Principles of Model Checking

Solutions to exercise class 2

Verication of regular linear time properties
Prof. Dr. Joost-Pieter Katoen, Dr. Taolue Chen, and Ir. Mark Timmer
September, 21, 2012
Problem 1
1. An NFA that accepts the set of minimal bad prexes:
q
0
q
1
q
2
q
3
(a b) c
(a b c) (a c)
a
b c
(b c)
a
c a
2. First we apply the TS / construction, which yields:
s
0
, q
1

s
3
, q
2

s
1
, q
2

s
4
, q
2

s
5
, q
3

1
A counterexample to TS [= P
safe
is given by the following initial path
fragment in TS /:

= s
0
, q
1
s
3
, q
2
s
1
, q
2
s
4
, q
2
s
5
, q
3

By projection on the state component, we get a path in the underlying

transition system TS:
= s
0
s
3
s
1
s
4
s
5
with trace () = a, ba, ca, b, ca, ca, b
Since

reaches q
3
(a nal state of /), trace () BadPref(P
safe
).
Hence, Traces
n
(TS) BadPref(P
safe
) ,= . By Lemma 3.25, this is
equivalent to TS ,[= P
safe
.
Problem 2
1. L
1
= A, B

[ contains ABA innitely often, but AA only nitely often

q
0
q
1
q
2
q
3
q
4
A, B
A B
A
B
A, B
B
B
2. L
2
= /((AB + C)

((AA + B)C)

+ (A

C)

)
q
0
q
4
q
1
q
2
q
3
A C A
B
B
A
A B
C
q
5
q
6
A C
C
A
Note: We allow more than one initial state! Formally, the automaton
outlined above is given by
/
2
= (q
0
, . . . , q
6
, A, B, C, , q
0
, q
5
, q
3
, q
6
)
where is dened as shown in the picture.
2
Problem 3
Proof sketch: Use a product construction and distinguish three phases which
have to be repeated in an innite successful run innitely often:
1. Wait for the rst component to visit a nal state;
2. Wait for the second component to a visit nal state;
3. Signal that phase 1 and phase 2 have been completed.
Let /
i
= (Q
i
, ,
i
, Q
0,i
, F
i
) for i = 1, 2. Then, we dene / = (Q, , , Q
0
, F),
where
Q = Q
1
Q
2
1, 2, 3
: Q 2
Q
such that
((q
1
, q
2
, 1), A) =

(
1
(q
1
, A) F
1
)
2
(q
2
, A) 1

(
1
(q
1
, A) F
1
)
2
(q
2
, A) 2

((q
1
, q
2
, 2), A) =

1
(q
1
, A) (
2
(q
2
, A) F
2
) 2

1
(q
1
, A) (
2
(q
2
, A) F
2
) 3

((q
1
, q
2
, 3), A) =
1
(q
1
, A)
2
(q
2
, A) 1
Q
0
= Q
0,1
Q
0,2
3
F = Q
1
Q
2
3
We have to prove that /

(/) = /

(/
1
) /

(/
2
):
Let = A
1
A
2
A
3
. . . /

(/). Then, there exists an accepting run

of / of the form
(p
0
, q
0
, i
0
)
A
1
(p
1
, q
1
, i
1
)
A
2

such that i
k
= 3 for innitely many k 0. But then, p
i
F
1
and
q
j
F
2
for innitely many i, j by construction. Hence, the runs p
0
A
1

p
1
A
2
p
2
. . . and q
0
A
1
q
1
A
2
q
2
. . . are accepting runs for in /
1
and /
2
, respectively. Therefore /

(/
1
) /

(/
2
).
3
Let = A
1
A
2
A
3
. . . /

(/
1
) /

(/
2
). Then, there exist accepting
runs p
0
A
1
p
1
A
2
p
2
. . . and q
0
A
1
q
1
A
2
q
2
. . . of in /
1
and /
2
,
such that p
i
F
1
and q
j
F
2
for innitely many i, j. We obtain the
induced run of / on as follows:
(p
0
, q
0
, i
0
)
A
1
(p
1
, q
1
, i
1
)
A
2
(p
2
, q
2
, i
2
)
We need to prove that i
k
= 3 for innitely many k 0.
Therefore, let i
k
= 3 for some k 0 (this happens at least once, as
it happens in every initial state). We prove that there exists a k

> k
such that i
k
= 3:
As p
n
F
1
innitely often, there exists a fragment p
k
, p
k+1
, . . . , p
k+l
such that p
k+l
F
1
, l > 0 and p
j
/ F
1
for j = k+1, . . . , k+l1. By
construction, i
k+l
= 2.
Analogously, q
n
F
2
for innitely many n. Thus there exists a
fragment q
k+l
, q
k+l+1
, q
k+l+2
, . . . , q
k+l+o
with o > 0 such that q
j
/ F
2
for j = k+l+1, . . . , k+l+o1 and q
k+l+o
F
2
. Then, by construction,
i
k+l+o
= 3. To conclude the proof, set k

= k+l+o.
4