Weighted Systems in Branching-Time · Weighted Systems in Branching-Time Behavioural Relations, Behavioural Distances, and their Logical Characterisations Aalborg University Department

Master Thesis

Weighted Systems inBranching-Time

Behavioural Relations, Behavioural Distances, andtheir Logical Characterisations

Aalborg UniversityDepartment of Computer Science

Selma Lagerlofs Vej 3009220 Aalborg

by

Mathias Claus Jensen

Title:Weighted Systems in Branching-TimeSubtitle:Behavioural Relations, Behavioural Distances, and their Logical Characteri-sations

Author:Mathias Claus JensenE-mail:[email protected]

Supervisor:Radu MardareE-mail:[email protected]

Date:June 8, 2018

II

Summary. This Thesis presents the mathematical foundations required for reason-ing about weighted systems in branching-time. In particular, using Weighted KripkeStructures as our models, we produce a range of behavioural equivalence that arean analogue to the traditional notion of Branching Bisimulation.

We produce a behavioural equivalence relation for weighted behaviour in branching-time, namely Weighted Branching Bisimulation. We show that for a class ofbranching-compact WKS (ones WKS in which branching-behaviour accumulateweights only within closed sets of real numbers) are characterised by a suitabletemporal logic, namely Weighted Branching Logic. This logic is based upon Compu-tation Tree Logic without the next-operator, but with quantifiers that take weightsinto account as well.

We develop a notion of relaxing our bisimulation, thereby allowing us to comparealmost similar weighted systems with one another. In parallel, we develop a similarnotion of relaxing our logic. Again, we show that these relaxed bisimulation arecharacterised by the relaxation of our logic.

From this notion of relaxing our bisimulation we induce a distance between ourweighted systems, by taking the greatest lower bounds of constants of relaxation.We show that this distance forms a behavioural pseudometric and that weightedsystems that near each other also satisfy similar formulae.

We introduce what it means for weighted systems to be cheaper than each otherin branching-time, thus producing two behavioural preorders. The first being Pos-sibly Cheaper Than, in which the cheaper system is only required to have at leastone way to be cheaper than the other system. The second being Always CheaperThan, in which the cheaper system is required to always be cheaper than the other.

We also introduce a logic for reasoning about the bounds of a weighted systemin branching-time. We show that fragments of this logic characterises our PossiblyCheaper Than relation and Always Cheaper Than relation on branching-compactWKS.

Similarly to the previous, we also develop a notion of relaxing our PossiblyCheaper than preorder, and induce a distance from this. We show that this distanceforms a hemimetric and that weighted systems near each other again satisfy similarformulae.

Contents

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.1 Set Theoretic Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.2 Basic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.3 Weighted Kripke Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3 Weighted Branching Behaviour . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173.1 Weighted Branching Bisimulation . . . . . . . . . . . . . . . . . . . . . . . . . . 173.2 Weighted Branching Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.3 Behavioural Distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4 Cheaper Than . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294.1 Possibly Cheaper Than . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294.2 Always Cheaper Than . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314.3 Bounded Branching Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

4.3.1 Characterisation of Possibly Cheaper Than . . . . . . . . . . . 334.3.2 Characterisation of Always Cheaper Than . . . . . . . . . . . . 37

4.4 Cheaper Than Distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415.1 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Appendix Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

1

Introduction

In an increasingly more complex, distributed, and communicating world ofperplexing systems and interactions, our ability to simplify and abstractlyrepresent this mountain of information is of utmost importance. Typically,we would like to create an abstract yet intuitive model of some aspect, somenook, of the real world, and then use this simplified model to make predictionabout the real world.

Today, in computer science, there has been a trend towards the use of socalled model checking, first pioneered by Clark and Emerson [EC80, CE08,CES86]. It is the process of enquiring an abstract model about whether itsatisfies certain properties and specifications in an exhaustive and automaticmanner. Often, for modelling reactive systems it is only required to inquireabout qualitative aspects of systems, such as discrete actions, communication,handshakes, etc. These models however are incapable of capturing quantitativeaspects of the real world, such as time, resource consumption, probabilistic andstochastic behaviour, etc. An example of application of a quantitative modelcould be the model checking of timed automata (TA) for a large class of reallife applicable problems—ranging from error finding/correction to developingefficient schedules for reactive systems [RSV10, LPY01]—with the use of toolssuch as UPPAAL [LPY97].

In this Thesis we will focus on models in which we account for weights,more specifically we weight the transitions between possible states. Such mod-els can be used to describe a large class of real world phenomena, such asresource consumption, time, length, energy, bandwith-usage, etc.

Example 1.1. Consider the model shown in Figure 1.1. Here we model asimplified version of a power plant, which can either produce some amount ofenergy (here measured in kilo-Watt-hours), thereby heating up and becomingmore efficient; or shut off completely, resetting it all together. If the plant getstoo hot, we enter a critical state and further power production would resultin a meltdown, thereby denying future energy production.

One could be interested in model checking for certain properties, such as:

2 1 Introduction

start/safe safe safe critical dead

off

[1, 2] [2, 4] [2, 8]

0

(0,∞)0

0

Fig. 1.1: Model of a power plant where the weights and intervals on the edgesrepresent possible kWh produced by taking said edge.

• Is it possible to produce 6 kWh while remaining in a safe state?• Is it always the case that if I produce 15 kWh or more without going

through an off state, it will result in a meltdown (i.e. ending up in a deadstate)?

• Is it always the case that as long as I produce below 5 kWh I will remainin a safe state?

