CTL Model Checking. Prof. P.H. Schmitt. Formal Systems II. Institut für Theoretische Informatik Fakultät für Informatik Universität Karlsruhe (TH)

Similar documents
FORMAL METHODS LECTURE V: CTL MODEL CHECKING

T k b p M r will so ordered by Ike one who quits squuv. fe2m per year, or year, jo ad vaoce. Pleaie and THE ALTO SOLO

Notes on ordinals and cardinals

Axioms for Set Theory

Solutions to Tutorial 8 (Week 9)

Lecture Notes on Model Checking

SMV the Symbolic Model Verifier. Example: the alternating bit protocol. LTL Linear Time temporal Logic

Metric Space Topology (Spring 2016) Selected Homework Solutions. HW1 Q1.2. Suppose that d is a metric on a set X. Prove that the inequality d(x, y)

ULTRAFILTER AND HINDMAN S THEOREM

5 Birkhoff s Ergodic Theorem

Reasoning about Time and Reliability

CHAPTER 8: EXPLORING R

Concrete Domains. Gilles Kahn INRIA Sophia Antipolis Gordon D. Plotkin University of Edinburgh

Inductive Definitions and Fixed Points

Chapter 6: Computation Tree Logic

Economics 204 Fall 2011 Problem Set 2 Suggested Solutions

Walker Ray Econ 204 Problem Set 3 Suggested Solutions August 6, 2015

CS 2110: INDUCTION DISCUSSION TOPICS

( V ametavariable) P P true. even in E)

Part 1: Propositional Logic

Iowa State University. Instructor: Alex Roitershtein Summer Homework #5. Solutions

Summer Jump-Start Program for Analysis, 2012 Song-Ying Li

MATH 55 - HOMEWORK 6 SOLUTIONS. 1. Section = 1 = (n + 1) 3 = 2. + (n + 1) 3. + (n + 1) 3 = n2 (n + 1) 2.

Math 140A - Fall Final Exam

Foundations of Mathematics MATH 220 FALL 2017 Lecture Notes

1 The Local-to-Global Lemma

Theorem 5.3. Let E/F, E = F (u), be a simple field extension. Then u is algebraic if and only if E/F is finite. In this case, [E : F ] = deg f u.

A necessary and sufficient condition for the existence of a spanning tree with specified vertices having large degrees

Detailed Proofs of Lemmas, Theorems, and Corollaries

Exercises for Unit VI (Infinite constructions in set theory)

Definitions & Theorems

MT804 Analysis Homework II

Parallel Recursion: Powerlists. Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin

CORES OF ALEXANDROFF SPACES

Mathematical Structures Combinations and Permutations

Optimization and Optimal Control in Banach Spaces

PRACTICE PROBLEMS: SET 1

Laver Tables A Direct Approach

KRIPKE S THEORY OF TRUTH 1. INTRODUCTION

THE INVERSE FUNCTION THEOREM

3 FUNCTIONS. 3.1 Definition and Basic Properties. c Dr Oksana Shatalov, Fall

Solutions for Homework Assignment 2

Functional Equations

Provably Total Functions of Arithmetic with Basic Terms

Convex Analysis and Optimization Chapter 2 Solutions

b + O(n d ) where a 1, b > 1, then O(n d log n) if a = b d d ) if a < b d O(n log b a ) if a > b d

Problems - Section 17-2, 4, 6c, 9, 10, 13, 14; Section 18-1, 3, 4, 6, 8, 10; Section 19-1, 3, 5, 7, 8, 9;

be a path in L G ; we can associated to P the following alternating sequence of vertices and edges in G:

Exercise Sheet 7 - Solutions

PERIODS IMPLYING ALMOST ALL PERIODS FOR TREE MAPS. A. M. Blokh. Department of Mathematics, Wesleyan University Middletown, CT , USA

General Topology. Summer Term Michael Kunzinger

Semantics and Verification of Software

Some Applications of Logic to Feasibility in Higher Types

Foundations of mathematics. 5. Galois connections

Principle of Mathematical Induction

Denotational Semantics

1 More concise proof of part (a) of the monotone convergence theorem.

Uniform Convergence and Uniform Continuity in Generalized Metric Spaces

The Knaster-Tarski Fixed Point Theorem for Complete Partial Orders

COSE312: Compilers. Lecture 14 Semantic Analysis (4)

Gerwin Klein, June Andronick, Ramana Kumar S2/2016

A Gentle Introduction to Gradient Boosting. Cheng Li College of Computer and Information Science Northeastern University

COM S 330 Homework 08 Solutions. Type your answers to the following questions and submit a PDF file to Blackboard. One page per problem.

