Transition System
- A transition systems is a tuple
A
=
<
S
,
S
0
,
T
,
α
,
β
>
\mathcal{A}=<S, S_0, T, \alpha, \beta>
A=<S,S0,T,α,β>, where
- S S S is a finite or infinite set of states,
- S 0 S_0 S0 is initial location
- T T T is a finite or infinite set of transitions,
- α \alpha α and β \beta β are two mapping from T T T to S S S which take each transition t t t in T T T to the two states α ( t ) \alpha(t) α(t) and β ( t ) \beta(t) β(t), respectively the source and the target of the transition t t t.
- A transition t t t with some source s s s and target s ′ s' s′ is written t : s → s ′ t: s→s' t:s→s′.
- Several transitions can have the same source and target.
- A transition system is finite if S S S and T T T are finite.
A path of length n n n, n > 0 n>0 n>0, in a transition system A \mathcal{A} A is a sequence of transitions t 1 , t 2 , ⋯ , t n t_1, t_2, ⋯, t_n t1,t2,⋯,tn,such that $∀i :1\leq i<n,\beta(t_i)=\alpha(t_{i+1}), $and α ( t 1 ) = S 0 \alpha(t_1)=S_0 α(t1)=S0
Similarly, an infinite path is an infinite sequence of transitions t 1 , t 2 , ⋯ , t n , ⋯ t_1, t_2, ⋯, t_n,⋯ t1,t2,⋯,tn,⋯ such that $∀i :1\leq i<n,\beta(t_i)=\alpha(t_{i+1}), $and α ( t 1 ) = S 0 \alpha(t_1)=S_0 α(t1)=S0
If ∃ t ∈ T ∃ t∈T ∃t∈T, α ( t ) = s ∩ β ( t ) = s ′ \alpha(t)=s \cap \beta(t)=s' α(t)=s∩β(t)=s′, we say s → s ′ s→s' s→s′, we define the generalized transition relation ↠ ⊆ S × A × S ↠⊆ S × A × S ↠⊆S×A×S such that
- If s → s ′ s→s' s→s′, s ↠ s ′ s↠s' s↠s′
- If s → s ′ s→s' s→s′, s ′ ↠ s ′ ′ s'↠s'' s′↠s′′, we say s ↠ s ′ ′ s↠s'' s↠s′′
Let A = < S , S 0 , T , α , β > \mathcal{A}=<S, S_0, T, \alpha, \beta> A=<S,S0,T,α,β> be a TS, we say s is reachable if s ∈ S s∈S s∈S, s 0 ∈ S 0 s_0∈S_0 s0∈S0, s 0 ↠ s s_0↠s s0↠s.
Let T T T be a transition system. A state s s s is a terminal state of T T T if there are no state s ′ s' s′ such that s → s ′ s→s' s→s′.
A state s s s is a deadlock state of T T T if s is reachable and terminal.
Write T + T^+ T+ for the set of finite paths and T w T^w Tw for the set of infinite paths. The mappings α \alpha α and β \beta β can be extended to T + T^+ T+ by defining $\alpha(t_1\dots t_n) = \alpha(t_1), \beta(t_1\dots t_n)=\beta(t_n) $
Similarly, the mapping α \alpha α is extended to T w T^w Tw by defining α ( t 1 … ) = α ( t 1 ) \alpha(t_1\dots) = \alpha(t_1) α(t1…)=α(t1)
A partial product over
T
+
T^+
T+ is defined as
if
c
=
t
1
…
t
n
c=t_1 …t_n
c=t1…tn is a path of length n, if
c
′
=
t
1
′
…
t
n
′
c'=t'_1 …t'_n
c′=t1′…tn′ is a path of length m, and if $\beta© = \alpha(c’) $
c
⋅
c
′
=
t
1
…
t
n
t
1
′
…
t
′
m
c\cdot c'= t_1…t_nt'_1…t′_m
c⋅c′=t1…tnt1′…t′m is a finite path of length n+m and
α
(
c
⋅
c
′
)
=
α
(
c
)
\alpha(c\cdot c')=\alpha(c)
α(c⋅c′)=α(c),
β
(
c
⋅
c
′
)
=
β
(
c
′
)
\beta(c\cdot c') =\beta(c')
β(c⋅c′)=β(c′).
Empty path: for each state s s s of S, define the empty path ε s ε_s εs of length zero, and α ε s ) = β ( ε s ) = s \alpha ε_s)=\beta(ε_s)=s αεs)=β(εs)=s.