For this particular model, all of the above hold. 4

However, in order to perform such model checking, a mathematically pre-cise definition of what exactly a model is (typically an algebra or coalgebra)and what a specification/property is (typically a logical expression). Perhapsthe most classical example is that of Calculus of Communicating Systems(CCS), presented Milner in [Mil80]; or Labelled Transition Systems (LTS),coupled together with Hennesy-Milner Logic (HML), presented by Hennessyand Milner in [HM85]. For quantitative systems there are also many examplesof models and associated logics, e.g. discrete and continuous time MarkovChains and Markovian logics [Pan09], for probabilistic and stochastic sys-tems respectively; timed automata and timed HML [AILS07], for timed sys-tems; and Weighted Computation Tree Logic and Weighted Kripke Structures[CHM+15, JLSO16], for weighted systems.

Another important aspect—the one that will be the focus of this Thesis—is that of behavioural equivalence, i.e. when do we say that two systems arebehaviourally equivalent. Today, the most often used notion of behaviouralequivalence is that of bisimulation introduced by Hennesy, Milner [HM85]and Park [Par81]. Furthermore, they also showed, that for a class of LTS,that bisimulation is characterised by HML, meaning that two models arebisimilar if and only if they satisfy the same HML formulae. Again, there existsmany analogues for bisimulation for quantitative systems, e.g. probabilisticand stochacstic bisimulation [LS91, DP03], and weighted bisimulation andgeneral weighted bisimulation [HLM+17].

However, these classical notions of bisimulation can often be too restric-tive. Firstly, sometimes we are only interested in observable behaviour andwish to abstract away from internal/hidden behaviour. Milners observationalequivalence [Mil80] serves this purpose, as does Weiland and Glabbecks later

1 Introduction 3

a1

safea2

critical

b1safe

b2safe

b3critical

c1safe

c2critical

2

0 2

2 + ε

Fig. 1.2: Graph illustrating weighted branching behabiour and relaxation ofsaid behaviour, where ε > 0.

and more refined notion of branching bisimulation [vGW89]. Branching bisim-ulation also has the property of being characterised by several temporal ana-logues to modal logics [DV95]—particularly of interest being ComputationTree Logic (CTL) without the Next-operater. In this Thesis we extend thisnotion of branching bisimulation to weighted systems, Weighted BranchingBisimulation (WBB), and show that it can be characterised by a weightedversion of CTL, which we name Weighted Branching Logic (WBL).

Example 1.2. Consider the graph shown in Figure 1.2. Here we have twosystems, a1 and b1, that both by moving through safe states and accumu-lating a weight of 2 reaches a critical state. However, the way in which theyaccomplish this is different. For a1, only a single transition of weight 2 fromthe initial safe state to the final critical state is required. For b2 however, weneed to move to an intermediate safe state with weight 0, and then to ourcritical state with another move of weight 2.

In this case we would like to say that in branching-time, b1 can simulate a1(or that b1 is weighted branching similar to a1), as any move a1 can make, b1can match with a finite sequence of transitions of equal accumulated weight.

4

Secondly, for the case of quantitative systems, small deviations in the mea-surable aspects of the model can render two otherwise equivalent systems non-equivalent, and as we often base our models upon real world data measuredwith a certain error, this renders our models almost useless. Luckily, a morerobust definition of behavioural equivalence has been discovered, one in whichwe group systems that are almost (deviating within some given margin of er-ror) behaviourally equivalent together. This was first done for probabilisticsystems by Giacalone et al. [GJS90] and later expanded upon by Desharnaiset al. [DGJP99], by relaxing the probabilistic bisimulation by some error.This in turn gives rise to a concept of distance between systems, the greatestlower bound of errors required for two systems two be relaxed bisimilar. Inthis Thesis we extend these results to that of weighted branching systems. Wedevelop a similar notion of relaxed bisimulation for weighted branching bisim-ulation and show that it can be characterised by an appropriate relaxation ofour WBL. From this we derive a notion of distance between weighted systems

4 1 Introduction

and show that systems that are close together are guaranteed to satisfy similarformulae.

Example 1.3. Consider again the graph shown in Figure 1.2. Here the twosystems a1 and c1 divert in behaviour only by a small constant ε > 0. As suchwe would like for these two systems to be bisimilar if we relax our bisimulationby a constant of ε. 4

Lastly, one may not always be interested in if two systems are behaviourallyequivalent, in fact—and especially the setting of weighted systems—one wouldoften be more interested in whether a particular model was cheaper thananother or vice versa. We look into what exactly it means to be cheaper thanin a weighted branching setting and devise two behavioural relations. Wedevelop a logic for reasoning about the bounds of weights in branching-timebased upon the Markovian-like logic of Hansen et al. [HLM+17]. We thendevelop notions of relaxing these relations and induce a behavioural hemi-metric upon our models, similar to the case of WBB.

1.1 Contributions

The following is an abbreviated list of the contributions of this Thesis.

• Weighted Branching Bisimulation: We re-introduce the concept ofWeighted Branching Bisimulation, in a new and more mathematicallybeautiful flavour. Our notation is easier and more intuitive to read thanthat of [Jen18], and allows more impressive results. It is qualitative be-haviour first, in the sense that we calculate the accumulated weight ofruns based upon behavioural properties.

• Weighted Branching Logic: We re-introduce Weighted Branching Logicwith a easier to read semantics, that is also qualitative behaviour first.We show that for a class of branching-compact systems that this logiccharacterises our bisimulation.

