overview
play

Overview overview7.4 Introduction Modelling parallel systems - PowerPoint PPT Presentation

Feb 21, 2023 •9 likes •1.95k views

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

  1. Analysis by abstraction from stutter steps stutter5.4-4 simplified TS ℓ 1 x =2 y =4 ℓ 1 x =2 y =4 ℓ 1 x =2 y =4 z =3 z =3 z =3 representation ℓ 2 x =1 y =4 z =3 ℓ 2 x =1 y =4 ℓ 2 x =1 y =4 z =3 z =3 z =3 z =3 z =3 ℓ 3 x =1 y =2 ℓ 3 x =1 y =2 ℓ 3 x =1 y =2 z =3 z =3 z =3 ℓ 1 x =1 y =2 ℓ 1 x =1 y =2 ℓ 1 x =1 y =2 z =1 z =1 z =1 z =1 z =1 z =1 ℓ 2 x =2 y =2 z =1 ℓ 2 x =2 y =2 ℓ 2 x =2 y =2 z =1 z =1 z =0 z =0 z =0 ℓ 3 x =2 y =1 z =1 ℓ 3 x =2 y =1 ℓ 3 x =2 y =1 z =1 z =1 . . . . . . . . . ℓ 1 x =2 y =1 z =0 ℓ 1 x =2 y =1 z =0 ℓ 1 x =2 y =1 z =0 . . . . . . . . . 21 / 444

  2. Overview overview7.4-stutter-trace Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic (CTL) Equivalences and Abstraction bisimulation, CTL/CTL*-equivalence computing the bisimulation quotient abstraction stutter steps stutter LT relations ← ← ← − − − stutter bisimulation simulation relations 22 / 444

  3. Remind: trace relations stutter5.4-5-remind 23 / 444

  4. Remind: trace relations stutter5.4-5-remind trace equivalence for paths π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent iff trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) 24 / 444

  5. Remind: trace relations stutter5.4-5-remind trace equivalence for paths π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent iff trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace inclusion for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) s.t. π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent 25 / 444

  6. Remind: trace relations stutter5.4-5-remind trace equivalence for paths π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent iff trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace inclusion for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) s.t. π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent trace equivalence for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) ∧ Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∧ ∧ Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 2 ) ⊆ Traces ( T 1 ) 26 / 444

  7. Remind: trace relations stutter5.4-5-remind trace equivalence for paths π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent iff trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace inclusion for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) s.t. π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent trace equivalence for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) ∧ Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∧ ∧ Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) iff for each LT property E E E : T 2 | T 2 | T 2 | = E = E = E implies T 1 | T 1 | T 1 | = E = E = E 27 / 444

  8. Remind: trace relations stutter5.4-5-remind trace equivalence for paths π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent iff trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace ( π 1 ) = trace ( π 2 ) trace inclusion for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∀ π 1 ∈ Traces ( T 1 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) ∃ π 2 ∈ Traces ( T 2 ) s.t. π 1 π 1 π 1 , π 2 π 2 π 2 are trace equivalent trace equivalence for TS: Traces ( T 1 ) ⊆ Traces ( T 2 ) ∧ Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) ∧ ∧ Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 2 ) ⊆ Traces ( T 1 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) iff for each LT property E E E : T 2 | T 2 | T 2 | = E = E implies T 1 | = E T 1 | T 1 | = E = E = E � � �    trace equivalent TS satisfy the same LTL formulas 28 / 444

  9. Stutter equivalence for paths stutter5.4-stutter-equiv-paths 29 / 444

  10. Stutter equivalence for paths stutter5.4-stutter-equiv-paths stutter equivalence for infinite path fragments: 30 / 444

  11. Stutter equivalence for paths stutter5.4-stutter-equiv-paths stutter equivalence for infinite path fragments: ∆ ∆ ∆ π 1 = π 2 π 1 π 1 = π 2 = π 2 iff there exists an infinite word 2 AP � ω s.t. the 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ traces of π 1 π 1 π 1 and π 2 π 2 π 2 are of the form A 0 . . . A 0 A 1 . . . A 1 A 2 . . . A 2 . . . A 0 . . . A 0 A 1 . . . A 1 A 2 . . . A 2 . . . A 0 . . . A 0 A 1 . . . A 1 A 2 . . . A 2 . . . 31 / 444

  12. Stutter equivalence for paths stutter5.4-stutter-equiv-paths stutter equivalence for infinite path fragments: ∆ ∆ ∆ π 1 = π 2 π 1 π 1 = π 2 = π 2 iff there exists an infinite word 2 AP � ω s.t. the 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ traces of π 1 π 1 π 1 and π 2 π 2 π 2 are of the form A n 0 A n 0 A n 0 0 A n 1 0 A n 1 0 A n 1 1 A n 2 1 A n 2 1 A n 2 2 . . . 2 . . . 2 . . . n 0 , n 1 , n 2 , . . . ≥ 1 where n 0 , n 1 , n 2 , . . . n 0 , n 1 , n 2 , . . . are natural numbers ≥ 1 ≥ 1 32 / 444

  13. Stutter equivalence for paths stutter5.4-stutter-equiv-paths stutter equivalence for infinite path fragments: ∆ ∆ ∆ π 1 = π 2 π 1 π 1 = π 2 = π 2 iff there exists an infinite word 2 AP � ω s.t. the 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ traces of π 1 π 1 π 1 and π 2 π 2 π 2 are of the form A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . 33 / 444

