Computing (bi)simulation relations preserving CTL*X. for ordinary and fair Kripke structures Текст научной статьи по специальности «Математика»

Computing (bi)simulation relations preserving CTL*X for ordinary and fair Kripke structures1

P. E. Bulychev , I. V. Konnov , V. A. Zakharov

Abstract. The main goal of model checking is to verify whether a model of a given program satisfies some given specification. In this paper models are regarded as fair or ordinary Kripke structures whereas specifications are represented by formulae branching-time temporal logics (CTL*X or ACTL*x ). Model checking can be substantially enhanced by reducing the size of models under consideration. Usually this is achieved by using binary relations on the set of Kripke structures that preserve the satisfiability of temporal formulae. It is known that stuttering bisimulation (simulation) relation preserves CTL*X (respectively ACTL*X) for ordinary Kripke structures. In this paper we present a fair game stuttering bisimula-tion( simulation) relation which preserves CTL*X (ACTL*X ) for fair Kripke structures, and algorithms for computing stuttering (bi(simulation which utilize usual and parity games. If n is the number of states and m the number of transitions in a finite states transition system then our algorithms for computing stuttering simulation and bisimulation for ordinary Kripke structures is proved to have 0(m2) time and space complexity, and our algorithms for computing the same relations for fair Kripke structures appear to have 0(m2n2) time and 0(m2) space complexity. Thus the verification of CTL*X-formulae on a model M ( ordinary or fair) can be reduced to the verification of these formulae on a smaller model.

1. Introduction

The main goal of model cheeking ([ ]) is to verify whether the model of the program satisfies some specification. The model of the program M can be presented in the form of the ordinary (nonfair) Kripke structure, and specification (j> can be given in the form of the formula of the branching time logic CTL* (as well as its restricted subsets - ACTL*, CTL*X, ...). The Kripke structures with fairness constraints are used in some special cases, for example, for modeling asynchronous parallel

'This paper is supported by the grants RFBR 06-01-00106 and INTAS 05-1000008-8144.

composition of programs.

In model checking, usual bisimulation(simulation) relations over the set of Kripke structures preserving CTL*(ACTL*) logic are used. These relations make it possible to check some property expressed in CTL*(ACTL*) logic in the abstracted (small) model M2 rather than in the original (large) model Mi.

Sometimes, however, the weaker relations are to be considered. For instance, logic CTL*X (CTL* without the neXttime operator) is sufficient for abstraction method ([ ]). Stuttering bisimulation preserves this logic for ordinary Kripke structures ([ ], [2]).

In this paper the game approach is used to compute stuttering (bi (simulation. Let n be the number of states and let m be the number of transitions. We give algorithms for computing ordinary(nonfair) stuttering (bi) simulation over Kripke structures with 0(m2) time and space complexity. To the extent of our knowledge no effective algorithm for computing stuttering simulation have been found till now whereas the best discovered algorithm for computing stuttering bisimulation has O(mn) time and O(m) space complexity[ ]). Computing simulation is harder than computing bisimulation ([ ]) and so the suggested algorithm for computing stuttering

simulation relation over ordinary Kripke structures can be considered as sufficiently effective.

We define the fair game stuttering bisimulation (simulation) relation which preserves CTL*X (ACTL*X) logic for fair Kripke structures. Algorithms for computing these types of fair (bi (simulation are introduced which are based on [ ] and in which parity games are used in Buchi automata reduction. Algorithms for computing fair game stuttering simulation and bisimulation have 0(m2n2) time and 0(m2) space complexity.

Thus the verification of the formula expressed in CTL*X logic on the model M (ordinary or fair) can be reduced to the verification of this formula on a smaller model.

2. Preliminaries

Definition 1 (Fair Kripke structure). Let AP be a set of atomic propositions. A fair Kripke structure M over AP is a 5-tuple M = (S', R, S0,L, F), where

• S - nonempty set of states,

• RCSxS- total transition relation (a transition relation R is total if for every state s e S there exists a state s' e S such that (s, s') e R),

• S0 c S' - nonempty set of initial states,

• L : S' —> 2ap - a function that labels each state with the set of atomic propositions,

• F c S' - nonempty set of fair states.

Definition 2 (Ordinary Kripke structure). Ordinary (nonfair) Kripke structure is a Kripke structure M = (S', R, S0, L, F), ay/zere S = F. I shall denote this structure M = (S', i?, S'o, L), for short.

A branching time temporal logic CTL* ([ ]) is widely used for expressing specifications. There are two trace quantifiers A (V) and E (3), and four temporal operators X (neXt), U (Until), F (Follow), G (Global) in CTL* . The syntax and the semantics of this logic is defined in many textbooks; for the sake of space the corresponding definitions are skipped in this paper.

The logic ACTL* is the restricted subset of CTL* which does not allow E trace quantification, and negation in ACTL* can be applied only to subformulas which do not contain modalities.

In reasoning about concurrent systems the neXttime operator refers to the global next state rather then to the local next state ([ ]), so this operator is useless and can be omitted. The logic CTL\ (ACTL\) is the restricted subset of CTL* (ACTL*) without the operator X.

Let 3 be some set of fair Kripke structures. Let us say that a relation J!C9x3 preserves a logic A for 3 iff M2 |= cj> implies Mi |= (j> for every (j> e A and for every two structures Mi and M2 such that (Mx, M2) e R.

3. Stuttering simulation and bisimulation without fairness constraints

We start with defining (bi (simulation relation for ordinary Kripke structures.

Definition 3 (Divergence-blind stuttering simulation [ ], [ ]). Given Mi = (Si, Ri, S'oi, Li) and M2 = (S2, i?2, S02, L2) over AP, a relation ff c Sx x S2 is a divergence-blind stuttering simulation (dbs-simulation) relation over (Mi, M2) iff the following conditions hold:

1. For every s0i e S'oi there exists s02 e S02 such that (s0i, «02) € H,

2. For all (si, s2) € H,

(a) Li(si) = L2{s2) and

(b) if (si,s[) e Ri then there exists a sequence t0ti ...tn (n > 0) such that t0 = s2 and for all i < n , (£*,£*+1) e R2 A (si,i;) e H and (, tn) e H.

A relation H e Si x S2 is a dbs-bisimulation relation iff it is a dbs-simulation relation over (Mi, M2) and HT is a dbs-simulation relation over (M2, Mi).

M2 dbs-simulates Mi (denoted Mi <dt,s M2) iff there exists a dbs-simulation relation H e Si x S2 over (Mi,M2). The structures M2 and Mi are dbs-bisimilar (denoted Mi ^dbs M2) iff there exists a dbs-bisimulation relation H e S1 x S2 over (Mi,M2).

Definition 4. The sequence s0si • • • sn such that L{s.i) = L(sj), (s,:, s,:+i) e R and sn = s0 is called a cycle of identically labeled states.

Dbs-bisimulation (simulation) preserves CTL*X (ACTL*X) logic only for structures without cycles of identically labeled states. In the Appendix we consider dbs-(bi (simulation over slightly modified Kripke structures called divergence-sensitive stuttering bisimulation (simulation) which preserves CTL*X (ACTL*X) for Kripke structures with cycles of identically labeled states ([ ]).

Let’s consider Kripke structures without cycles of identically labeled states. Then the logical properties of stuttering simulation are ([ ]):

1. Dbs-bisimulation preserves CTL*X logic.

2. Dbs-simulation preserves ACTL*X logic.

3.1. Algorithms for computing stuttering simulation and bisimulation

Let Mi = (S'i, Ri, S'oi, Li) and M2 = (S'2, R2, S02l L2) be two ordinary Kripke structures, and m = \Ri \ + \R21, n = |S'i | + |S'21. We will focus on the following questions:

• Does there exist a stuttering simulation between Mi and M2? To the best of my knowledge this problem was not considered in the literature yet. In this work we present a simulation checking algorithm whose time and space complexity is 0(m2) .

• Does there exist a stuttering bisimulation between Mi and M2? The best

algorithm requires O(mn) time and O(m) space([ ]). We adduce 0(m2) algorithm.

The analogous problems for usual (bi (simulation were discussed in the literature:

[2],[7],[ ], [11].

Computing of usual (bi (simulation can be reduced to finding a winning strategy in the game of two players. For instance, an effective algorithm (0(mn)(for computing usual simulation by means of this method is given in [ ]. Following this approach we reduce the computation of a stuttering simulation to the search of a winning strategy in the game of two players.

There are two players in the game - the player D (duplicator) who tries to show that the chosen relation (simulation or bisimulation(is fulfilled, and the player S (spoiler) who tries to stuck the player D.

Let’s describe the principles of the game for finding the stuttering simulation. Let Mi = (S'i,i?i,S'oi,L),S'oi = {soi} and M2 = (S2, R2,So2, L2),So2 = {S02}, L(s0i) = L(s02). Each player has a pebble, the player S moves his pebble on the graph (S'i, Ri) and the player D moves his pebble on the graph (S'2, R2) correspondingly. Initially the pebbles of the players S and D are placed on the states s0i and S02 respectively and the turn belongs to the player S. Then the game runs in the following way: if the turn belongs to the player S and his pebble is placed on si, then he chooses the state such that (si, s^) e Ri, reports this state to the player D and passes the turn to the player D. If the turn belongs to D, the pebbles of the players are placed on states si and s2, and S reported at the previous turn, then D can perform one of the actions:

• If L(s'i) = L(s2) then he can move the pebble of the player S to s'lt

• if there exists s2 such that (s2, s2) e R2 and L(s2) = L(si), then he can move his pebble to s2,

• if there exists s2 such that (s2, s2) e R2 and L(s2) = L(s'i), then he can move his pebble to s2 and move the pebble of the player S to .

Then the turn passes to S.

If one of the players can’t make a move during the run of the game then another player wins. If the run of the game is infinite then D wins. It will be shown that Mi <dbs M2 iff there exists a winning strategy for player D.

Formally, a game is a triple G = (VD,VS, E) where VD and Vs are the sets of the game states in which the turn belongs to D and S respectively, and E c (Vp u

Mi

M2 Gsim for Mi <dbs M2

Figure 1: Gsim

Vs) x {VD u Vs) is a set of permitted moves. A run of the game G = (Vp, Vs, E) is a sequence v0viv2... (finite or infinite) of states such that (m,:,w,:+i) e E. A strategy of the player D (player S') is a function W : VD —> Vs U {halt} (W : Vs —> Vp U {halt}). A run of the game defined by the strategy W of the player D (player S') is a run ... vn-ivn ... (finite or infinite) such that:

• Vi € VD => vi+i = W(vi)

(Vi e Vs vi+i = W(vi)),

• if the run is finite • • • vn-ivn and vn e Vp, then W{vn) = halt (if the run is finite • • • vn-ivn and vn e Vs, then W{vn) = halt)

A strategy W of the player D is winning with initial state v0 iff v„ e Vs for every finite run ... vn-ivn defined by W.

М\ М2

GUs for M «dhsM2 Figure 2: Ghts

3.1.1. Stuttering simulation

Formally, the game graph Cstm = (Vp, Vs, E) intended for cheeking a stuttering simulation is defined as follows:

• Vs = {(si, s2)s|si € S'i A s2 € S2 A L(si) = L(s2)},

• VD = {(si, si, s2)b|si € S'i A si e S'i As2 e S2AL{s1) = L{s2)A{si, s[) € Ril

• E = E-! U E2 U Es U E4 where:

- Ei = {((si, s2)s, (s 1, si, s2)_d)|(si, si) e i?i},

~ E2 = {((S!, s[, s2)d, (s[, s2)s)\L(s2) = L(si)},

- E3 = {((si, si, s2)Dl (si, s2)s)|(s2, s2) e R2 AL(4) = L(si)},

- E4 = {((si, si, s2)D, (si, s2)s)|(s2, s2) e R2 AL(s'2) = L(si)}

Definition 5 (Game stuttering simulation). Let Ah = (S'i, i?i, S'0i, L) and M2 = (S2, i?2, S'02, L2) be two ordinary Kripke structures over AP. We say that M2 gs-simulates Mi (denoted Mi <gs M2) iff for every s0i e S'01 there exists «02 € S'02 that L(soi) = L(s02) and the player D has a winning strategy in the game Gs%m with the initial state (s0i, s02)s.

Th eorem 1. Let Mi and M2 be two ordinary Kripke structures without cycles of identically labeled states. Then Mi <dbs M2 iff Mi <gs M2

The proof of the theorem 1 is given in the Appendix.

Two Kripke structures Mi and M2 over AP = {a, y, z} and the game graph for Qstm are ciepicted on the Figure 1. Mi and M2 are not total, and only winning subgraph of Gstm is presented on this Figure, for simple.

3.1.2. Stuttering bisimulation

The player S can move either of two pebbles, and the player D should move then only the pebble different from the pebble moved by S', in the game for computing stuttering bisimulation.

Formally, the game graph Gb%s = (Vp, Vs, E) corresponding to stuttering bisimulation between Mi = (S'i, Ri, S'01, Li) and M2 = (S2lR2, S02, L2) is defined by:

• Vs = {(si, s2)s|si € S'i A s2 € S2 A L(si) = L{s2)},

• VD = Vm U VD2 where:

- Vdi = {(si, S2)ci|si € S'l A € S'i A s2 G S2 A L(si) = L{s2) A (si, si) € Ri}

~ Vd2 = {(s2i s2i si )d2 |s2 € S2 A s2 € S2 A Si € Si A L(s\) = L(s2) A (S2, s2) € i?2}

• E = Ei U E2 U E3 U E4 U E[ U E'2 U E'3 U E'4 where:

~ Ei = {((si, s2)s, (si, si, s2)Bi)|(si, si) e i?i},

~ E2 = {((si, s[, s2)m, (s[, s2)s)\L(s2) = L(s[)},

- E3 = {((si, si, s2)_di, (si,s/2)s)|(s2,s/2) g R2 A L{s'2) = L(si)},

- E4 = {((si, si, s2)_di, (si,s/2)s)|(s2,s/2) e R2 A L{s'2) = L(si)}

- E'i = {((si,s2)s,(s2,s/2,si)C2)|(s2,s/2) e R2},

- E'2 = {{{s2, s'2, si)D2,{si, s'2)s)\L{s'2) = L(si)},

- E3 = {((S2,S/21Sl)B2,(si,S2)s)|(Sl,S/l) e Ri A L(s2) = L(s'i)},

- E'4 = {((s2,s/2,si)C2,(si,s/2)s)|(si,si) e Ri A L(s2) = L(s[)}

Definition 6 (Game stuttering bisimulation). Let Mi and M2 be two Kripke structures over AP. Mi and M2 are gs-bisimilar (denoted Mi ~gs M2) iff for all soi e S'01 there exists s02 e S02 and for all s'02 e S02 there exists Sqi e S'01 such that L(s01) = L(s02) A L(s'0i) = L(s'02) and player D has a winning strategy in game Gb,s with initial states (s0i, s02)s and (s'0i, s'02),g.

Th eorem 2. Let Mi and M2 be two ordinary Kripke structures having T-property. Then Mi K,dbs M2 iff Mi ~gs M2.

The game graph for stuttering bisimulation is shown in Figure 2.

3.1.3. Solution of games

Let Mi and M2 be two ordinary Kripke structures having a T-property. The problem of computing divergence-blind stuttering simulation (bisimulation) between Mi and M2 can be solved using theorems 1 and 2, by finding the winning strategy of the player D in the game Gstm (Gbts) or by proving that such the strategy does not exist.

Time Space

ordinary simulation 0(mn) ([ ])

ordinary bisimulation 0(m log n)([L ])

ordinary stuttering simulation 0(m2)(*)

ordinary stuttering bisimulation 0(mn) ([ ]) 0(m)([ ])

fair game simulation 0(m??.3) ([ ]) 0(mn) ([ ])

fair game bisimulation 0(m??.3) ([ ]) 0(mn) ([ ])

fair game stuttering simulation O to 3 to * 0(m2)(*)

fair game stuttering bisimulation o to 3 to * 0(m2)(*)

(*) - this paper.

Note: m is the number of transitions, n is the number of states, m > n.

Figure 3: Best complexity of algorithms for computing simulation relations

Let’s consider the game G(VDlVs,E) where m' = \E\ and n! = \VD\ + |VS|. In [2, 1 ] it was proved that computing the winning set for the player D can be performed in time and space 0{m' + n'). As it can be seen from the description of the games Gsrm and Gb%s we have m! = 0{m?) and n' = O(mn) where n is the number of states and m is the number of transitions in Kripke structures Mi and M2 to be analyzed. Thus, stuttering simulation and stuttering bisimulation can be checked in time and space 0{m2).

The same approach to the problem of checking stuttering (bi)simulation for fair Kripke structures. The details can be found in the Appendix.

4. Conclusions

In this paper we developed a uniform approach to the problem of cheeking stuttering simulation (bisimulation) for fair and ordinary Kripke structures. It was demonstrated that these problems can be reduced to that of finding winning strategies for the corresponding parity games. Based on this approach a number of new efficient simulation and bisimulation checking algorithms are introduced. These algorithms can be easily adapted to the model checking techniques in the framework of the abstraction method.

Review of complexity of known algorithms for computing simulation relations is given in Figure 3.

References

[1] M.C. Browne, E.M. Clarke, O. Grumberg. Characterizing finite Kripke structures in prepositional temporal logic. Theoretical Computer Science, vol. 59 , Issue 1-2, pp. 115- 131, 1988. 60,61,71

[2] K. Etessami, T. Wilke, R.A. Schuller. Fair Simulation Relations, Parity Games, and State Space Reduction for Buchi Automata. SIAM Journal on Computing, vol. 34, No. 5, pp. 1159-1175, 2001. 60, 63, 68, 72, 73, 75

[3] R. De Nicola , F. Vaandrager. Three Logics for Branching Bisimulation. Journal of ACM, vol. 42, No. 2, pp. 458-487, 1995. 60, 61, 62, 71

[4] T.A. Henzinger, O. Kupferman, S.K. Rajamani. Fair Simulation. Proc. 8th Conference on Concurrency Theory, 1997. 72, 73

[5] D. Bustan, O. Grumberg. Applicability of fair simulation. Information and Computation, vol. 194, Issue 1, pp. 1 - 18, 2004. 72

[6] E.M. Clarke, O. Grumberg and D.A. Peled. Model Checking. MIT Press, 1999. 59, 60, 61

[7] M. Henzinger, T. Henzinger, P.Kopke. Computing simulations on finite and infinite graphs. In: Proc. of 36th IEEE Symp. on Foundations of Comp. Sci, pp. 453-462, 1995. 63, 68

[8] J.F. Groote, F. Vaandrager. An efficient algorithm for branching bisimulation and stuttering equivalence. Proceedings of the 17th International Colloquium on Automata, Languages and Programming, pp.626-638, 1990. 60, 63, 68

[9] L. Lamport. What good is temporal logic? Proceedings of IFIP 83, pp. 657-668, 1983. 61

[10] A. Kucera, R. Mayr. Why Is Simulation Harder than Bisimulation? Lecture Notes in Computer Science, vol. 2421, pp. 594 - 609, 2002. 60

[11] R. Paige, R.E. Tarjan. Three partition refinement algorithms. SIAM Journal on Computing, vol. 16 , Issue 6, 1987. 63

[12] J.-C. Fernandez. An Implementation of an Efficient Algorithm for Bisimulation Equivalence. Science of Computer Programming, 1989. 63, 68

[13] M. Jurdzinski. Small Progress Measures for Solving Parity Games. In: Proceedings of 17th Annual Symposium on Theoretical Aspects of Computer Science, 2000. 73, 75

[14] H.R. Andersen. Model checking and boolean graphs. Theoretical Computer Science archive vol. 126 , Issue 1, 1994. 68

5. Appendix

5.1. Divergence-sensitive stuttering (bi)simulation over ordinary Kripke structures

Let’s introduce auxiliary designations.

Let p' be the special atomic proposition. Let us say that Kripke structure M = (S, R, S'o, L, F) has a T-property if there exists no more than one state s' such that p' € L(s'), and if such the state exists then (s', s') e R and there are no outgoing edges from s' except the edge (s', s'), and there are no more cycles of identically labeled states in M except (possibly) this self-loop. It can be easily seen that if there are no cycles of identically labeled states in M then M has a T-property. Let us call (s', s') a T-cycle.

Th eorem 3. Let Mi and M2 be two ordinary Kripke structures having T-property. Then:

• Ml ~dbs Af2 iff Ml ~gs M2.

• Ml ^dbs M2 iff Ml ^gs M2

Let M = (S, R, S0, L, F) be a ordinary Kripke structure over AP, p' £ AP, and s' ^ S be a special state. Let introduce the equivalence relation over S in the

following way: sx ~ s2 iff «i = «2 or there exists a cycle of identically labeled states containing si and s2. Let [S'] be a set of equivalence classes over ~ on S'. Let C = {[s] e [S'] | there is a cycle of identically labeled states in M such that all of it’s state belongto [s]}. We consider a Kripke structure [M] = ([S'] u {s'}, [R], [S0], [L\, [F]) over AP u {]/}, where:

• [R] = [i?]i U [R}2 U [R]3, where

— [-R]l = {([sl]i [s2])|[sl] € [S] A [s2] € [S] A [si] [s2] A 3si G [si], s2 € [s2] • (si, s2) € i?},

— [i?]2 = {(s',s')},

— [R\3 = {([-s]i s')|[s] € [5] A [s] fl F / fl A [s] € C}

• [So] = {[s0] | [s0] e [S] A [s0] n So ^ 0}

• [L]([s]) = L(s) for [s] e [S] As e [s] (recall that all states of [s] are identically labeled).

[£](*') = Ip'}

• W] = {[s] | [s] € [S] A [s] n F / 0} U {s'}

It can be noted that [M] has a T-property.

Definition 7 (divergence-sensitive stuttering(bi)simulation [ ], [ ]). Let Ah and

M2 be two ordinary (non fair) Kripke structures over AP. Then

• M2 dss-simulates Ah (denoted All <dss M2) iff [Ah] <dts [M2].

• Al2 dss-bisimulates Ah (denoted Ah ~dss M2) iff [Mi] ~dts [M2].

Dss-(bi)simulation deals with structures with cycles of identically labeled states. The logical properties of dss-(bi)simulation are:

1. Dss-bisimulation preserves CTL\ logic.

2. Dss-simulation preserves ACTL\ logic.

Computing [M] can be performed in linear time, so computing dss-(bi)simulation using the theorem 3 has the same complexity as dbs-(bi)simulation.

We define the fair game stuttering simulation(bisimulation) relation preserving ACTL*X (CTL*X) logic for fair Kripke structures. Then following an approach which is analogous to that considered in [ ] and we reduce the problem of checking fair (bi (simulation to that of computing a winning strategy in the parity game. There exist several definitions of fair usual (bi)simulation: Direct, Delay, Game, Exists, the review of them is given in [ ]. My definition of fair game stuttering simulation is based on the definition of fair game simulation ([ ]).

Let Mi = (S'i, i?i, S'oi, Li, Fi) and M2 = (S2, R2, S02, L2, F2) be two fair Kripke structures, and let’s consider the relation of fair stuttering simulation. Players S' and D move their pebbles during the game over graphs (Si, Ri) and (S2, R2) according to the same rules as in ordinary simulation. If the run of the game is finite then the winner is determined according to the ordinary stuttering simulation game rules. Let now the run of the game be infinite. In this case the winner is determined by the following rule: if the player S’s pebble appears in fair states for infinitely many times, while the player D's pebble appears not then the player S is consider winning, otherwise the player D is.

Let’s describe the game formally. Let P be the run of the game (Gstm or Gbts ) for which only game states (si, s2)s £ Vs are retained. Considering the sequence of all the pairs (si, s2)s in P, one can construct two sequences pi and p2 consisting of states from the sets Si and S2 correspondingly.

Definition 8 (Fair game stuttering simulation). Given two fair Kripke structures Mi = (Si,Ri,S0i,Li,Fi) and M2 = (S2, R2, S02, L2, F2) over AP, let’s write Mi <fgs M2 iff for every soi e S'oi there exists some s02 € S02 such that L(s0i) = L(s02) and also exists the winning strategy W of the player D in the game Gsrm with initial state (s0i, «02)5 such that if inf(/9i) n Fi ^ 0 is valid for some run of the game defined by W then inf(/>2) (1^/0 is also valid for this run of the game.

Definition 9 (Fair game stuttering bisimulation). Let’s write Mi »/gs M2 iff for every soi e S'oi there exists s02 € S02 and for every s'02 e S02 there exists s'01 e S'oi such that L(soi) = L(s02) A L(s'0i) = L(s'02) and there exists a winning strategy W of the player D in the game Gbls with initial states (s0i, «02)5 and (s'01, s'02)s such that for every run defined by W:

(inf(pi) n Fi ^ 0 A inf(p2) nF2^0) \J(inf(pi) n Fi = 0 A inf(/>2) n F2 = 0)

1. If [Mi] <fgs [M2], (f> eACTL*x and M2 |= <?ithen Mx |= <j>.

2. If [Mi] xifgS [M2], (f> eCTL*x and M2 |= (f> then Mx |= <j>.

These properties can be proved analogously to the appropriate theorem in [ ] if one takes into account that there are no cycles of identically labeled states in [Mi] and [M2\, except T-cycles.

Let’s reduce the fair stuttering (bi)simulation relation to the parity game ([ ], [ ]).

Let G = {Vn, Vs, E) be a usual game. Let d be some natural number. Parity game is a 4-tuple Gp = (VD, Vs, E,p) where p : VD U Vs —> {0,1,..., d - 1} is a function that assigns a priority to each game state. If the run of the game is finite then the winning player is determined according to usual game

rules. Assume that the run of the game {t’o^i • • •} is infinite. Let suppose that

p = {m\m = p(vi) for infinitely many ?'}. Then if mvn(p) is odd, then the player S wins, otherwise the player D wins.

It can be noted that usual game is a particular case of parity game.

5.2.1. Fair game stuttering simulation

Let’s define the game G*™ = (VD,VS, E,p) for computing fair stuttering simulation between Mi = (S'i, Ri, S'oi, Li, Fi) and M2 = {S2, R2, S'02, L2, F2). Let’s take for a basis the game Gstm = {Vd,Vs, E) for computing stuttering simulation. Let’s assign, in analogy with [ ], a priority to each game state Vs u VD in such the way:

( 0, if v = (si, s2)s e Vs A s2 € F2,

p(v) = < 1, if V = (si, s2)s € Vs A s2 £ F2 A Si e F1,

[ 2, otherwise.

It can be easily seen that the run of the game Gsp'm is winning for the player D iff the corresponding infinite run of the game used in the definition 8 is wining for the player D.

Thus one comes to equivalent definition of fair stuttering simulation:

Definition 10 (Fair fame stuttering simulation). Let write Mi </gs M2 iff for every s0i e S'oi there exists s02 e S02 such that L(s01) = £(s02) and there

exists a winning strategy of the player D in the game GSim with initial state

(«oi, «02)5-

The structure of the game state for fair stuttering bisimulation is more complicated than for fair stuttering simulation - it will be necessary to keep information which of two pebbles visited the fair state the last.

For si e S'i, s2 € S2 and b e {1,2} let define

( 1 if Sl 6 fl,

new{b, sl, s2) = < 2 if si ^ F\ A s2 G F2,

[ b otherwise.

Formally the game graph Gb™ = (VD,VS,E,p) corresponding to fair stuttering bisimulation between Mi = (Si, i?i, 5'01, Li, Fi) and M2 = (S2lR2, S02, L2,F2) is defined by:

• Vs = {(si, s2,6)s|si e S'l A s2 e S2 A L(si) = L(s2) A b e {1,2}},

• VD = Vm U VD2 where:

- Vdi = {(si,si,s2,6)_Di|si € S'i A s^ € S'i A s2 G S2 A L(si) =

L(s2) A (si, si) € R\ A b € {1, 2}}

- V]j2 = {(s2, s2, Si, 6)_d2|s2 6 S2 A sf2 6 S2 A Si € Si A L(si) =

L{s2) A (s2, s^) £ R2 A & G {1, 2}}

• E = Ei U E2 U E3 U E4 U E[ U E'2 U E'3 U E'4 where:

~ = {((si,s2,6)s,(si,si,s2,6/)Ci)|(si,s/1) e Ri A b' =

new{b, Si, s2)},

~ E2 = {((si, si, s2, 6)_di, (si, s2, b)s)\L(s2) = L(si)},

- E3 = {((si,si,s2,6)Ci,(si,s/2,6)s)|(s2,s/2) e R2 AL(s2) = L(si)},

- E4 = {((si,si,s2,6)Ci,(si,s/2,6)s)|(s2,s/2) e R2 A L(s'2) = L(si)}

- E[ = {((si,s2,6)s,(s2,s/2,si,6/)_D2)|(s2,s/2) e R2 A U =

new{b, Sl, s2)},

- E'2 = {((s2, s2, si, b)n2, (si, s2, b)s)\L(s2) = L(sx)},

- E3 = {((S2, s'2: Sl, 6)^2, (si, s2,6)s)|(si, si) e R1AL{s2) = L{s[)},

- E'4 = {((s2,s/2,si,6)C2,(si,s/2,6)s)|(si,s/1) e R1 A L(s'2) = L(si)}

{0 if v = (si, s2, b)s € Vs A S(3_6) G -F(3-6),

1 if = («1, «2, b)s e Vs A S(3_6) £ P(3-6) A s6 € F6,

2 otherwise.