Extremal Solutions of Inequations over Lattices with Applications to Supervisory Control 1

Fall 2015 Lecture 14: Modular congruences. cse 311: foundations of computing

Metric Spaces Lecture 17

DO FIVE OUT OF SIX ON EACH SET PROBLEM SET

Computer Science & Engineering 423/823 Design and Analysis of Algorithms

Model Checking Algorithms

447 HOMEWORK SET 1 IAN FRANCIS

Homework #2 Solutions Due: September 5, for all n N n 3 = n2 (n + 1) 2 4

Chapter 6. Integration. 1. Integrals of Nonnegative Functions. a j µ(e j ) (ca j )µ(e j ) = c X. and ψ =

4th Preparation Sheet - Solutions

Math 220A Complex Analysis Solutions to Homework #2 Prof: Lei Ni TA: Kevin McGown

MA CALCULUS. Marking Scheme

CHAPTER 2 POLYNOMIALS KEY POINTS

Preparing for the CS 173 (A) Fall 2018 Midterm 1

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Analysis of Algorithms I: Asymptotic Notation, Induction, and MergeSort

Axioms of separation

Notes on the Banach-Tarski Paradox

AAA616: Program Analysis. Lecture 3 Denotational Semantics

Continuous Functions on Metric Spaces

1 Homework. Recommended Reading:

Denotational semantics: proofs

Model checking (III)

Economics 204 Summer/Fall 2011 Lecture 5 Friday July 29, 2011

1. Supremum and Infimum Remark: In this sections, all the subsets of R are assumed to be nonempty.

Solutions of APMO 2016

SEMANTICS OF INTUITIONISTIC PROPOSITIONAL LOGIC: HEYTING ALGEBRAS AND KRIPKE MODELS

Review 1. Andreas Klappenecker

NOTES ON THE REGULARITY OF QUASICONFORMAL HOMEOMORPHISMS

ARCS IN FINITE PROJECTIVE SPACES. Basic objects and definitions

CSE 311: Foundations of Computing. Lecture 14: Induction

4.4 Noetherian Rings

Real Analysis: Part I. William G. Faris

arxiv: v1 [cs.pl] 19 May 2016

DIRECTED STUDIES IN MATHEMATICS - FINAL REPORT. 1. Introduction

Lecture Notes on Heyting Arithmetic

Model Checking with CTL. Presented by Jason Simas

Transcription:

CTL Model Checking Prof. P.H. Schmitt Institut für Theoretische Informatik Fakultät für Informatik Universität Karlsruhe (TH) Formal Systems II Prof. P.H. Schmitt CTLMC Summer 2009 1 / 26

Fixed Point Theory Prof. P.H. Schmitt CTLMC Summer 2009 2 / 26

Fixed Points Definition Definition Let f : P(G) P(G) be a set valued function and Z a subset of G. 1. Z is called a fixed point of f if f(z) = Z. 2. Z is called the least fixed point of f is Z is a fixed point and for all other fixed points U of f the relation Z U is true. 3. Z is called the greatest fixed point of f is Z is a fixed point and for all other fixed points U of f the relation U Z is true. Prof. P.H. Schmitt CTLMC Summer 2009 3 / 26

Finite Fixed Point Lemma Let G be an arbitrary set, Let P(G) denote the power set of a set G. A function f : P(G) P(G) is called monotone of for all X, Y G X Y f(x) f(y ) Let f : P(G) P(G) be a monotone function on a finite set G. 1. There is a least and a greatest fixed point of f. 2. n 1 f n ( ) is the least fixed point of f. 3. n 1 f n (G) is the greatest fixed point of f. Prof. P.H. Schmitt CTLMC Summer 2009 4 / 26

Proof of part (2) of the finite fixed point Lemma Monotonicity of f yields f( ) f 2 ( )... f n ( )... Since G is finite there must be an i such that f i ( ) = f i+1 ( ). Then Z = n 1 f n ( ) = f i ( ) is a fixed point of f: f(z) = f(f i ( )) = f i+1 ( ) = f i ( ) = Z Let U be another fixed point of f. From U be infer by monotonicity of f at first f( ) f(u) = U. By induction on n we conclude f n ( ) U for all n. Thus also Z = f i ( ) U. Prof. P.H. Schmitt CTLMC Summer 2009 5 / 26

Continuous Functions Definition A function f : P(G) P(G) is called 1. -continuous (upward continuous), if for every ascending sequence M 1 M 2... M n... f( M n ) = f(m n ) n 1 n 1 2. -continuous (downward continuous), if for every descending sequence M 1 M 2... M n... f( M n ) = f(m n ) n 1 n 1 Prof. P.H. Schmitt CTLMC Summer 2009 6 / 26