  14. Stutter equivalence for paths stutter5.4-stutter-equiv-paths stutter equivalence for infinite path fragments: ∆ ∆ ∆ π 1 = π 2 π 1 π 1 = π 2 = π 2 iff there exists an infinite word 2 AP � ω s.t. the 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ traces of π 1 π 1 π 1 and π 2 π 2 π 2 are of the form A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . stutter equivalence for finite path fragments: ∆ ∆ ∆ π 1 ˆ π 1 π 1 ˆ ˆ = ˆ = ˆ = ˆ π 2 π 2 π 2 iff there exists a finite word 2 AP � + s.t. 2 AP � + 2 AP � + � � � A 0 A 1 A 2 . . . A n ∈ A 0 A 1 A 2 . . . A n ∈ A 0 A 1 A 2 . . . A n ∈ the traces of ˆ π 1 π 1 ˆ ˆ π 1 and ˆ π 2 π 2 ˆ ˆ π 2 are in A 0+ A 1+ A 2+ . . . A n + A 0+ A 1+ A 2+ . . . A n + A 0+ A 1+ A 2+ . . . A n + 34 / 444

  15. Stutter trace relations for TS stutter5.4-5 stutter equivalence for infinite path fragments: ∆ ∆ ∆ π 1 = π 2 π 1 π 1 = π 2 = π 2 iff there exists an infinite word 2 AP � ω s.t. the 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ traces of π 1 π 1 π 1 and π 2 π 2 π 2 are of the form A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . 35 / 444

  16. Stutter trace relations for TS stutter5.4-5 stutter equivalence for infinite path fragments: ∆ ∆ ∆ π 1 = π 2 π 1 π 1 = π 2 = π 2 iff there exists an infinite word 2 AP � ω s.t. the 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ traces of π 1 π 1 π 1 and π 2 π 2 π 2 are of the form A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . stutter trace inclusion for transition systems: T 1 � T 2 T 1 � T 2 T 1 � T 2 iff for all paths π 1 π 1 π 1 of T 1 T 1 T 1 there exists a path π 2 π 2 of T 2 π 2 T 2 T 2 ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 36 / 444

  17. Example: stutter trace inclusion � � � stutter5.4-5-ex T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 = ∅ = ∅ = ∅ = { a } = { a } = { a } = { b } = { b } = { b } 37 / 444

  18. Example: stutter trace inclusion � � � stutter5.4-5-ex T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 = ∅ = ∅ = ∅ � � � = { a } = { a } = { a } = { b } = { b } = { b } 38 / 444

  19. Example: stutter trace inclusion � � � stutter5.4-5-ex T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 = ∅ = ∅ = ∅ � � � = { a } = { a } = { a } = { b } = { b } = { b } ( ∅ + { b } + { a } + ) ω all traces have the form ( ∅ + { b } + { a } + ) ω ( ∅ + { b } + { a } + ) ω or ( ∅ + { b } + { a } + ) ∗ ∅ ω ( ∅ + { b } + { a } + ) ∗ ∅ ω ( ∅ + { b } + { a } + ) ∗ ∅ ω 39 / 444

  20. Stutter trace inclusion and LTL stutter5.4-5-LTL T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 Does stutter trace inclusion preserve LTL properties? 40 / 444

  21. Stutter trace inclusion and LTL stutter5.4-5-LTL T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 Does stutter trace inclusion preserve LTL properties? � � �       ϕ i.e., for all LTL formulas ϕ ϕ : T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ 41 / 444

  22. Stutter trace inclusion and LTL stutter5.4-5-LTL T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 Does stutter trace inclusion preserve LTL properties? � � �       ϕ i.e., for all LTL formulas ϕ ϕ : T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ answer: no 42 / 444

  23. Stutter trace inclusion and LTL stutter5.4-5-LTL T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 Does stutter trace inclusion preserve LTL properties? � � �       ϕ i.e., for all LTL formulas ϕ ϕ : T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ answer: no Example: LTL formulas of the form � a � a � a 43 / 444

  24. Stutter trace inclusion and LTL \� \� \� stutter5.4-5-thm T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 Let T 1 T 1 T 1 and T 2 T 2 T 2 are TS without terminal states and ϕ ϕ ϕ an LTL \� \� formula. Then: \� T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ 44 / 444

  25. Stutter trace inclusion and LTL \� \� \� stutter5.4-5-thm T 1 � T 2 T 1 � T 2 T 1 � T 2 iff ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∆ ∆ ∆ s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 Let T 1 T 1 T 1 and T 2 T 2 T 2 are TS without terminal states and ϕ ϕ ϕ an LTL \� \� formula. Then: \� T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ where LTL \� \� = = = LTL without the next operator � � � \� 45 / 444

  26. ∆ ∆ ∆ = Stutter trace equivalence = = for TS stutter5.4-5a 46 / 444

  27. ∆ ∆ ∆ = Stutter trace equivalence = = for TS stutter5.4-5a stutter trace inclusion T 1 � T 2 T 1 � T 2 T 1 � T 2 ∆ ∆ ∆ ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 47 / 444

  28. ∆ ∆ ∆ = Stutter trace equivalence = = for TS stutter5.4-5a stutter trace inclusion T 1 � T 2 T 1 � T 2 T 1 � T 2 ∆ ∆ ∆ ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 stutter trace equivalence ∆ ∆ ∆ T 1 T 1 T 1 = T 2 = T 2 = T 2 iff T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 � T 1 T 2 � T 1 T 2 � T 1 48 / 444