• Behavioural Pseudometric We relax our bisimulation using the Haus-dorff distance between sets of accumulated weights of runs. We show thatfor branching-compact systems our relaxation can be characterised by asuitable relaxation of our logic. We also show that the distance inducedby the infimum of this relaxation nicely forms a behavioural pseudometricand robustness results.

• Cheaper Than Relations We introduce to notions of what it means forweighted systems to be cheaper than in branching-time. The first is that ofPotentially Cheaper Than, in which we say that a system is cheaper thananother, if there exists some way for it to mimic the other in a cheaperway. The second is that of Always Cheaper Than, in which we say that asystem is cheaper than another if no matter how it mimics the other, it ischeaper.

1.2 Related Work 5

• Bounded Branching Logic We introduce a logic similar to the onein [HLM+17] for reasoning about the bounds of weighted systems, but inbranching time. We show that our cheaper than relations are characterisedby subsets of this logic on branching-compact systems.

• Behavioural Hemi-Metric We extend our notion of relaxing our bisim-ulation to our Potentially Cheaper Than relations. We show that again wecan characterise this relaxation with a suitable relaxation of our logic. Thistime, we show that the distance induced by the infimum of this relaxationforms a hemi-metric.

1.2 Related Work

First of all, this Thesis is a continuation of the work done on the 9th semesterin Computer Science at Aalborg University by the Author [Jen18]. While littleof the actual theory remains from it, this Thesis is still heavily informed by theideas presented there. We present similar, yet distinctively different, results asthe ones presented in [Jen18], the main difference being that in this work, wetake a qualitative behaviour first approach to our behavioural relations andlogics. We however conjure analogues to ideas such as Weighted BranchingBisimulation and Branching-Finite that were first presented here.

The Authors work was initially inspired by (unpublished) ideas put forthby Foshammer et al. in [FLMX17] and can in a sense be seen as a continuationof their work. This work is in turn based upon previous work [FLM16] inwhich simulation distances for weighted branching systems are first presented,though in a parametric setting.

Core to this Thesis is the notion of branching-time and branching bisim-ulation, which were first introduced by Weiland and Glabbeek in [vGW89].This in turn builds upon the notion of observational equivalence, also knownas weak bisimulation, presented by Milner in [Mil89].

Efficient algorithms for model checking a logic very similar to the onespresented in this Thesis have been devised by Jensen et al. in [JLSO16]. Thisis done by using dependency graphs the encode behaviour and then findingminimal fixed points, a method initially presented by Liu et al in [LS98].While the logics in this Thesis are not equivalent to the one presented byJensen et al., we believe the similar methods can be used to model check theones presented here. Parametric model checking for the logic in [JLSO16] hasalso been done by Hansen et al. in [CHM+15].

The concept of relaxing quantitative behavioural equivalences was firstproposed by Giacalone et al. in [GJS90]. Later Desharnais et al. in [DGJP99]expanded upon this by work and developed the notion of a bisimulation met-ric, in which processes at distance 0 are behaviourally equivalent. A deeperanalysis of of metrics for weighted systems is done by Fahrenberhg, Thrane,and Larsen in [TFL10, LFT11, FTL11].

6 1 Introduction

The second part of this Thesis is heavily inspired by the work of Hansenet al. [HLM+17] with regards to reasoning about bounds in weighted systems.In fact, the logic we introduce for reasoning about bounds in branching-timecan be seen as a temporal variation of their logic.

2

Preliminaries

In this chapter we introduce the basic preliminary notation and theory re-quired for understanding the research presented in this Thesis. We also pre-cisely define the mathematical model with which we will model weighted sys-tems, namely Weighted Kripke Structures.

2.1 Set Theoretic Notation

In this section we will introduce some basic set theoretic notation and defini-tions.

Let A be a set. We denote the set of subsets of A, also called the powersetof A, as 2A.

Binary Relations

As the majority of this thesis is a study of behavioural relations, the followingare some basic definitions for binary relations.

Let A be a set, a binary relation on A, is a subset of the Cartesian productof A with itself, i.e. a subset of A× A. In this thesis, we will typically use Rto denote binary relations on some set A.

Let A be a set and R ⊆ A × A be a binary relation on A. For denotingmembership of R, i.e. (a1, a2) ∈ R for some a1, a2 ∈ A, we will use theshorthand a1Ra2.

We are only interested in certain binary relations that have a specific, yetintuitive, structure. These are known as preorders and equivalence relations. Apreorder is a binary relation used to described how elements of a set are relatedto one another, an example being ≤ on the natural numbers. An equivalencerelation describes which elements of a set are equivalent, an example herebeing = on the natural numbers.

Let A be a set and R ⊆ A × A a binary relation on A. We say that R isa preorder if it is

8 2 Preliminaries

1. reflexive, i.e. for all a ∈ A we have that aRa, and2. transitive, i.e. for all a1, a2, a3 ∈M , if a1Ra2 and a2Ra3 then a1Ra3.

We say that R is an equivalence relation if it is a preorder and if it is

3. symmetric, i.e. for all a1, a2 ∈ A we have that if a1Ra2 then a2Ra1.

Let A be a set, B ⊆ A a subset of A, and R ⊆ A×A a binary relation onA. The closure of R on B, denoted R(B), is the set

R(B) = {a ∈ A | ∃b ∈ B : bRa} .

If R is a preorder, we say that R(B) is the upper-set of B.

2.2 Basic Analysis

In this section we will introduce some basic number theory and lemmas thatwill be required for some of the main results of this Thesis later on.