Fixed Points For Continuous Functions Let f : P(G) P(G) be an upward continuous functions and g : P(G) P(G) a downward continuous function. The for all M, N P(G) such that M f(m) and g(n) N the following is true. 1. n 1 f n (M) is the least fixed point of f containing M, 2. n 1 gn (M) is the greatest fixed point of g contained in M. Prof. P.H. Schmitt CTLMC Summer 2009 7 / 26

Proof of (1) By monotonicity we first obtain M f(m) f 2 (M)... f n (M)... Let P = n 1 f n (M). This immediately gives M P. Furthermore f(p ) = f( n 1 f n (M)) = n 1 f n+1 (M) by continuity = n 1 f n (M) since f(m) f 2 (M) = P Assume now that Q is another fixed point of f satisfying M Q. By Monotonicity and the fixed point property f(m) f(q) = Q and furthermore for every n 1 also f n (M) Q. Thus we obtain P = n 1 f n (M) Q Prof. P.H. Schmitt CTLMC Summer 2009 8 / 26

Knaster-Tarski-Fixed-Points Theorem Let f : P(G) P(G) be a monotone function. Then Note, G need not be finite. f has a least and a greatest fixed point. Prof. P.H. Schmitt CTLMC Summer 2009 9 / 26

Proof Fixed Point Let L = {S G f(s) S}, e.g., G L. Let U = L. Show f(u) = U! For all S L by the property of an intersection: U S. By monotonicity and definition of L f(u) f(s) S. Thus f(u) L = U and we have already established half of our claim. By monotonicity f(u) U implies f(f(u)) f(u) which yields f(u) L and futhermore U f(u). We thus have indeed U = f(u). Prof. P.H. Schmitt CTLMC Summer 2009 10 / 26

Proof Least Fixed Point Now assume W is another fixed point of f,i.e., f(w ) = W. This yields W L= {S G f(s) S} and U = L W. Thus U is the least fixed point of f. Following the same line of argument one can show that {S G S f(s)} is the greatest fixed point of f. Prof. P.H. Schmitt CTLMC Summer 2009 11 / 26

CTL Model Checking Algorithm Prof. P.H. Schmitt CTLMC Summer 2009 12 / 26

Two Auxiliary Concepts Let T = (S, R, v) be a transition system and F an CTL formula. The set τ(f ) = {s S s = F } is called the characteristic region of F in T. The universal and existential next step functions f AX, f EX : P(S) P(S) are defined by f AX (Z) = {s S for all t with srt we get t Z} f EX (Z) = {s S there exists a t with srt and t Z} Prof. P.H. Schmitt CTLMC Summer 2009 13 / 26

CTL Model Checking Algorithm Let T = (S, R, v) be a transition system and F an CTL formula. τ(f ) is computed by the following high-level recursive algorithm: 1 τ(p) = {s S v(s, p) = 1} 2 τ(f 1 F 2 ) = τ(f 1 ) τ)f 2 ) 3 τ(f 1 F 2 ) = τ(f 1 ) τ(f 2 ) 4 τ( F 1 ) = S \ τ(f 1 ) 5 τ(a(f 1 U F 2 )) = lfp[τ(f 2 ) (τ(f 1 ) f AX (Z))] 6 τ(e(f 1 U F 2 )) = lfp[τ(f 2 ) (τ(f 1 ) f EX (Z)] 7 τ(aff 1 ) = lfp[τ(f 1 ) f AX (Z)] 8 τ(eff 1 ) = lfp[τ(f 1 ) f EX (Z)] 9 τ(egf 1 ) = gfp[τ(f 1 ) f EX (Z)] 10 τ(agf 1 ) = gfp[τ(f 1 ) f AX (Z)] Prof. P.H. Schmitt CTLMC Summer 2009 14 / 26

Correctness Proof Case 10 AG F 1 By definition τ(ag F 1 ) = {s S s τ(f 1 ) and h τ(ag F 1 ) for all h with grh} Using Definition of the universal next step function: τ(ag F 1 ) = τ(f 1 ) f AX (τ(ag F 1 )) So, τ(ag F 1 ) is a fixed point of the function τ(f 1 ) f AX (Z). It remains to see that it is the greatest fixed point. Prof. P.H. Schmitt CTLMC Summer 2009 15 / 26

Correctness Proof Case 10 AG F 1 (continued) Let H be another fixed point, i.e., H = τ(f 1 ) f AX (H). We need to show H τ(ag F 1 )). Consider g 0 H with the aim of showing that for all n 0 and all g i satisfying g i 1 Rg i for all 1 i n we obtain g n τ(f 1 ). Observe H = τ(f 1 ) f AX (H) τ(f 1 ). Thus it suffices to show for all n 0 that g n H. For n = 0 that is true by assumptions. Assume g n 1 H. g n 1 H f AX (H) = {g for all h with grh we have h H}. Thus g n H. Prof. P.H. Schmitt CTLMC Summer 2009 16 / 26

