Fixpoint Representation of CTL - PowerPoint PPT Presentation

1 / 17

About This Presentation

Title:

Fixpoint Representation of CTL

Description:

Number of Views:61

Avg rating:3.0/5.0

Slides: 18

Provided by: Technology9

Category:

Tags: ctl | discussion | fixpoint | provided | representation

Transcript and Presenter's Notes

Title: Fixpoint Representation of CTL

1
Fixpoint Representation of CTL
2
Basic lattice stuff

A set L is a lattice iff for each pair of
elements (e,f) there is a least upper bound (join
, e v f ) and a greatest lower bound (meet, e
f )
S a set (of states), P(S) is a lattice
meet is intersection, join is union
If S is from Kripke structure S is finite so
lattice P(S) has least element ( the empty set
(sometimes called False) ) and greatest element
(S (sometimes called True) )
Each S in P(S) can be thought of as a unary
predicate on S, true for exactly the s in S
A map from t P(S) -gt P(S) is called a predicate
transformer

For the remainder of these slides in our
discussion about sets, ltlt denotes subset, gtgt
denotes superset, v denotes union and denotes
intersection. Let t P(S) -gt P(S)
t is monotonic provided that P ltlt Q gt t(P) ltlt
t(Q)
t is v continuous provided that P1 ltlt P2 ltlt.
gt t(VPi) V t(Pi)
t is - continuous iff P1gtgt P2 gtgt gt t( Pi)
t(Pi)
Note for P(S) subset relation is often called
less than relation.
ti (Z) ( ti(Z) )denotes the i-fold composition
A fixpoint (fixed point or fix point) of a
function f on a lattice is an element P such that
f(P) P
(Tarski -Knaster) A monotonic predicate
transformer t on P(S) (or any finite lattice)
always has a least fixpoint, denoted uZ.t(Z), and
a greatest fixpoint denoted vZ.t(Z)

Each of the following lemmas have two assertions.
Only one assertion will be proved, the other
follows by replacing False by True, ltlt by gtgt,
and uZ by vZ and by v.
Lemma 1 If S is finite and t is monotonic then t
is
v-continuous and -continuous
Proof Reqd to show that if P1 ltlt P2 ltlt P3,
then t(vPi) v t(Pi)). Critical first step is to
note that Since S is finite there is i0 such that
for all jgt i0 Pj Pi0. Remainder of proof is in
notes from class
Lemma 2 If t is monotonic, then for every i
ti(False) ltlt t(i1)(False) and ti(True) gtgt
t(i1)(True)
Proof Start by noting that False ltlt t(False) (as
False is greatest lower bound)
Now proceed by induction in i, recalling that t
is monotone.

Lemma 3 If t is monotonic and S is finite then
there is an integer i0 such that if j gt, i0,
tj(False) ti0(False) and an integer i1 such
that if j gt, i1, tj(True) ti1(True)
Proof By Lemma 2, False ltlt t(False) ltlt t2(False)
ltlt. Since S is finite there is i0 such that tj
(False) ti0(False) all j lt, i0.
Lemma 4 If t is monotonic and S is finite then
there is an integer i0 such that uZ.t(Z)
ti0(False) and an integer j0 such that vZ.t(Z)
tj0 (True)
Proof By Tarski-Knaster theorem, if t is
monotonic and v-continuous, t has lfp (least
fixed point) uZ.t(Z) which is equal to v
ti(False). Result follows from Lemma 3. and
monotonicity.

7
(No Transcript)
8
(No Transcript)
9

Claim Let Q1,Q2,Q3, be all the fixed points of
-continuous map t, then Qi is the Lfp of t.
Proof Must show that Qi is a fixed point of t,
then since Qi ltlt Qi for all i, it follows that
it is the least among fixed points of t. But
t(Qi) t(Qi) Qi. (use continuity and
fixpoint properties)
Hence, if Q the Lfp of any t , it is a subset of
any fixed point of t

Show Lfp algorithm actually calculates the least
fixed point. Invariant for the loop is
Q t(Q) Q ltlt uZ.t(Z) ( since uZ,t(Z) v
ti(False) )
Lemma 2 says False ltlt t(False) ltlt t2(False) ltlt.
Max of iterations before loop terminates is at
most the number of elements in S (S) upon
termination, Q t(Q) and Q ltlt uZ.t(Z). Q is a
fixed point and uZ.t(Z) is lfp so uZ.t(Z) ltlt Q.
The 2 inequalities allow us to conclude Q
uZ.t(Z).

Why do we care?
If we identify a CTL formula f with the predicate
s M,s f in P(S) then each of the CTL
operators may be characterized as a least
fixpoint or greatest fixpoint of an associated
predicate transformer
AF f uZ. f v AX Z
EF f uZ. f v EX Z
AG f vZ. f AX Z
EG f vZ. f EX Z
A f U g uZ. g v (f AX Z)
E f U g uZ. g v (f EX Z)

Lemma 5 t(Z) f EX Z is monotonic
Proof Let P1 ltlt P2 show that t(P1) ltlt t(P2).
Let s in t(P1) then s f and exists s such that
(s,s) in R and s in P1. Since P1 ltlt P2, then
s f and exists s such that (s,s) in R and s
in P2. So s in t(P2)
Lemma 6 Let t(Z) f EX Z, and let ti0(True)
be the limit of the sequence True gtgtt(True)
gtgtt2(True) gtgt For every s in S if s in ti0(True)
then s f and there is s such that (s,s) in R
and s in ti0(True).
Proof Let s in ti0(True). Since ti0(True) is a
fixpoint of t, t(ti0(True)) ti0(True). Thus s
in t(ti0(True)). By definition of t, s f and
there is a path and whose next state s is in
ti0(True). Consequently there is s such that
(s,s) in R and s in ti0(True).

Lemma 7 EG f is a fixpoint of t(Z) f EX Z
Proof Required to show t(EG f) EG f, i.e.,
f EX EG f EG f. From definitions of show
If s EG f then s f EX EG f, and
If s f EX EG f then s EG f,
Lemma 8 EG f is the greatest fixpoint of t(Z) f
EX Z
Proof Because t is monotonic, by Lemma 1 it is
-continuous. By Tarski Knaster it is enough to
show that EG f ti(True).
Show (1) EG f ltlt ti(True) and (2) EG f gtgt
ti(True).
For (1) use induction to show that for all i gt,
0, EG f ltlt ti(True) result holds for i 0
assume EG f ltlt ti (True) by monotonicity of t,
t(EG f) ltlt ti1 (True) by Lemma 7 EG f is
fixpoint of t so EG f ltlt ti1 (True)
For (2) Let s in ti(True) use Lemma 6 to show
that s in EG f , i.e., s EG f (see easy proof
in text).

Lemma 9 E f U g is the least fixpoint of the
function t(Z) g v (f EX Z)
Proof sketch see Text details follow much as
for the above.
Least fixpoints correspond to eventualities while
greatest fixpoints correspond to properties that
should hold forever

16
(No Transcript)
17