  29. ∆ ∆ ∆ = Stutter trace equivalence = = for TS stutter5.4-5a stutter trace inclusion T 1 � T 2 T 1 � T 2 T 1 � T 2 ∆ ∆ ∆ ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 stutter trace equivalence ∆ ∆ ∆ T 1 T 1 T 1 = T 2 = T 2 = T 2 iff T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 � T 1 T 2 � T 1 T 2 � T 1 � � �    kernel of � � � , i.e., coarsest equivalence that refines � � � 49 / 444

  30. ∆ ∆ ∆ = Stutter trace equivalence = = for TS stutter5.4-5a stutter trace inclusion T 1 � T 2 T 1 � T 2 T 1 � T 2 ∆ ∆ ∆ ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 For all LTL \� \� formulas ϕ ϕ ϕ : \� T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ stutter trace equivalence ∆ ∆ ∆ T 1 T 1 T 1 = T 2 = T 2 = T 2 iff T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 � T 1 T 2 � T 1 T 2 � T 1 � � �    kernel of � � � , i.e., coarsest equivalence that refines � � � 50 / 444

  31. ∆ ∆ ∆ = Stutter trace equivalence = = for TS stutter5.4-5a stutter trace inclusion T 1 � T 2 T 1 � T 2 T 1 � T 2 ∆ ∆ ∆ ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∀ π 1 ∈ Paths ( T 1 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) ∃ π 2 ∈ Paths ( T 2 ) s.t. π 1 π 1 π 1 = π 2 = π 2 = π 2 For all LTL \� \� formulas ϕ ϕ ϕ : \� T 1 � T 2 T 1 � T 2 T 1 � T 2 ∧ ∧ ∧ T 2 | T 2 | T 2 | = ϕ = ϕ = ϕ implies T 1 | T 1 | T 1 | = ϕ = ϕ = ϕ stutter trace equivalence ∆ ∆ ∆ T 1 T 1 T 1 = T 2 = T 2 = T 2 iff T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 � T 1 T 2 � T 1 T 2 � T 1 ∆ ∆ ∆ If T 1 T 1 T 1 = T 2 = T 2 = T 2 then T 1 T 1 T 1 and T 2 T 2 T 2 are LTL \� \� equivalent. \� 51 / 444

  32. Correct or wrong? stutter5.4-13a ∆ ∆ ∆ = = = 52 / 444

  33. Correct or wrong? stutter5.4-13a ∆ ∆ ∆ = = = correct 53 / 444

  34. Correct or wrong? stutter5.4-13a ∆ ∆ ∆ = = = correct T 2 have the form • + + • + + or • ω ω ω + + The traces of T 1 T 1 T 1 and T 2 T 2 54 / 444

  35. Correct or wrong? stutter5.4-13a ∆ ∆ ∆ = = = correct T 2 have the form • + + • + + or • ω ω ω + + The traces of T 1 T 1 T 1 and T 2 T 2 ∆ ∆ ∆ = = = 55 / 444

  36. Correct or wrong? stutter5.4-13a ∆ ∆ ∆ = = = correct T 2 have the form • + + • + + or • ω ω ω + + The traces of T 1 T 1 T 1 and T 2 T 2 wrong ∆ ∆ ∆ = = = 56 / 444

  37. Correct or wrong? stutter5.4-13a ∆ ∆ ∆ = = = correct T 2 have the form • + + • + + or • ω ω ω + + The traces of T 1 T 1 T 1 and T 2 T 2 wrong ∆ ∆ ∆ = = = T 1 has a finite trace • + + • , while T 2 + T 1 T 2 T 1 T 2 has not 57 / 444

  38. Correct or wrong? stutter5.4-13b If T 1 T 1 T 1 and T 2 T 2 T 2 are TS over AP AP AP then: ∆ ∆ ∆ T 1 ∼ T 2 T 1 = T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies T 1 T 1 = T 2 = T 2 58 / 444

  39. Correct or wrong? stutter5.4-13b If T 1 T 1 T 1 and T 2 T 2 T 2 are TS over AP AP AP then: ∆ ∆ ∆ T 1 ∼ T 2 T 1 = T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies T 1 T 1 = T 2 = T 2 ր տ ր ր տ տ bisimulation stutter trace equivalence equivalence 59 / 444

  40. Correct or wrong? stutter5.4-13b If T 1 T 1 T 1 and T 2 T 2 T 2 are TS over AP AP AP then: ∆ ∆ ∆ T 1 ∼ T 2 T 1 = T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies T 1 T 1 = T 2 = T 2 ր տ ր ր տ տ bisimulation stutter trace equivalence equivalence correct 60 / 444

  41. Correct or wrong? stutter5.4-13b If T 1 T 1 T 1 and T 2 T 2 T 2 are TS over AP AP AP then: ∆ ∆ ∆ T 1 ∼ T 2 T 1 = T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies T 1 T 1 = T 2 = T 2 ր տ ր ր տ տ bisimulation stutter trace equivalence equivalence correct , as • T 1 ∼ T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies Traces ( T 1 ) = Traces ( T 2 ) Traces ( T 1 ) = Traces ( T 2 ) Traces ( T 1 ) = Traces ( T 2 ) • trace equivalent paths are stutter trace equivalent 61 / 444

  42. Correct or wrong? stutter5.4-13b If T 1 T 1 T 1 and T 2 T 2 T 2 are TS over AP AP AP then: ∆ ∆ ∆ T 1 ∼ T 2 T 1 = T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies T 1 T 1 = T 2 = T 2 ր տ ր ր տ տ bisimulation stutter trace equivalence equivalence correct , as • T 1 ∼ T 2 T 1 ∼ T 2 T 1 ∼ T 2 implies Traces ( T 1 ) = Traces ( T 2 ) Traces ( T 1 ) = Traces ( T 2 ) Traces ( T 1 ) = Traces ( T 2 ) • trace equivalent paths are stutter trace equivalent obviously: Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) Traces ( T 1 ) ⊆ Traces ( T 2 ) implies T 1 � T 2 T 1 � T 2 T 1 � T 2 62 / 444

  43. Stutter-insensitive LT properties stutter5.4-st-ins-prop 63 / 444

  44. Stutter-insensitive LT properties stutter5.4-st-ins-prop stutter equivalence for infinite words 64 / 444

  45. Stutter-insensitive LT properties stutter5.4-st-ins-prop 2 AP � ω 2 AP � ω 2 AP � ω : � � � stutter equivalence for infinite words σ 1 σ 1 σ 1 , σ 2 ∈ σ 2 ∈ σ 2 ∈ 65 / 444

  46. Stutter-insensitive LT properties stutter5.4-st-ins-prop 2 AP � ω 2 AP � ω 2 AP � ω : � � � stutter equivalence for infinite words σ 1 σ 1 σ 1 , σ 2 ∈ σ 2 ∈ σ 2 ∈ ∆ ∆ ∆ σ 1 = σ 2 σ 1 σ 1 = σ 2 = σ 2 iff there exists an infinite word 2 AP � ω s.t. σ 1 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ σ 1 σ 1 and σ 2 σ 2 σ 2 A 0+ A 1+ A 2+ . . . are in A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . 66 / 444

  47. Stutter-insensitive LT properties stutter5.4-st-ins-prop 2 AP � ω 2 AP � ω : 2 AP � ω � � � stutter equivalence for infinite words σ 1 σ 1 , σ 2 ∈ σ 1 σ 2 ∈ σ 2 ∈ ∆ ∆ ∆ σ 1 = σ 2 σ 1 σ 1 = σ 2 = σ 2 iff there exists an infinite word 2 AP � ω s.t. σ 1 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ σ 1 σ 1 and σ 2 σ 2 σ 2 A 0+ A 1+ A 2+ . . . are in A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . 2 AP � ω be an LT property. E 2 AP � ω 2 AP � ω � � � Let E ⊆ E ⊆ E ⊆ E E is called 2 AP � ω 2 AP � ω 2 AP � ω : � � � stutter-insensitive iff for all σ 1 σ 1 , σ 2 ∈ σ 1 σ 2 ∈ σ 2 ∈ ∆ ∆ ∆ if σ 1 ∈ E σ 1 ∈ E σ 1 ∈ E and σ 1 σ 1 σ 1 = σ 2 = σ 2 = σ 2 then σ 2 ∈ E σ 2 ∈ E σ 2 ∈ E 67 / 444

  48. Stutter-insensitive LT properties stutter5.4-st-ins-prop 2 AP � ω 2 AP � ω 2 AP � ω : � � � stutter equivalence for infinite words σ 1 σ 1 σ 1 , σ 2 ∈ σ 2 ∈ σ 2 ∈ ∆ ∆ ∆ σ 1 = σ 2 σ 1 σ 1 = σ 2 = σ 2 iff there exists an infinite word 2 AP � ω s.t. σ 1 2 AP � ω 2 AP � ω � � � A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ A 0 A 1 A 2 . . . ∈ σ 1 σ 1 and σ 2 σ 2 σ 2 A 0+ A 1+ A 2+ . . . are in A 0+ A 1+ A 2+ . . . A 0+ A 1+ A 2+ . . . 2 AP � ω be an LT property. E 2 AP � ω 2 AP � ω � � � Let E ⊆ E ⊆ E ⊆ E E is called 2 AP � ω 2 AP � ω 2 AP � ω : � � � stutter-insensitive iff for all σ 1 σ 1 , σ 2 ∈ σ 1 σ 2 ∈ σ 2 ∈ ∆ ∆ ∆ if σ 1 ∈ E σ 1 ∈ E σ 1 ∈ E and σ 1 σ 1 σ 1 = σ 2 = σ 2 = σ 2 then σ 2 ∈ E σ 2 ∈ E σ 2 ∈ E Example: if ϕ ϕ ϕ is an LTL \� \� formula then \� E = Words ( ϕ ) E = Words ( ϕ ) E = Words ( ϕ ) is stutter-insensitive 68 / 444

  49. Stutter-insensitive LT properties stutter5.4-st-ins-prop Let T 1 T 1 T 1 , T 2 T 2 T 2 be two TS and E E E a stutter-insensitive LT-property. Then: T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 | T 2 | T 2 | = E = E = E implies T 1 | T 1 | T 1 | = E = E = E 69 / 444

  50. Stutter-insensitive LT properties stutter5.4-st-ins-prop Let T 1 T 1 T 1 , T 2 T 2 T 2 be two TS and E E E a stutter-insensitive LT-property. Then: T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 | T 2 | T 2 | = E = E = E implies T 1 | T 1 | T 1 | = E = E = E Let T 1 T 1 T 1 , T 2 T 2 T 2 be two TS and ϕ ϕ ϕ an LTL \� \� formula. \� T 1 � T 2 T 2 | = ϕ T 1 | = ϕ T 1 � T 2 T 1 � T 2 and T 2 | T 2 | = ϕ = ϕ implies T 1 | T 1 | = ϕ = ϕ 70 / 444

  51. Stutter-insensitive LT properties stutter5.4-st-ins-prop Let T 1 T 1 T 1 , T 2 T 2 T 2 be two TS and E E E a stutter-insensitive LT-property. Then: T 1 � T 2 T 1 � T 2 T 1 � T 2 and T 2 | T 2 | T 2 | = E = E = E implies T 1 | T 1 | T 1 | = E = E = E Let T 1 T 1 T 1 , T 2 T 2 be two TS and ϕ T 2 ϕ an LTL \� ϕ \� formula. \� T 1 � T 2 T 2 | = ϕ T 1 | = ϕ T 1 � T 2 T 1 � T 2 and T 2 | T 2 | = ϕ = ϕ implies T 1 | T 1 | = ϕ = ϕ remind: if ϕ ϕ ϕ is an LTL \� \� formula then \� E = Words ( ϕ ) E = Words ( ϕ ) E = Words ( ϕ ) is stutter-insensitive 71 / 444

  52. Overview overview7.4a Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic (CTL) Equivalences and Abstraction bisimulation, CTL/CTL*-equivalence computing the bisimulation quotient abstraction stutter steps stutter LT relations stutter bisimulation ← ← ← − − − simulation relations 72 / 444

  53. Stutter bisimulation stutter5.4-def-stutter-bis 73 / 444

  54. Stutter bisimulation stutter5.4-def-stutter-bis Let T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) be a TS, possibly with terminal states. 74 / 444

  55. Stutter bisimulation stutter5.4-def-stutter-bis Let T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) be a TS, possibly with terminal states. T A stutter bisimulation for T T is .... 75 / 444

  56. Stutter bisimulation stutter5.4-def-stutter-bis Let T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) be a TS, possibly with terminal states. T R A stutter bisimulation for T T is a binary relation R R on S S S s.t. 76 / 444

  57. Stutter bisimulation stutter5.4-def-stutter-bis Let T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) be a TS, possibly with terminal states. T R A stutter bisimulation for T T is a binary relation R R ( s 1 , s 2 ) ∈ R on S S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) labeling condition (2) simulation condition up to stuttering “ s 2 s 2 s 2 can mimick all transitions of of s 1 s 1 s 1 ” (3) simulation condition up to stuttering “ s 1 s 1 s 1 can mimick all transitions of of s 2 s 2 s 2 ” 77 / 444

  58. Stutter bisimulation stutter5.4-def-stutter-bis Let T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) be a TS, possibly with terminal states. T R A stutter bisimulation for T T is a binary relation R R ( s 1 , s 2 ) ∈ R on S S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : L ( s 1 ) = L ( s 2 ) (1) labeling condition: L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) (2) simulation condition up to stuttering “ s 2 s 2 s 2 can mimick all transitions of of s 1 s 1 s 1 ” (3) simulation condition up to stuttering “ s 1 s 1 s 1 can mimick all transitions of of s 2 s 2 s 2 ” 78 / 444

  59. Stutter bisimulation stutter5.4-def-stutter-bis Let T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) T = ( S , Act , → , S 0 , AP , L ) be a TS, possibly with terminal states. T R A stutter bisimulation for T T is a binary relation R R ( s 1 , s 2 ) ∈ R on S S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : L ( s 1 ) = L ( s 2 ) (1) labeling condition: L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) (2) simulation condition up to stuttering “ s 2 s 2 s 2 can mimick all transitions of of s 1 s 1 s 1 ” (3) simulation condition up to stuttering “ s 1 s 1 s 1 can mimick all transitions of of s 2 s 2 s 2 ” 79 / 444

  60. Simulation condition stutter5.4-def-stutter-bis A stutter bisimulation for T T T is a binary relation R R R on S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : ( s 1 , s 2 ) ∈ R S . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s 1 - R R - s 2 R s 1 s 2 s 1 s 2 s ′ s ′ s ′ 1 1 1 80 / 444

  61. Simulation condition stutter5.4-def-stutter-bis A stutter bisimulation for T T T is a binary relation R R R on S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : ( s 1 , s 2 ) ∈ R S . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s 1 - R R R - s 2 s 1 s 2 s 1 s 2 s ′ s ′ s ′ 1 1 1 with ( s ′ ( s ′ ( s ′ 1 , s 2 ) / 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R ∈ R 81 / 444

  62. Simulation condition stutter5.4-def-stutter-bis A stutter bisimulation for T T T is a binary relation R R R on S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : S . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s 1 - R R R - s 2 s 1 - R R - s 2 R s 1 s 2 s 1 s 2 s 1 s 2 s 1 s 2 can be u 1 u 1 u 1 completed to s ′ s ′ s ′ . . . 1 1 1 . . . . . . u n u n u n with ( s ′ ( s ′ ( s ′ 1 , s 2 ) / 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R ∈ R s ′ s ′ s ′ s ′ s ′ s ′ - R R R - 1 2 1 1 2 2 82 / 444

  63. Simulation condition stutter5.4-def-stutter-bis A stutter bisimulation for T T T is a binary relation R R R on S S s.t. for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : S . . . . . . . . . . . . . . . . . . (2) simulation condition up to stuttering s 1 - R R R - s 2 s 1 - R R - s 2 R s 1 s 2 s 1 s 2 s 1 s 2 s 1 s 2 can be u 1 u 1 u 1 completed to s ′ s ′ s ′ . . . 1 1 1 . . . s 1 - R - u i s 1 - R - u i s 1 - R - u i . . . u n u n u n with ( s ′ ( s ′ ( s ′ 1 , s 2 ) / 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R ∈ R s ′ s ′ s ′ s ′ s ′ s ′ - R R R - 1 2 1 1 2 2 83 / 444

  64. Stutter bisimulation for a TS stutter5.4-stbis Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T T is a binary relation R R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) s 1 → s ′ ( s ′ for each transition s 1 → s ′ s 1 → s ′ 1 with ( s ′ ( s ′ 1 , s 2 ) / ∈ R (2) 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R 1 1 s 2 u 1 u 2 . . . u n s ′ there exists a path fragment s 2 u 1 u 2 . . . u n s ′ s 2 u 1 u 2 . . . u n s ′ 2 2 2 . . . s.t. . . . . . . (3) . . . . . . . . . 84 / 444

  65. Stutter bisimulation for a TS stutter5.4-stbis Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T T is a binary relation R R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) s 1 → s ′ ( s ′ for each transition s 1 → s ′ s 1 → s ′ 1 with ( s ′ ( s ′ 1 , s 2 ) / ∈ R (2) 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R 1 1 s 2 u 1 u 2 . . . u n s ′ there exists a path fragment s 2 u 1 u 2 . . . u n s ′ s 2 u 1 u 2 . . . u n s ′ 2 2 2 n ≥ 0 ( s 1 , u i ) ∈ R 1 ≤ i ≤ n s.t. n ≥ 0 n ≥ 0 and ( s 1 , u i ) ∈ R ( s 1 , u i ) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n (3) . . . . . . . . . 85 / 444

  66. Stutter bisimulation for a TS stutter5.4-stbis Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T T is a binary relation R R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) s 1 → s ′ ( s ′ for each transition s 1 → s ′ s 1 → s ′ 1 with ( s ′ ( s ′ 1 , s 2 ) / ∈ R (2) 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R 1 1 s 2 u 1 u 2 . . . u n s ′ there exists a path fragment s 2 u 1 u 2 . . . u n s ′ s 2 u 1 u 2 . . . u n s ′ 2 2 2 n ≥ 0 ( s 1 , u i ) ∈ R 1 ≤ i ≤ n s.t. n ≥ 0 n ≥ 0 and ( s 1 , u i ) ∈ R ( s 1 , u i ) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n (3) symmetric condition 86 / 444

  67. Stutter bisimulation for a TS stutter5.4-stbis Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T T is a binary relation R R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) L ( s 1 ) = L ( s 2 ) s 1 → s ′ ( s ′ for each transition s 1 → s ′ s 1 → s ′ 1 with ( s ′ ( s ′ 1 , s 2 ) / ∈ R (2) 1 , s 2 ) / 1 , s 2 ) / ∈ R ∈ R 1 1 s 2 u 1 u 2 . . . u n s ′ there exists a path fragment s 2 u 1 u 2 . . . u n s ′ s 2 u 1 u 2 . . . u n s ′ 2 2 2 n ≥ 0 ( s 1 , u i ) ∈ R 1 ≤ i ≤ n s.t. n ≥ 0 n ≥ 0 and ( s 1 , u i ) ∈ R ( s 1 , u i ) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n for each transition s 2 → s ′ s 2 → s ′ s 2 → s ′ 2 with ( s 1 , s ′ ( s 1 , s ′ ( s 1 , s ′ (3) 2 ) / 2 ) / 2 ) / ∈ R ∈ R ∈ R 2 2 there exists a path fragment s 1 v 1 v 2 . . . v n s ′ s 1 v 1 v 2 . . . v n s ′ s 1 v 1 v 2 . . . v n s ′ 1 1 1 n ≥ 0 ( v i , s 2 ) ∈ R 1 ≤ i ≤ n s.t. n ≥ 0 n ≥ 0 and ( v i , s 2 ) ∈ R ( v i , s 2 ) ∈ R for 1 ≤ i ≤ n 1 ≤ i ≤ n 87 / 444

  68. ≈ T Stutter bisimulation equivalence ≈ T ≈ T stutter5.4-def-approx 88 / 444

  69. ≈ T Stutter bisimulation equivalence ≈ T ≈ T stutter5.4-def-approx Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T is a binary relation R T R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) labeling condition (2) and (3) mutual simulation condition 89 / 444

  70. ≈ T Stutter bisimulation equivalence ≈ T ≈ T stutter5.4-def-approx Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T T is a binary relation R R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : (1) labeling condition (2) and (3) mutual simulation condition stutter bisimulation equivalence ≈ T ≈ T ≈ T : 90 / 444

  71. ≈ T Stutter bisimulation equivalence ≈ T ≈ T stutter5.4-def-approx Let T T T be a transition system wih state space S S S . A stutter bisimulation for T T T is a binary relation R R R on S S S such that for all ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R : ( s 1 , s 2 ) ∈ R (1) labeling condition (2) and (3) mutual simulation condition stutter bisimulation equivalence ≈ T ≈ T ≈ T : s 1 ≈ T s 2 s 1 ≈ T s 2 s 1 ≈ T s 2 iff there exists a stutter bisimulation R R R for T T T s.t. ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R 91 / 444

  72. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 92 / 444

  73. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 symmetry: if s 1 ≈ T s 2 s 1 ≈ T s 2 s 1 ≈ T s 2 then s 2 ≈ T s 1 s 2 ≈ T s 1 s 2 ≈ T s 1 93 / 444

  74. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 s 1 ≈ T s 2 s 2 ≈ T s 1 symmetry: if s 1 ≈ T s 2 s 1 ≈ T s 2 then s 2 ≈ T s 1 s 2 ≈ T s 1 proof: R ( s 1 , s 2 ) ∈ R if R R is a stutter bisimulation with ( s 1 , s 2 ) ∈ R ( s 1 , s 2 ) ∈ R then R − 1 = R − 1 = R − 1 = � � � � � � ( t 2 , t 1 ) : ( t 1 , t 2 ) ∈ R ( t 2 , t 1 ) : ( t 1 , t 2 ) ∈ R ( t 2 , t 1 ) : ( t 1 , t 2 ) ∈ R is a stutter bisimulation that contains ( s 2 , s 1 ) ( s 2 , s 1 ) ( s 2 , s 1 ). 94 / 444

  75. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 symmetry: if s 1 ≈ T s 2 s 1 ≈ T s 2 s 1 ≈ T s 2 then s 2 ≈ T s 1 s 2 ≈ T s 1 s 2 ≈ T s 1 s ≈ T s reflexivity: s ≈ T s s ≈ T s for all states s s s 95 / 444

  76. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 symmetry: if s 1 ≈ T s 2 s 1 ≈ T s 2 s 1 ≈ T s 2 then s 2 ≈ T s 1 s 2 ≈ T s 1 s 2 ≈ T s 1 s ≈ T s reflexivity: s ≈ T s s ≈ T s for all states s s s proof: � � � � � � R = ( s , s ) : s ∈ S R = R = ( s , s ) : s ∈ S ( s , s ) : s ∈ S is a stutter bisimulation 96 / 444

  77. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 symmetry: if s 1 ≈ T s 2 s 1 ≈ T s 2 s 1 ≈ T s 2 then s 2 ≈ T s 1 s 2 ≈ T s 1 s 2 ≈ T s 1 s ≈ T s reflexivity: s ≈ T s s ≈ T s for all states s s s s 1 ≈ T s 2 s 2 ≈ T s 3 s 1 ≈ T s 3 transitivity: s 1 ≈ T s 2 s 1 ≈ T s 2 and s 2 ≈ T s 3 s 2 ≈ T s 3 implies s 1 ≈ T s 3 s 1 ≈ T s 3 97 / 444

  78. ≈ T ≈ T ≈ T is an equivalence stutter5.4-10 symmetry: if s 1 ≈ T s 2 s 1 ≈ T s 2 s 1 ≈ T s 2 then s 2 ≈ T s 1 s 2 ≈ T s 1 s 2 ≈ T s 1 s ≈ T s reflexivity: s ≈ T s s ≈ T s for all states s s s s 1 ≈ T s 2 s 2 ≈ T s 3 s 1 ≈ T s 3 transitivity: s 1 ≈ T s 2 s 1 ≈ T s 2 and s 2 ≈ T s 3 s 2 ≈ T s 3 implies s 1 ≈ T s 3 s 1 ≈ T s 3 Proof: Let R 1 , 2 R 1 , 2 R 1 , 2 and R 2 , 3 R 2 , 3 R 2 , 3 be stutter bisimulations s.t. ( s 1 , s 2 ) ∈ R 1 , 2 , ( s 2 , s 3 ) ∈ R 2 , 3 ( s 1 , s 2 ) ∈ R 1 , 2 , ( s 2 , s 3 ) ∈ R 2 , 3 ( s 1 , s 2 ) ∈ R 1 , 2 , ( s 2 , s 3 ) ∈ R 2 , 3 R = R 1 , 2 ◦ R 2 , 3 Show that R = R 1 , 2 ◦ R 2 , 3 R = R 1 , 2 ◦ R 2 , 3 is a stutter bisimulation. 98 / 444

  79. s 1 s 1 s 1 R 1 , 2 s 2 s 2 s 2 R 2 , 3 s 3 s 3 s 3 R 1 , 2 R 1 , 2 R 2 , 3 R 2 , 3 s ′ s ′ s ′ 1 1 1 99 / 444

  80. s 1 s 1 s 1 R 1 , 2 s 2 s 2 s 2 R 2 , 3 s 3 s 3 s 3 R 1 , 2 R 1 , 2 R 2 , 3 R 2 , 3 u 1 u 1 u 1 . . . . . . . . . u j − 1 u j − 1 u j − 1 u j u j u j . . . . . . . . . u k − 1 u k − 1 u k − 1 u k u k u k . . . . . . . . . u m u m u m s ′ s ′ s ′ s ′ s ′ s ′ R 1 , 2 R 1 , 2 R 1 , 2 1 2 1 1 2 2 100 / 444

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2 Coin and card meters OVERVIEW PRESENTATION / 3 Making garages work better OVERVIEW PRESENTATION / 4 User interface and customer experience OVERVIEW

1.3k views • 24 slides
OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF park overview OVERVIEW PRESENTATION / 3 Coin and card meters OVERVIEW PRESENTATION / 4 Improving the customer experience at garages OVERVIEW

567 views • 25 slides
GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

National Taiwan University Department of Computer Science and Information Engineering GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin Phone Lin Ph.D. Ph.D. Email: plin@csie.ntu.edu.tw Email:

686 views • 41 slides
i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

LGE UNICAMP The m i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW The m i c r o g u a r d ETHANOL s OVERVIEW The m i c Ideal conditions r o g Costs-benefits u a r d

1.39k views • 59 slides
Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95# Commissioner --BRYC Firefighter II, EMT-B, HTR & HZMT Tech City of Alexandria Fire and EMS Overview Overview Hyperthermia (Heat Related Injuries)

2.61k views • 31 slides
1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure Industry Business Model Hotels Overview Disclaimer This presentation does not constitute, or form any part of any offer for sale or subscription

808 views • 32 slides
HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview Project Overview Analysis Active Experimentation Question & Answer Team Overview Our Logo Our Tagline Our Mission Statement

1.09k views • 15 slides
Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four Dedicated Outbound Carriers MPF Meijer Private Fleet 111 stores serviced in Michigan, northern Ohio, and Indiana. NTB Nationwide Truck

865 views • 15 slides
HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team Overview Project Overview Analysis Active Experimentation Question & Answer Team Overview Our Logo Our Tagline Our

934 views • 15 slides
An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese Agriculture Agriculture Agriculture characteristics S mall holdings L imited resources and L and Fragmentation. 2 Maltese agriculture in figures

1.04k views • 15 slides
Library Conversations: Talking with Users University of Rochester Overview Overview Used

Library Conversations: Talking with Users University of Rochester Overview Overview Used

Rebecca Bichel December 7, 2007 Library Conversations: Talking with Users University of Rochester Overview Overview Used anthropological & ethnographic Overview Overview methods Guiding research question: What do students

941 views • 44 slides
.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries development and execution model Examine simple C# program 2 .NET Overview .NET is a sweeping marketing term for a family of products

388 views • 23 slides
1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce supply analysis Regional demand for workers i l d d f k Balancing supply and demand Reviewing key cluster trends Key challenges

533 views • 39 slides
EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a registered trademark of Future Designs, Inc . 1 Overview What is EZ? EZ RTOS Engine EZ Four Tier Hierarchy Reusable HAL and Device

600 views • 32 slides
Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues Related to Puerto Ricos Debt Restructuring by Sergio M. Marxuach Center for a New Economy February 25, 2020 CNE Puerto Ricos Think Tank

347 views • 13 slides
Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview

Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview

2018 Investor Tour INGENIA COMMUNITIES GROUP Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview Guidance Update Development Overview Latitude One Overview 2 Craig Shepherd, Project

247 views • 22 slides
CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University Design within the Context of Software Engineering 2 Drexel University Software Design Between

561 views • 28 slides
In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

Exhaustive search, backtracking, object-oriented Queens After today, you should be able to In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu Queens ens A taste of artificial intelligence

637 views • 19 slides
verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at ETH Security and Correctness Protocol-level properties - Path validity : Constructed paths are valid and reflect the routing decisions by on-path

294 views • 8 slides
C Session # 8 By: Saeed Haratian Fall 2015 Outlines Counter-Controlled Repetition

C Session # 8 By: Saeed Haratian Fall 2015 Outlines Counter-Controlled Repetition

Fundamentals of Programming C Session # 8 By: Saeed Haratian Fall 2015 Outlines Counter-Controlled Repetition Sentinel-Controlled Repetition Top-Down, Stepwise Refinement Counter-Controlled Repetition Consider the following

550 views • 25 slides
Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics System Institute Alpen-Adria University, Klagenfurt, Austria DeepSec 2017, Vienna Recent developments (since > 2014 ) 1. Socioeconomic 2.

246 views • 20 slides
Hybrid I/O Automata Nancy Lynch, MIT Roberto Segala, University of Verona Frits Vaandrager,

Hybrid I/O Automata Nancy Lynch, MIT Roberto Segala, University of Verona Frits Vaandrager,

Hybrid I/O Automata Nancy Lynch, MIT Roberto Segala, University of Verona Frits Vaandrager, University of Nijmegen http://www.cs.kun.nl/~fvaan I/O Automata (Lynch & Tuttle, 87; Jonsson 87) Purpose Formal model for

984 views • 61 slides
Search for More Declarativity Backward Reasoning for Rule Languages Reconsidered Simon Brodt

Search for More Declarativity Backward Reasoning for Rule Languages Reconsidered Simon Brodt

Motivation D&B-search Search & Partial Ordering Conclusion Search for More Declarativity Backward Reasoning for Rule Languages Reconsidered Simon Brodt Franois Bry Norbert Eisinger Institute for Informatics, University of Munich,

1.64k views • 142 slides
Architectural Styles Reid Holmes Lecture 5 - Tuesday, September 28 2010. Objectives What are

Architectural Styles Reid Holmes Lecture 5 - Tuesday, September 28 2010. Objectives What are

Material and some slide content from: - Emerson Murphy-Hill - Software Architecture: Foundations, Theory, and Practice - Essential Software Architecture Architectural Styles Reid Holmes Lecture 5 - Tuesday, September 28 2010. Objectives

554 views • 28 slides

More recommend