Correctness Proof Case 6 E(F 1 U F 2) By definition τ(e(f 1 U F 2 )) = {g S s = F 2 or s = F 1 and there exists h with grh and h = F 2 } Using next step function: τ(e(f 1 U F 2 )) = τ(f 2 ) (τ(f 1 ) f EX (τ(e(f 1 U F 2 ))) Thus τ(e(f 1 U F 2 )) is a fixed point of the function τ(f 2 ) (τ(f 1 ) f EX (Z)). It remains to show that it is the least fixed point. Prof. P.H. Schmitt CTLMC Summer 2009 17 / 26

Correctness Proof Case 6 E(F 1 U F 2) (continued) Consider H S with H = τ(f 2 ) (τ(f 1 ) f EX (H)). We need τ(e(f 1 U F 2 )) H. Fix g 0 τ(e(f 1 U F 2 )), try to arrive at g 0 H. There is an n N and there are g i for 1 i n satisfying 1. g i Rg i+1 for all 0 i < n. 2. g n τ(f 2 ). 3. g i τ(f 1 ) for all 0 i < n. We set out to prove g n H by induction on n. n = 0 Since H = τ(f 2 ) (τ(f 1 ) f EX (H)) τ(f 2 ) and g 0 = g n τ(f 2 ). n 1 n By induction hypothesis we have g 1 H Since g 0 τ(f 1 ) and g 0 Rg 1 we obtain g 0 (τ(f 1 ) f EX (H)) H and thus also g 0 H. Prof. P.H. Schmitt CTLMC Summer 2009 18 / 26

CTL Model Checking Example Prof. P.H. Schmitt CTLMC Summer 2009 19 / 26

Transition System s 0 n 1n 2 s 1 t 1n 2 n 1t 2 s 5 s 3 s 8 n1c2 s6 s 2 c 1n 2 t 1t 2 t 1t 2 s 4 c 1t 2 s 7 t 1c 2 Prof. P.H. Schmitt CTLMC Summer 2009 20 / 26

The Task s0 n1n2 s1 t1n2 n1t2 s5 s2 c1n2 s4 c1t2 s3 t1t2 s8 t1t2 s7 t1c2 Check if the following the formula is true in state 1. n1c2 s6 0 1 2 3 4 5 6 7 8 N 1 1 0 0 0 0 1 1 0 0 N 2 1 1 1 0 0 0 0 0 0 T 1 0 1 0 1 0 0 0 1 1 T 2 0 0 0 1 1 1 0 0 1 C 1 0 0 1 0 1 0 0 0 0 C 2 0 0 0 0 0 0 1 1 0 F = T 1 AFC 1 T 1 AFC 1 Prof. P.H. Schmitt CTLMC Summer 2009 21 / 26

The Set-up Goal 1 = T 1 AFC 1 i.e. 1 = T 1 AFC 1 We will present the computations starting with the innermost subformulas first, i.e., in the order τ(t 1 ), τ(c 1 ), τ( T 1 ), τ(afc 1 ), and τ(f ). This will make it much easier to follow the algorithm, since when a recursice call is started, we know already its result. In the end we check 1 τ(f ). Prof. P.H. Schmitt CTLMC Summer 2009 22 / 26

The First Steps τ(t 1 ) = {1, 3, 7} (1) τ(c 1 ) = {2, 4} (2) From which we get easily τ( T 1 ) = {0, 2, 4, 5, 6} (3) Prof. P.H. Schmitt CTLMC Summer 2009 23 / 26

Fixed Point Computation The next step is to compute τ(afc 1 ) according to the algorithm this amounts to the computation of the least fixed point of f(z) = τ(c 1 ) f AX (Z) = f AX (Z) {2, 4}. We thus compute f( ), f 2 ( ),... f n ( ) till we reach a stationary value, i.e. f n ( ) = f n+1 ( ). f 1 ( ) = {2, 4} f 2 ( ) = {2, 3, 4} f 3 ( ) = {1, 2, 3, 4} f 4 ( ) = {1, 2, 3, 4, 7} f 5 ( ) = {1, 2, 3, 4, 7, 8} f 6 ( ) = {1, 2, 3, 4, 7, 8} Thus τ(afc 1 ) = {1, 2, 3, 4, 7, 8} (4) Prof. P.H. Schmitt CTLMC Summer 2009 24 / 26

End of the Computation τ(f ) = τ( T 1 ) τ(afc 1 ) = {0, 1, 2, 3, 4, 5, 6, 7, 8} = S (5) Since 1 τ(f ) we conclude s 1 = F (6) Prof. P.H. Schmitt CTLMC Summer 2009 25 / 26

THE END Prof. P.H. Schmitt CTLMC Summer 2009 26 / 26

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback