈ tfPathsT K(t) of π and an index j s.t. dπ′ j ∈ I, T K, tπ′ j |=c ϕ2, and ∀ 0 ≤ i < j T K, tπ′ i |=c ϕ1.
Page 1 and 2: Timed CTL Model Checking in Real-Ti
Page 15 and 16: π : πi : π ′ i : πj : π ′
Page 23 and 24: π : πi : π ′ i : πj : π ′
Page 25: Timed CTL Model Checking in Real-Ti

Timed CTL Model Checking in Real-Time Maude⋆ - IfI

Create successful ePaper yourself

Delete template?

Save as template?