In this thesis we work with the following sets of numbers:

• N: the set of natural numbers including 0, i.e. {0, 1, 2, 3, ...}• Q: the set of rational numbers.• R: the set of real numbers.• R≥0: the set of real numbers greater than or equal to 0.

Let A ⊆ R and B ⊆ R be subsets of the real numbers. The Cartesian sumof A and B, denoted A+B, is defined as follows:

A+B = {a+ b | a ∈ A and b ∈ B} .

Lemma 2.1. If A is a countable set, then there exists an increasing sequenceof finite subsets, A0 ⊆ A1 ⊆ ..., such that

⋃k∈N

Ak = A.

Proof. SinceA is countable, we can enumerate the elements, i.e.A = {a0, a1, ...}.Consider now the sequence of subsets defined for all k ∈ N by Ak = {a0, ..., ai}.Clearly, for any k ∈ N the set Ak is finite and Ak ⊆ Ak+1. Furthermore, clearlywe have that

⋃k∈NAk = A. ut

Lemma 2.2. Given an index set I, let {(Aα, Bα) | Aα, Bα ⊆ R, α ∈ I} be apaired family of sets of real numbers such that inf Aα ≥ inf Bα for any α ∈ I,then

inf⋃α∈I

Aα ≥ inf⋃α∈I

Bα

2.2 Basic Analysis 9

Proof. Assume towards a contradiction that inf⋃α∈I Aα < inf

⋃α∈I Bα, then

there exists some u ∈ R such that inf⋃α∈I Aα < u < inf

⋃α∈I Bα.

Since u < inf⋃α∈I Bα we get that ∀α ∈ I : u < inf Bα. Furthermore, since

inf⋃α∈I Aα < u we get that ∃α ∈ I : inf Aα < u. This in turn implies that

there exists some α ∈ I such that inf Aα < u < inf Bα, thereby contradicitingour assumption that Aα ≥ inf Bα for all α ∈ I. ut

Lemma 2.3. Let A0 ⊇ A1 ⊇ ... and B0 ⊇ B1 ⊇ ... be countable decreasingsequences of compactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompactcompact sets of real numbers, such that inf An ≥ inf Bn for anyn ∈ N, then

inf⋂n∈N

An ≥ inf⋂n∈N

Bn

Proof. If inf⋂n∈NAn =∞ then the inequality trivially holds.

If inf⋂n∈NBn = ∞ then

⋂n∈NBn = ∅, and as Bn is a decreasing se-

quence of compact sets we have by the contrapositive of Cantor’s IntersectionTheorem that there must exist some N ∈ N for which we have that BN = ∅.Therefore, we get that AN = ∅ as inf AN ≥ inf BN , and hence

⋂n∈NAn = ∅

which in turn implies inf⋂n∈NAn =∞.

If inf⋂n∈NAn 6= ∞ and inf

⋂n∈NBn 6= ∞ then, as An and Bn are de-

creasing sequences of compact sets, we get that inf⋂n∈NAn = supn∈N inf An

and inf⋂n∈NBn = supn∈N inf Bn. Since for all n ∈ N, inf An ≥ inf Bn, we get

that inf⋂n∈NAn ≥ inf

⋂n∈NBn. ut

Distances.

Another major topic of this thesis is that of behavioural distances, and assuch we now introduce some basic definitions regarding distance functions.

Let A be a set. A distance on A is a function, d : A × A → R, assigningto each pair of elements of A a greater than or equal to zero value. For somea1, a2 ∈ A, d(a1, a2) can be intuitively thought of as the distance from a1 toa2.

As with binary relations, we are only interested in distance function thatexhibit certain properties. In this thesis we make use of hemimetrics and pseu-dometrics. An example of a pseudometric is the absolute difference betweenreal numbers, i.e. d(x, y) = |x− y| for any x, y ∈ R.

Let A be a set and d : A × A → R be a function from A × A to thereal numbers. We say that d is a hemimetric if, for arbitrary m,n, o ∈ M , itsatisfies the following axioms:

1. d(m,m) = 0 (identity), and2. d(m, o) ≤ d(m,n) + d(n, o) (triangular inequality).

We say that d is a pseudometric if it is a hemimetric and if, for arbitrarym,n ∈M , it satisfies the following axiom:

3. d(m,n) = d(n,m) (symmetry).

10 2 Preliminaries

We say that d is a metric if it is a pseudometric and if, for abitrary m,n ∈Mit satisfies the following axiom:

4. d(m,n) = 0⇔ m = n (Identity of Indiscernibles).

Sometimes we are not interested in the distance between particular points,but rather sets thereof. For this, the Hausdorff distance is well suited. In ourcase, we will only need it on the space of real numbers, for which it is definedas follows:

Definition 2.1 (Hausdorff Distance). Given two sets of real, A,B ⊆ R, theHausdorff distance, H : 2R × 2R → R≥0, between the two sets is defined asfollows:

H(A,B) = max

{supa∈A

infb∈B|a− b|, sup

b∈Binfa∈A|b− a|

}4

Lemma 2.4. The Hausdorff distance on closed sets real numbers is a metric.

Proof. The proof is left up to the reader. ut

2.3 Weighted Kripke Structures

In this section we introduce the coalgebraic structure, which we will use tomodel weighted systems. As this Thesis is a study of branching behaviourin weighted systems, we have chosen to use Weighted Kripke Structures, asKripke structures [Kri07] have been shown to be well suited for reasoningabout temporal behaviour [BCG88]. Weighted Kripke Structure (WKS) arejust the straight forward extension of adding weights to the edges of a regularKripke structure.

We also introduce a number of concepts and helper functions for reason-ing about branching behaviour in WKS, such as the concept of runs, andaccumulated weight along runs.

First is the definition of what a WKS is. Taking inspiration from [HLM+17],we have also decided to represent transitions in the form of a function assign-ing each pair of states a set of weights, instead of defining singular transitions.

Definition 2.2 (Weighted Kripke Structure). Given a set of atomic proposi-tions AP , a WKS is a tuple, M = 〈M, θ, `〉, where

• M is a set of states,• θ : M → [M → 2R] is the transition function, and• ` : M → 2AP is the labelling function.

4

2.3 Weighted Kripke Structures 11

m0{a}

m1 {b}m2{a, b}

n0

{a}

n1

{b}

1

2

3

1

23

A

B

C C

Fig. 2.1: Graphical representation of a WKS, where a, b ∈ AP and A,B,C ⊆R.

Intuitively, the transition function can be read as follows: for an arbitraryWKS,M = 〈M, θ, `〉; and states inM, m,n ∈M ; the set θ(m)(n) representsthe possible weights of transitioning from m to n. If we have that θ(m)(n) = ∅,then we say that m cannot transition to n.

For arbitrary m ∈ M , we extend θ(m) to sets of states, i.e. for N ⊆ M ,we define

θ(m)(N) =⋃n∈N

θ(m)(n) .

Thus, θ(m)(N) represents the possible weights of going from m to an arbitrarystate n ∈ N .

Example 2.1. Consider the WKS illustrated in Figure 2.1. Here the tran-sition function θ is given by the values on the edges. E.g. θ(m0)(m0) =θ(m0)(m1) = {1}, as m0 can transition to either m0 or m1 with a cost 1,however θ(m0)(m2) = ∅ as m0 cannot transition to m2.

Similarly, θ(n0)(n1) = A, as n0 can transition to n1 with any weight inthe set of weights A. If we use the extended notation of θ, we have thatθ(n0)({n0, n1}) = A∪C, as n0 can transition to either n0 with any weight inA or to n1 with any weight in C. 4

We now introduce the concept of non-blocking WKS. Non-blocking WKSare WKS in which all states at least has one transition. This is done forpurely notational reasons, and any blocking WKS can easily be made intoa non-blocking variant, by adding zero weighted self-loops to any blockingstates.

Definition 2.3 (Non-Blocking). We say that a WKS M = 〈M, θ, `〉 is non-blocking if for all m ∈M , we have that θ(m)(M) 6= ∅. 4

Remark 2.1. From this point onwards, we implicitly assume that all WKSused in this Thesis are non-blocking.

12 2 Preliminaries

The immediate convenience of only inquiring about non-blocking can al-ready be seen when we define runs. Runs are infinite computations, here de-fined as an infinite sequence of states, where it is possible to transition fromeach state in the sequence to the next. Had the WKS not been non-blocking,some we would have had to include computations of finite length as well.

Definition 2.4 (Runs). Let 〈M, θ, `〉 be a WKS, and m0 ∈M . A run startingin m0 is an infinite sequence,

σ = m0m1...mi−1mimi+1... (2.1)

where for all i ∈ N, mi ∈M and θ(mi)(mi+1) 6= ∅. We use σ[i] to denote thei-th state of σ. Furthermore, let Runs be the set of all runs in 〈M, θ, `〉 andlet Runs(m) denote the set of runs starting in the state m ∈M . 4

Runs are required when we wish to reason about branching behaviour, asthey allow us to build a computation tree from each state in a mathematicalconcise way.

We also need a way to reason about accumulated weight over a run. Thisis done by taking the Cartesian sum of each possible weighted transition fromthe current state to the next state in the run up till the desired position.

Definition 2.5 (Accumulated Weight). Let 〈M, θ, `〉 be a WKS and σ ∈ Runs.The set of possible accumulated weights of σ at position k is defined recursivelyas,

W(σ)(k) =

{{0} if k = 0

θ(σ[k − 1])(σ[k]) +W(σ)(k − 1) otherwise.

4

Example 2.2. Consider the WKS illustrated in Figure 2.1. Let σ be the runstarting in m0 that just cycles through m0, m1 and m2 ad infinitum, i.e.

σ = m0m1m2m0m1m2m0m1m2...

The accumulated weight of σ at position 4 would be

W(σ)(4) = {0 + 1 + 2 + 3 + 1 + 2} = {9} .

4

As the focus of this thesis is that of weighted branching behaviour, we needan additional helper function. Like the accumulated weight function, whichfor a given run returns the possible ways a run can accumulate a weight upto some position, the branching weight of a state is defined as all possibleaccumulated weights of starting in some initial state, moving through only adesignated set of states, and ending up in some terminal state.


m0

{a}

m1

{b}

m2

{a}

m3

{b}

m4

{b}

1

2 3

4

0

0

0

Fig. 2.2: WKS for illustrating weighted branching behaviour.

Definition 2.6 (Branching Weight). For an arbitrary WKS M = 〈M, θ, `〉,m ∈M , and S, T ⊆M let

Θ(m)(S, T ) =

{w ∈ W(σ)(k) | σ ∈ Runs(m), k ∈ N,

[σ[k] ∈ T, and∀i < k : σ[k] ∈ S

]}.

4

We will refer to the set S and T as the branching variables, as they de-scribe the branching structure on which we are interested in the accumulatedweights.

Example 2.3. Consider the WKS shown in Figure 2.2. If we divide the setof states into the following two branching variables: S = {m0,m2}, i.e. all thestates assigned the label a; and T = {m1,m3,m4}, i.e. all the states assignedthe label b. Then the branching weight of going from m0, through states inS, to a state in T , i.e. Θ(m0)(S, T ), is

Θ(m0)(S, T ) = {1, 5, 6} .

As the only available paths satisfying the criteria of Definition 2.6 are m0m1,which accumulates a weight of 1; m0m2m3, which accumulates a weight of 5;or m0m2m4, which accumulates a weight of 6. 4

The following two lemmas states that union and intersection are invariantover our branching weight function.

Lemma 2.5. Let M = 〈M, θ, `〉 be a WKS, m ∈ M , T ⊆ M , and I a set ofindexes. If for all i ∈ I, Si ⊆M , then

Θ(m)(⋃i∈I

Si, T ) =⋃i∈I

Θ(m)(Si, T ) .

14 2 Preliminaries

Similarly, let S ⊆M . If for all i ∈ I, Ti ⊆M , then

Θ(m)(S,⋃i∈I

Ti) =⋃i∈I

Θ(m)(S, Ti) .

Lemma 2.6. Let M = 〈M, θ, `〉 be a WKS, m ∈ M , T ⊆ M , and I a set ofindexes. If for all i ∈ I, Si ⊆M , then

Θ(m)(⋂i∈I

Si, T ) =⋂i∈I

Θ(m)(Si, T ) .

Similarly, let S ⊆M . If for all i ∈ I, Ti ⊆M , then

Θ(m)(S,⋂i∈I

Ti) =⋂i∈I

Θ(m)(S, Ti) .

Lastly, we conclude this chapter with our definition of branching-compactWKS. Intuitively, one can think of a branching-compact WKS as follows: Ifwe can perform some behaviour with accumulated weight approaching somelimit, then we can also perform said behaviour with an accumulated weightequal to the limit. Furthermore, the accumulated weight of all behaviour isbounded, meaning that there must exists some cheapest and most expensiveway to perform said behaviour.

Definition 2.7 (Branching-Compact). LetM = 〈M, θ, `〉 be a WKS. We saythatM is branching-compact if and only if for all m ∈M and S, T ⊆M , theset Θ(m)(S, T ) is closed (in R). 4

Example 2.4. Consider the four WKS’ shown in Figure 2.2. Here the WKS(a) is not branching-compact as we can perform a transition of weight ap-proaching 0, but not actually a 0-transition. The WKS (b) is a branching-compact version of (a) as here we have added a 0-transition.

The WKS (c) is also not branching-compact. Here when we continue alongthe path we approach an accumulated weight of 1, but never reach it. TheWKS (d) is a branching-compact version of (c), here we complete the WKSby adding an option to transition with the remaining needed weight to somefinal state. 4


a

a′

. . .1 12i

(a) Non-branching-compact WKS

b

b′

. . . . . .112i

0

(b) Branching-compact WKS

c1 c2 ci. . . . . .12

14

12i−1

12i

(c) Non-branching-compact WKS

d1 d2 di

d

. . . . . .12

14

12i−1

12i

1

12

12i−1

(d) Branching-compact WKS

Fig. 2.3: Four WKS that illustrate some examples of branching-compactness.

3

Weighted Branching Behaviour

In this chapter we introduce what weighted behaviour in branching-timemeans. We create an equivalence relation and show that it is characterized bya logic similar to that of presented in [CHM+15, JLSO16] and [FLM16, Jen18],which themselves are just variants of CTL with weights.

Like Giacalone et al. [GJS90] and Desharnais et al. we also develop anotion of relaxing our bisimulation and therefrom deriving a distance betweendifferent weighted systems.

3.1 Weighted Branching Bisimulation

In this section we introduce exactly what we mean by behaviour in weightedsystems in branching time. We will introduce the concept of Weighted Branch-ing Bisimulation.

When we talk about behaviour in branching-time, what we usually talkabout are possible or inevitable futures, in which we behave a certain way.One can asks such questions as: Is it always the case that that there exists away for me to return to my starting position? Will I inevitably end up in adeadlock? So in a sense, our behaviour is characterised by all of our possiblefutures.

It is however a little more stringent than that. In branching-time we cannotsee individual moves, but rather only the overall aggregates of our behaviour.We abstract away from internal behaviour and only focus on observable out-comes in an abstract way. But what then is an internal action? For CCS andLTS they are the so called τ -transitions, transitions that typically producedas a communication between two systems. For LTS, branching bisimulationsis defined by van Glabbeek and Weijland as follows:

Definition 3.1 (Branching Bisimulation [vGW89]). Two graphs, g and h,are branching bisimilar if there exists a symmetric relation R between thenodes of g and h, such that the roots of g and h are related by R and if rRsand r

a−→ r′, then either:

18 3 Weighted Branching Behaviour

m0{a}

m1{b}

m2 {a}

m3 {b}

5 5

0

0 0

Fig. 3.1: A WKS illustrating the concept of an internal action (i.e. 0 transi-tions) for weighted systems.

1. a = τ and r′Rs, or2. there exists a path s⇒ s1

a−→ s2 ⇒ s′ such that rRs1, r′Rs2, and r′Rs′.

4

Basically, this definition states that in order for you and I to be branchingbisimilar, whenever you can perform an action then either:

1. You performed an internal action (i.e. τ), in which case we must remainbranching bisimilar. So internal actions must have no effect on our exter-nal, observable behaviour.

2. You perform an external action (e.g. an action with the label a), in whichcase I must be able to match with a sequence of internal actions preservingour initial behaviour, then match your external action, ending up in a newstate where our behaviour is again branching bisimilar.

In a sense, internal action can be percieved as doing nothing, at least foran external observer. So what is an analogue of (1) for weighted systems withstate-based behaviour? How should we characterise internal behaviour? Well,as mentioned, an internal action should not be able to change our externalbehaviour. So we propose that for WKS, an internal action is a transition ofweight 0 to an otherwise behaviourally equivalent state.

Example 3.1. Consider the WKS shown in Figure 3.1. Here we would like

for the transition m00−→ m2 to be treated as an internal action. As to any

external observer, the act of going from a state where a is satisfied to a statewhere b is satisfied, requires that we accumulate a weight of 5, whether we

take the path m05−→ m1 or m0

0−→ m25−→ m3. 4

Finding an analogue for (2) is slightly more complicated. We would stilllike for behaviour to be preserved along the way and for end behaviour tobe preserved. It would however make for a mundane bisimulation, if we re-quired that weight must be matched by a sequence of zero-transitions andthen exactly one transition with similar weight (as is the case when using

3.1 Weighted Branching Bisimulation 19

m0{a}

m1{b}

n0 {a}

n1 {b}

3

2

0

3 5

2

0

Fig. 3.2: A WKS illustrating the concept of matching transitions with pathsfor weighted systems.

labels). It would be nicer if we only required that the accumulated weight ofthe matching path is the same as that of the transition it is matching.

Example 3.2. Consider the WKS show in Figure 3.2 and the transition

n05−→ n1. Can m0 match this transition with a reasonable path? Consider

the path m02−→ m0

3−→ m1. Clearly the end behaviour is preserved as m1

and n1 both satisfy b and can only perform a 0-loop. We would however alsoargue that behaviour is preserved along the way, as m0 and n0 both satisfya, can perform a 2-loop, transition with weight 3 and as shown, with the

path m02−→ m0

3−→ m1, with weight 5, to the equivalent states of m1 and n1respectively. 4

With these thoughts in mind, we now present our definition of WeightedBranching Bisimulation.

Definition 3.2 (Weighted Branching Bisimulation). Given a WKS M =〈M, θ, `〉, a relationR ⊆M×M is a Weighted Branching Bisimulation (WBB)if and only if whenever mRn then,

1. `(m) = `(n), and2. ∀S, T ⊆M : Θ(m)(R(S),R(T )) = Θ(n)(R(S),R(T )).

We use ≈ to denote the largest Weighted Branching Bisimulation. 4

Condition (1) of WBB simply states that any pair of bisimilar states mustsatisfy the same atomic propositions.

Condition (2) of WBB states that in order for a pair of states to be bisim-ilar, they must be able to accumulate the same weights when transitioningthrough any arbitrary source behavioural class (R(S)) to another arbitraryterminal behavioural class (R(T )).

We concluded this section by stating that the largest weighted branchingbisimulation, ≈, is an equivalence relation.


Proposition 3.1. The relation ≈ is an equivalence relation.

Proof. Trivial, as `(m) = `(n) and ∀S, T ⊆ M : Θ(m)(R(S),R(T )) =Θ(n)(R(S),R(T )) clearly implies that ≈ is reflexive, transitive, and sym-metric. ut

3.2 Weighted Branching Logic

In this section we introduce the logic which we will use to inquire aboutwhether a given model satisfies certain properties/specifications. As men-tioned earlier, we take inspiration from [CHM+15, JLSO16], and thereforealso develop a weighted analogue of CTL without the next-operator. We showthat our Weighted Branching Bisimulation is in fact characterised by thislogic, meaning that two systems are behaviourally equivalent if and only ifthey satisfy the exact same formulae.

CTL is composed of two different kinds of logical expressions, state-formulae and path-formulae. State-formulae are formulae pertaining to prop-erties regarding states, such as whether not a state satisfies an atomic proposi-tions, or if all paths from here satisfies a certain path-formulae. Path-formulaeare formulae pertaining to properties regarding paths, in the weighted ana-logue the only kind of path-formula we have are untils—formulae that requiredsome initial condition to be satisfied up till some terminal condition is satis-fied.

The weighted part of the logic presented here, Weighted Branching Logic,is that we add closed intervals to the existential and universal quantifiers ofCTL, requiring that either there exists a path with accumulated weight withinsaid interval that satisfies a given until-formula, or all paths satisfying a givenuntil-formula accumulate a weight within this interval.

Definition 3.3 (Syntax). Let AP be a set of atomic propositions, then theset of formulae of Weighted Branching Logic (WBL), denoted L, are inducedby the following context-free grammar:

L : φ ::= a | ¬φ | φ ∧ φ | E[v,u]ψ | A[v,u]ψ

ψ ::= φUφ

where and a ∈ AP , v, u ∈ Q and ./∈ {≤,≥}. 4Definition 3.4 (Semantics). The satisfiability relation for Weighted Branch-ing Logic (WBL), |=⊆M× L, is given, for arbitrary (M,m) ∈M:

(M,m) |= a iff a ∈ `(m) (3.1)

(M,m) |= ¬φ iff not (M,m) |= φ (3.2)

(M,m) |= φ1 ∧ φ2 iff (M,m) |= φ1 and (M,m) |= φ2 (3.3)

(M,m) |= E[v,u]φ1Uφ2 iff [v, u] ∩Θ(m)([[φ1]], [[φ2]]) 6= ∅ (3.4)

(M,m) |= A[v,u]φ1Uφ2 iff [v, u] ∪Θ(m)([[φ1]], [[φ2]]) = [v, u] (3.5)

3.2 Weighted Branching Logic 21

where a ∈ AP , v, u ∈ R, and ./∈ {≤,≥}; and [[φ]] is the set of states satisfyingφ, i.e. [[φ]] = {m ∈M | (M,m) |= φ}. 4

Often whenM is clear from context, we will just use the shorthand m |= φ.