Definition 11 (Fair game stuttering bisimulation). Let Mi and M2 be two

Kripke structures over AP. Let say that Mi and M2 are fgs-bisimilar (denoted Mi ~fgs M2) iff for all soi € S'01 there exists s02 € S02 and for every s'02 e S02 there exists Sq! € S'01 such that L(s01) = i(so2) A L(s'0i) = L(s'02) and the player D has a winning strategy in the game G^s with initial states («01, «02, l)s and (sol5 Sq2, 1)s-

Definitions 9 and 11 are equivalent.

5.2.3. Solution of parity games

In [ ] the modification of Jurdzinski’s algorithm([K ]) is given which makes it possible to compute the winning strategy of the parity game with cl = 3 (i.e. the measure takes values 0,1,2) in time 0(m'n 1) and space O(m') where n 1 = |p_1(l)|, n! is a number of states in the game graph, m! is a number of transitions in the game graph. Thus the fair game (bi(simulation can be computed in time 0(m?n2) and space 0(m2) by taking into account that ni < |VS|, |VS| = 0(n2) and m! = 0(m2).

5.3. The proof of the theorem 3.1

Let Mi = (S'i, Ri, S'oi, Li) and M2 = (52, R2, <S'o2, L2) be two ordinary Kripke structures over AP. There are no cycles of identically labeled states in Mi and M2.

1. If Mi <gs M2 then Mi <dbs M2

Let Wd be a winning strategy for the player D in the game Gsrm and Vso Q S'01 x S'02 be a set of winning initial states for the strategy WD such that for every s0i € S'01 there exists s02 € S'02 such that (s0i, «02) € Vso- The existence of such the set Vso is the corollary of the definition 3.3. Let define the simulation relation H c S1 x S'2 in the following way:

H = {(si, s2)| the game state (si, s2)s appears in some game run of Gsrm defined by VVd with initial state (s0i, S02) € Vso)}. It can be easily seen that the first part of the definition 3.1 is valid. The we prove that the second part of this definition is also valid. Let(si,s2) e H. It can be noted that Li(si) = L2(s2). Let(si,s/1) e Ri. It is necessary to prove that there exists the sequence t0h ... tn (n > 0) such that t0 = s2, (s[,tn) e H and, for every i < n, (t;,t;+1) € R2 and (si,t;) € H.

Let Ws be a strategy of the player S:

H'S((,,*)S, = { = S"

The game state (si, s2 )s is a winning state for the player D. Thus, the player D can always move his pebble at his turn. Consider a game run defined by strategies Ws and WD starting at the game state (si, s2)s- Assuming that t0 = s2 we have to consider the following 3 scenarios of runs:

1- (si,t0)s {si,s[,to)z> (si,t1)s {si,t-2)s —^

(the run is infinite)

2. (s1:t0)s (s1:s[:t0)D (siM)s (s1:s[:tn)D ^

{s'i^n)s, n > o,

3. (si,t0)s (si,si,^o)i3 (si,*i)s (si,si,*„-i)i3

(«i,^n)s,n > 1,

Actually, the first case can not be put into effect because there are no cycles of identically labeled states in M2.

It can be easily seen that if the game follows the second or the third scenarios then the requirements of the divergence-blind stuttering simulation definition are satisfied: (s[,tn) e H, and for every i < n we have (£*,£*+1) € R2 and (si,t;) € II. Thus, there exists a divergence-blind stuttering simulation H c S'i x S2 between Mi and M2. Therefore Mi <dbs M2.

2. If Mi <d6s M2 then Mi <gs M2

Let H c S'i x S'2 be a stuttering simulation according to the definition 3.1 and let

(si, s2) e H and (si, s'i) € Ri. Then there exists a sequence t0ti.. ,tn (n > 0) such that = «2, (si,tn ) € H, and 1) € R2 A (si,t;) € H for every * < n. Let define

{(«i,S2)sif« =0,

(s'i,*i)s if n = 1,

(si,*i)s if n > 1.

Let’s define additionally WD((si, s2)D) = halt iff (si, s2) & H V (sx, s[) g Ri It can be easily seen that if (si, s2) € H then strategy WD is a winning strategy of the player D forthe initial state (si, s2)s in the game Gsvm. Therefore Mi <gs M2.