REQUISITOS COMPLEMENTARIOS INDICE - NSR-98. Título H Estudios Geotécnicos. Normas Colombianas d

In this section we introduce ω-regular properties for DTMCs and PAs and the corresponding model checking procedures. We follow the standard automata-theoretic approach, as described, e. g., in [dA97, Var99, CSS03, BK08]. As a formalism for describing these properties, we introduce deterministic Rabin automata. We expect the reader to be familiar with standard notions of automata theory, for an introduction to this topic we refer to the standard textbook of Hopcroft and Ullman [HJ79].

Remark 11 (Rabin automata vs. Büchi automata) The question might arise why as formalism for ω-regular properties deterministic Rabin automata are chosen instead of non-deterministic Büchi automata (NBAs), since a DRA describing the same language as an NBA can be exponentially larger. The problem lies in the nondeterminism of the NBA. Building a product automaton would not result in a model like a DTMC or a PA as two different kinds of nondeterminism would have to be considered: On the one hand—in case of PAs—the choice of the probability distribution and on the other hand the nondeterministic choice of the symbol to read for the NBA which would result in a nondeterministic choice of atomic propositions.

Let us first define arbitrary linear-time properties.

Definition 26 (Linear time property) Assume a set of atomic propositions AP. A linear time property over AP is a set L of traces γ0γ1γ2. . . with γi⊆ AP for i ∈ N.

Intuitively, a linear time property is a set of infinite traces. In this thesis we deal with a certain class, namely the ω-regular properties. Note that the reachability properties as introduced in Section 2.3.1 build a simple subclass of ω-regular properties.

2.3. SPECIFICATIONS FOR PROBABILISTIC MODELS

Definition 27 (Deterministic Rabin automaton) A deterministic Rabin automaton (DRA) is a tuple A = (Q, qI, Σ, δ, F) with

• Q a finite nonempty set of states • q_I_{∈ Q an initial state}

• Σ a finite input alphabet

• δ: Q × Σ → Q a transition function • F ⊆ 2Q_{× 2}Q _{an acceptance condition.}

A run r of A is a state sequence q0, q1, q2, . . . ∈ Qωwith q0= qIsuch that for all i ≥ 0 there is a

γ_i_{∈ Σ with q}_i+1_{= δ(q}_i, γ_i_{). We say that r is the run of A on the infinite word w = γ}₀γ₁. . . over Σ. Note that for every infinite word w ∈ Σωthe run of A on w is unique as this is a deterministic automaton. By inf(r) we denote the set of all states which appear infinitely often in the run r. Given the acceptance condition F = (Ri, Ai) | i = 1, . . . , n , a run r is accepting if there exists

an i ∈ {1, . . . , n} with inf(r) ∩ Ri = ; and inf(r) ∩ Ai 6= ;. Intuitively this means that at least

some state from Ai has to be visited infinitely often while the corresponding set Ri is visited only

finitely often by an accepting run of A .

We call the set of all infinite words over Σ that have an accepting run on A the language of A , denoted by L (A ). The class of ω-regular properties is defined by using this notion:

Definition 28 (ω-Regular property, Safra [Saf89]) A linear-time property L is ω-regular if and only if there is a DRA A with L = L (A ).

Assume a set AP of atomic propositions, a DRA A with alphabet 2AP and the ω-regular property L = L (A ). Intuitively, a path π of a DTMC D satisfies L if the run of A on trace(π) is accepting. Formally, the following set of paths of D that start in s satisfies L :

s = {π ∈ PathsDinf(s) | trace(π) ∈ L }.

For each ω-regular property L and DTMC D, this set of paths is measurable in the probability space defined in Section 2.2.2, see [Var85]. As a consequence, we measure the probability PrD

sI(L

sI), i. e., the probability of all paths that start in the initial state and whose traces satisfy the ω-regular property, against the bound λ:

D |= P≤λ(L ) ⇔ PrDsI(L

D sI ) ≤ λ

2.3.3.1 Model checking ω-regular properties on DTMCs

Let in the following D = (S, sI, P, L) be a DTMC. We consider an ω-regular property L and

2.3. SPECIFICATIONS FOR PROBABILISTIC MODELS

To compute the probability of L for a DTMC D we build the product automaton of the DTMC D and the DRA A . Within this product automaton, which is again a DTMC, this problem reduces to computing reachability probabilities as introduced in Section 2.3.1.

Definition 29 (Product automaton) Let D = (S, s_I, P, L) be a DTMC and let A = (Q, qI, 2AP, δ, F) be a DRA with F = (Ri, Ai)

i = 1, . . . , n . The product automaton of D and A is a DTMC D ⊗ A = (S × Q, (s, q)I, P0, L0) over the set AP0 of atomic propositions

such that: • (s, q)I= sI, δ(qI, L(sI)) • P0 _{(s, q), (s}0_{, q}0_{) =}    P(s, s0_{) if q}0_{= δ q, L(s}0₎ 0 otherwise • AP0_{= {R} i, Ai| i = 1, . . . , n} • A_i_{∈ L}0_{(s, q) iff q ∈ A}

i, and Ri∈ L0(s, q) iff q ∈ Ri, for i = 1, . . . , n

Intuitively, in the DTMC resulting from this product construction, states whose DRA component is from Ai or Ri are labeled with this label enabling to measure the probability of reaching such

states.

The next step is to determine the BSCCs of the product automaton. According to the labels of these absorbing states sets, we define a sort of target states.

Definition 30 (Accepting BSCC) Let D = (S, s_I, P, L) be a DTMC, A = (Q, q_I, 2AP, δ, F) be a DRA and D ⊗ A = (S × Q, (s, q)I, P0, L0) be the product automaton of D and A . A BSCC

B ⊆ S × Q of D ⊗ A is called accepting if there is (Ri, Ai) ∈ F such that Ai ∈ L0(s, q) for some

(s, q) ∈ B and Ri6∈ L0(s0, q0) for all (s0, q0) ∈ B. The set of all accepting BSSCs for D and A is

denoted by B.

Intuitively, for an accepting BSCC at least one state has to be labeled with an Ai while no state

must be labeled with Ri. For convenience, we introduce the proposition accept and extend the

labeling by accept ∈ L0_{(s, q) iff (s, q) is a state in an accepting BSCC of D ⊗A . Then the following}

theorem holds:

Theorem 1 ([dA97]) Let D be a DTMC, L an ω-regular property, and A a DRA with L = L (A ). Then: PrD sI(L D sI ) = Pr D⊗A (s,q)I (◊accept)

Using this theorem, the computation of the probability for an ω-regular property is reduced to computing the probability of reaching an accepting BSCC in the corresponding product automaton. This gives us a model checking procedure.

2.3. SPECIFICATIONS FOR PROBABILISTIC MODELS

2.3.3.2 Model checking ω-regular properties on PAs

As for other properties, a PA M satisfies the property P≤λ(L ) iff the property is satisfied for all

schedulers, i. e., if Mσ|= P≤λ(L ) for all σ ∈ SchedM.

Analogously to DTMCs, checking the property L for a PA M can be carried out by building the product automaton of the PA M with the DRA A and computing reachability probabilities in the resulting PA.

Definition 31 (Product automaton) Let M ₌ _{(S, s}_I, Act, P , L) be a PA and A = (Q, qI, 2AP, δ, F) a DRA with F = (Ri, Ai)

i = 1, . . . , n . The product automaton of M and A is a PA M ⊗ A = (S × Q, (s, q)I, Act, P0, L0) over the set AP0of atomic propositions

such that

• (s, q)I= sI, δ(qI, L(sI)),

• P0 _{(s, q) = {(α, µ) ∈ Act × subDistr(S × Q) | ∃(α, µ}0_{) ∈ P (s) with}

µ(s0, δ(q, L(s0))) = µ0(s) for all s0∈ S} • AP0_{= {R}

i, Ai| i = 1, . . . , n}, and

• A_i_{∈ L}0_{(s, q) iff q ∈ A}

i, and Ri∈ L0(s, q) iff q ∈ Ri, for i = 1, . . . , n.

Again, we need to consider strongly connected components inside the product where the limit behavior with respect to the acceptance condition is mirrored. However, as the product here is a PA, an SCC depends on the choice of scheduler, i. e., a scheduler has to induce an SCC in the induced DTMC. We introduce the notion of so-called end components.

Definition 32 (Sub-PA) Let M = (S, s_I, Act, P , L) be a PA. A sub-PA of M is a pair E = (S0, A) with a non-empty set of states S0 _{⊆ S and a function A: S}0 _{→ 2}Act×subDistr(S)_{\ ; such that}

succ_M_{(s, α, µ) ⊆ S}0_{holds for all s ∈ S}0_{and (α, µ) ∈ A(s) ⊆ P (s).}

A sub-PA is a subset of states such that for the pairs of actions and distributions at state s given by A(s) all successors are again within this subset, i. e., it is closed under nondeterministic choices according to A.

Definition 33 (Accepting end component) Given a PA M = (S, I, Act, P , L), a sub-PA E = (S0, A) is an end component of M if the directed graph G = (S0, V ) with V = (s, s0) ∈ S0× S0_|

∃(α, µ) ∈ A(s). s0∈ succM(s, α, µ) is strongly connected and µ ∈ Distr(S0) for all s ∈ S0and

α∈ A(s).

Let A = (Q, qI, 2AP, δ, F) be a DRA with F = (Ri, Ai)

i = 1, . . . , n and E = (S0, A) an end component of the product automaton M ⊗ A = (S × Q, (s, q)I, Act, P0, L0). E is accepting if

there is an i ∈ {1, . . . , n} such that for all (s, q) ∈ S0 _{it holds that R}

i 6∈ L0(s, q) and ∃(s, q) ∈

E. Ai ∈ L0(s, q).

In document NSR-98. Título H Estudios Geotécnicos. Normas Colombianas de Diseño y Construcción Sismo Resistente. Asociación Colombiana de Ingeniería Sísmica (página 99-103)