A transition system labeled by an alphabet A is a 6-tuple
A
=
<
S
,
S
0
,
T
,
α
,
β
,
λ
>
\mathcal{A}=<S, S_0, T, \alpha, \beta, \lambda>
A=<S,S0,T,α,β,λ> where
A
=
<
S
,
S
0
,
T
,
α
,
β
>
\mathcal{A}=<S, S_0, T, \alpha, \beta>
A=<S,S0,T,α,β> is a transition system,
λ
\lambda
λ is a mapping from T to A taking each transition
t
t
t to its label
λ
(
t
)
\lambda(t)
λ(t).
Intuitively, the label of a transition indicates the action or event which triggers the transition.
If c = t 1 , t 2 ⋯ c = t_1, t_2⋯ c=t1,t2⋯, is a path in a labeled transition system, the sequence of actions t r a c e ( c ) trace(c) trace(c) = λ ( t 1 ) , λ ( t 2 ) ⋯ \lambda(t_1), \lambda(t_2)⋯ λ(t1),λ(t2)⋯ is called the trace of the path.
Transition system homomorphism
Definition:
Let
A
=
<
S
,
S
0
,
T
,
α
,
β
>
\mathcal{A}=<S, S_0, T, \alpha, \beta>
A=<S,S0,T,α,β> and
A
′
=
<
S
′
,
S
0
′
,
T
′
,
α
′
,
β
′
>
\mathcal{A'}=<S', S'_0, T', \alpha', \beta'>
A′=<S′,S0′,T′,α′,β′> be two transition systems. A homomorphism h from
A
\mathcal{A}
A to
A
′
\mathcal{A'}
A′ is a pair
(
h
σ
,
h
τ
)
(h_\sigma, h_\tau)
(hσ,hτ) of mappings
h
σ
:
S
→
S
′
h_\sigma: S→S'
hσ:S→S′,
h
τ
:
T
→
T
′
h_\tau: T→T'
hτ:T→T′
which satisfies, for every transition
t
t
t of
T
T
T:
α
′
(
h
τ
(
t
)
)
=
(
h
σ
α
(
t
)
)
\alpha'(h_\tau(t))=(h_\sigma \alpha(t))
α′(hτ(t))=(hσα(t))
β
′
(
h
τ
(
t
)
)
=
(
h
σ
β
(
t
)
)
\beta'(h_\tau(t))=(h_\sigma \beta(t))
β′(hτ(t))=(hσβ(t))
Labeled transition system homomorphism
Let
A
=
<
S
,
S
0
,
T
,
α
,
β
,
λ
>
\mathcal{A}=<S, S_0, T, \alpha, \beta, \lambda>
A=<S,S0,T,α,β,λ> and
A
′
=
<
S
′
,
S
0
′
,
T
′
,
α
′
,
β
′
,
λ
′
>
\mathcal{A'}=<S', S'_0, T', \alpha', \beta', \lambda'>
A′=<S′,S0′,T′,α′,β′,λ′> be two transition systems labeled by the same alphabet. A labeled transition system homomorphism from
A
\mathcal{A}
A to
A
′
\mathcal{A'}
A′ is a homomorphism
h
h
h which also satisfies the condition
λ
′
(
h
τ
(
t
)
)
=
λ
(
t
)
\lambda'(h_\tau(t))=\lambda(t)
λ′(hτ(t))=λ(t).
A homomorphism h is surjective if the two mappings h σ h_\sigma hσ and h τ h_\tau hτ are surjective. If h h h is a surjective homomorphism from A \mathcal{A} A to A ′ \mathcal{A'} A′, the transition system A ′ \mathcal{A'} A′ is the quotient of A \mathcal{A} A under h h h.
A TS strong isomorphism is a TS homomorphism where h σ h_\sigma hσ and h τ h_\tau hτ are bijective. In this case, the inverse mappings g = < h σ g=<h_\sigma g=<hσ, h τ > h_\tau> hτ> is itself a isomorphism.
If two TS are strong isomorphic, the only difference can be how they are named.
Isomorphic is a kind of equivalence.
If the isomorphism function is defined on r e a c h ( T ) reach(T) reach(T) = { s ∈ S ∣ s 0 ↠ s } \{s ∈ S | s_0↠s\} {s∈S∣s0↠s} , then we call these two systems weak isomorphic with each other.
Theorem:
If two transition systems are isomorphic, then they are weakly isomorphic.
Weak isomorphism is an equivalence relation.
