Instantiation Reduction in Iterative Parameterised Three-Valued
Model Checking
– Proof of Lemma 3 –
Nils Timm and Stefan Gruner
Department of Computer Science, University of Pretoria, South Africa
{ntimm,sgruner}@cs.up.ac.za
Here we prove Lemma 3 from the paper Instantiation Reduction in Iterative Parameterised Three-Valued
Model Checking submitted to SBMF 2015. According to our parameterisation rules defined in [1], the application of parameterisation (and parameter instantiation) only affects the values of transitions an labellings
but not the state space. Thus, M (Bn ) and M (Bn )(Bm ) in Lemma 3 are both defined over the identical set of
states S . Moreover, if π is a sequence of states in M (Bn ) then π is also a sequence of states in M (Bn )(Bm )
and vice versa. This fact together with Definition 5 (Completion) gives us the following proposition:
Proposition 2. Let M (Bn ) = (S , s0 , R(Bn ), L(Bn )) be an arbitrary instantiation of a parameterised threevalued Kripke structure M (Xn ) = (S , s0 , R(Xn ), L(Xn )) and let M (Bn )(Xm ) = (S , s0 , R(Bn )(Xm ), L(Bn )(Xm ))
be a further parameterisation of M (Bn ). Then for any Bm ∈ {true, false}m and any ψ ∈ LTL+ the following
holds:
1. For each path π ∈ ΠM (Bn )p we have that π ∈ ΠM (Bn )(Bm )p with
∀ i ∈ N : R(Bn )p (π(i ), π(i + 1)) = true ⇒ R(Bn )(Bm )p (π(i ), π(i + 1)) = true
and ∀ p ∈ AP : L(Bn )p (π(i ), p) = true ⇒ L(Bn )(Bm )p (π(i ), p) = true.
2. For each path π ∈ ΠM (Bn )(Bm )o we have that π ∈ ΠM (Bn )o with
∀ i ∈ N : R(Bn )(Bm )o (π(i ), π(i + 1)) = true ⇒ R(Bn )o (π(i ), π(i + 1)) = true
and ∀ p ∈ AP : L(Bn )(Bm )o (π(i ), p) = true ⇒ L(Bn )o (π(i ), p) = true.
Hence, each path π in M (Bn )p also exists in M (Bn )(Bm )p . In M (Bn )(Bm )p each π is ’more or equal true’,
with regard to transition and labelling values, than in M (Bn )p . Moreover, each path π in M (Bn )(Bm )o also
exists in M (Bn )o . In M (Bn )o p each π is ’more or equal true’, with regard to transition and labelling values,
than in M (Bn )(Bm )o . Based on Proposition 2 we can now prove Lemma 3:
Lemma 3. Let M (Bn ) be an instantiation of a parameterised three-valued Kripke structure M (Xn ) and let
M (Bn )(Xm ) be a further parameterisation of M (Bn ). Then for any ψ ∈ LTL+ the following holds:
1. [M (Bn )p |=E ψ] = true ⇒ ∀ Bm ∈ {t, f }m [M (Bn )(Bm )p |=E ψ] = true
2. [M (Bn )o |=E ψ] = false ⇒ ∀ Bm ∈ {t, f }m [M (Bn )(Bm )o |=E ψ] = false
Proof. Part 1: [M (Bn )p |=E ψ] = true ⇒ ∀ Bm ∈ {t, f }m [M (Bn )(Bm )p |=E ψ] = true is equivalent to
∃ π ∈ ΠM (Bn )p [π |= ψ]M (Bn )p = true ⇒ ∀ Bm ∈ {t, f }m ∃ π ∈ ΠM (Bn )(Bm )p [π |= ψ]M (Bn )(Bm )p = true
(Definition 4). We prove this by showing [π |= ψ]M (Bn )p = true ⇒ [π |= ψ]M (Bn )(Bm )p = true for an
arbitrary π ∈ ΠM (Bn )p and an arbitrary Bm ∈ {t, f }m , which is a stronger assertion that implies the above
one. The proof is based on Proposition 2.1 and goes by induction on the structure of the LTL+ formula ψ. It
is completely analogous to the proof of Lemma 2 (http://www.cs.up.ac.za/cs/ntimm/proofLemma2.pdf).
Part 2 : [M (Bn )o |=E ψ] = false ⇒ ∀ Bm ∈ {t, f }m [M (Bn )(Bm )o |=E ψ] = false is logically equivalent
to ∃ Bm ∈ {t, f }m [M (Bn )(Bm )o |=E ψ] = true ⇒ [M (Bn )o |=E ψ] = true, which is equivalent to ∃ Bm ∈
{t, f }m ∃ π ∈ ΠM (Bn )(Bm )o [π |= ψ]M (Bn )(Bm )o = true ⇒ ∃ π ∈ ΠM (Bn )o [π |= ψ](Bn )o = true (Definition
4). We prove this by showing [π |= ψ]M (Bn )(Bm )o = true ⇒ [π |= ψ](Bn )o = true for an arbitrary π ∈
ΠM (Bn )(Bm )o and an arbitrary Bm ∈ {t, f }m , which is a stronger assertion that implies the above one. The
proof is based on Proposition 2.2 and goes by induction on the structure of the LTL+ formula ψ. It is
completely analogous to the proof of Lemma 2 (http://www.cs.up.ac.za/cs/ntimm/proofLemma2.pdf).
2
References
1. Timm, N., Gruner, S.: Parameterisation of three-valued abstractions. In: Formal Methods: Foundations and Applications, pp. 162–178. Springer (2015)
2