Let T T T and T ′ T' T′ be two TS, a bisimulation between T T T and T ′ T' T′ is a binary relation B ⊆ S × S ′ B⊆S×S' B⊆S×S′ such that
- B ( s 0 , s 0 ′ ) B(s_0, s'_0) B(s0,s0′)
- If B ( s 1 , s 1 ′ ) B(s_1, s'_1) B(s1,s1′) and s 1 → s 2 s_1→s_2 s1→s2, then there is a s 2 ′ ∈ S ′ s'_2∈S' s2′∈S′ such that s 1 ′ → s 2 ′ s'_1→ s'_2 s1′→s2′and B ( s 2 , s 2 ′ ) B(s_2, s'_2) B(s2,s2′)
- If B ( s 1 , s 1 ′ ) B(s_1, s'_1) B(s1,s1′) and s 1 ′ → s 2 ′ s'_1→s'_2 s1′→s2′, then there is a s 2 ∈ S s_2∈S s2∈S such that s 1 → s 2 s_1→ s_2 s1→s2and B ( s 2 , s 2 ′ ) B(s_2, s'_2) B(s2,s2′)
T T T and T ′ T' T′ are bisimulation equivalent iff there exists a bisimulation between T T T and T ′ T' T′.
Strong Isomorphism: the transition systems are identical except for the names of the states.
Weak Isomorphism: the transition systems are strongly isomorphic provided that the transition systems are restricted to the reachable states.
Bisimulation Equivalence: the transition systems have the same behavior, and make choice at same time.
The free product of transition systems
The synchronous product of transition systems
When processes interact, not all possible global actions are useful, since the interaction is subject to communication and synchronization constraints.
The transition system associated with the system of processes must therefore be a subsystem of the free product of the component transition systems.
The synchronous product allows only those global transitions corresponding to action vectors included in the synchronization constraint.
Modeling sequential circuits
Model logical dynamical system
Model a Mutual Exclusion Protocol
State Space
The state space of a program can be captured by the valuations of the variables and the program counters
Each state of the program is a valuation of all the variables
CTL*
Temporal logic is a formalism for describing sequences of transitions between states in a reactive system.
Properties like eventually or never are specified using special temporal operators.
CTL* formulas
CTL* formulas describe properties of computation trees.
The computation tree shows all of the possible executions starting from the initial state.
Path quantifiers
- A ( for all computation path )
- E ( for some computation path )
Temporal operators
- X (next time) requires the property holds in the second state of the path
- F (finally) the property will hold at some state on the path
- G (globally) the property holds at every state on the path
- U (until) if there is a state on the path where the second property holds, at every preceding state, the first one holds
- R (release) the second property holds along the path up to and including the first state where the first property holds. However, the first property is not required to hold eventually
Two types of formulas in CTL*
- state formulas ( which are true in a special state )
- path formulas ( which are true along a special path )
Syntax of state formulas rules:
- if p ∈ A P p\in AP p∈AP, then p p p is sf
- if f f f and g g g are sf, ¬ f \lnot f ¬f, f ∧ g f\wedge g f∧g, f ∨ g f\vee g f∨g are sf
- if f f f is a pf, then E f Ef Ef and A f Af Af are sf
Syntax of path formulas
- if f f f is a sf, then f f f is also a pf
- if f f f and g g g are pf, ¬ f \lnot f ¬f, f ∧ g f\wedge g f∧g, f ∨ g f\vee g f∨g, X f, F f, G f, f U g and f R g are pf
- CTL* is the set of state formulas generated by the above rules
Semantics of CTL*
- if f f f is a sf, M , s ⊨ f M, s\vDash f M,s⊨f means that f f f holds at state s s s in the M
- if g g g is a pf, M , π ⊨ g M, π\vDash g M,π⊨g means that g g g holds along path π π π in the M
Two sublogics of CTL*
-
Branching-time logic
- The temporal operators quantify over the paths that are possible from a given state.
- Temporal operators must be immediately preceded by a path quantifier.
- if f f f and g g g are sf, X f Xf Xf, F f Ff Ff, G f Gf Gf, f U g fUg fUg and f R g fRg fRg are pf
- A ( F G p ) A(FGp) A(FGp)
-
Linear temporal logic
- operators are provided for describing events along a single computation path.
- LTL implicitly quantifies universally over paths.
- If p ∈ A P p\in AP p∈AP, then p p p is pf, A f Af Af where f f f is a pf
- A G ( E F p ) AG(EF p) AG(EFp)
Ten basic CTL operators:
- AX and EX
- AF and EF
- AG and EG
- AU and EU
- AR and ER
Express Properties
-
Safety: something bad will not happen
Usually: AG -
Liveness: something good will happen
Usually: AF -
Fairness: something is successful/allocated infinitely often.
Usually: AGAF
CTL and LTL have incomparable expressive power.
The choice between LTL and CTL depends on application and personal preferences.
http://www.cs.utexas.edu/users/moore/acl2/seminar/2010.05-19-krug/slides.pdf
http://www.inf.unibz.it/~artale/FM/slide4.pdf