Remark 3.1. Unlike the syntax, we define the semantics for WBL on arbitraryclosed intervals real numbers. The reason for the restriction on the syntax isthat we require that the logic be countable, so that we may perform inductionupon it later. This is however not needed for the semantics, and infact wewould later like to reason about when certain systems satisfy formulae witharbitrary closed intervals.

The problem of model checking the until-formulae of WBL have beenshown to be NP-hard by Jensen et al. [JLSO16], and to be contained in P ifwe restrict ourselves to only have upper bounds (i.e. only intervals of the form[0, u]).

We now introduce some constructs that will be helpfull when we wish toprove that our bisimulation (Definition 3.2) is characterised by WBL. First,for a given WKS, M = 〈M, θ, `〉, and state m ∈M , let

(|m|) = {φ ∈ L | m |= φ}

be the set of formulae satisfied by m. Now, as our logic is countable, we canenumerate the elements of (|m|), like so

{φ1, φ2, ...} = (|m|) .

For the following proof, we would like to take increasing finite bites of (|m|),as follows:

(|m|)k = {φ1, ..., φk}

where k ∈ N.We now conclude this section with one of the main theorems of this Thesis,

namely that our bisimulation, WBB, is characterised by our logic, WBL, onbranching-compact, countable, and label-finite WKS.

Theorem 3.1. Let M = 〈M, θ, `〉 be a branching-compact and countableWKS, for arbitrary m,n ∈M ,

m ≈ n if and only if ∀φ ∈ L : m |= φ⇔ n |= φ .

Proof. (⇒) : We show that if m ≈ n then ∀φ ∈ L : m |= φ ⇔ n |= φ.Induction on the structure of φ ∈ L. Suppose m ≈ n and that m |= φ, weshow that this implies that n |= φ.Case φ = a:By Definition 3.4 we have that m |= a if and only if a ∈ `(m). Since m ≈ nwe have by Definition 3.2 that `(m) = `(n), and therefore a ∈ `(n). So byDefinition 3.4 we have that n |= a.


Case φ = ¬φ1:By Definition 3.4 we have that m |= ¬φ1 if and only if it is not the case thatm |= φ1. By Proposition 3.1 we have that ≈ is symmetric, and since m ≈ nwe have that n ≈ m. Assume now towards a contradiction that n |= φ1, thenby induction we have that m |= φ1, thereby contradicting our assumptionthat m |= ¬φ1. So it must not be the case that n |= φ1, and therefore, byDefinition 3.4, we have that n |= ¬φ1.Case φ = φ1 ∧ φ2:By Definition 3.4 we have that m |= φ1 ∧ φ2 if and only if m |= φ1 andm |= φ2. By induction we have that n |= φ1 and n |= φ2, and therefore, byDefinition 3.4, we have that n |= φ1 ∧ φ2.Case φ = E[v,u] φ1 U φ2:By Definition 3.4 we have that m |= E[v,u] φ1 U φ2 if and only if

[v, u] ∩Θ(m)([[φ1]], [[φ2]]) 6= ∅ .

Sincem ≈ n we have by Definition 3.2 thatΘ(m)([[φ1]], [[φ2]]) = Θ(n)([[φ1]], [[φ2]]),which in turn implies that

[v, u] ∩Θ(n)([[φ1]], [[φ2]]) 6= ∅ .

So, by Definition 3.4 we have that n |= E[v,u] φ1 U φ2.Case φ = A[v,u] φ1 U φ2:By Definition 3.4 we have that m |= A[v,u] φ1 U φ2 if and only if

[v, u] ∪Θ(m)([[φ1]], [[φ2]]) = [v, u] .

Sincem ≈ n we have by Definition 3.2 thatΘ(m)([[φ1]], [[φ2]]) = Θ(n)([[φ1]], [[φ2]]),which in turn implies that

[v, u] ∪Θ(n)([[φ1]], [[φ2]]) = [v, u] .

So, by Definition 3.4 we have that n |= A[v,u] φ1 U φ2.

(⇐) : We show that if ∀φ ∈ L : m |= φ⇔ n |= φ then m ≈ n. It is sufficientto show that the relation

R = {(m,n) ∈M ×M | ∀φ ∈ L : m |= φ⇔|= φ}

is a Weighted Branching Bisimilation relation.Suppose that m,n ∈M and mRn.Clearly, mRn implies `(m) = `(n).We now show that mRn implies Θ(m)(SR, TR) = Θ(n)(SR, TR), for all

S, T ⊆ M . We handle the case of S and T being either finite or infiniteseparately.

3.2 Weighted Branching Logic 23

Finite Case.

First, without a loss of generality, suppose that both S and T are finite. We cantherefore construct a sequence of formulae, χS0 , χ

S1 , ..., defined for an arbitrary

k ∈ N as follows:

χSk =∨s∈S

∧φ∈(|s|)k

φ .

Since S and (|s|)k are finite, we have that χSk is well formed.This allows us to create a decreasing sequence of sets of states, [[χS0 ]] ⊇

[[χS1 ]] ⊇ ..., for which we now show that⋂k∈N

[[χSk ]] = SR . (3.6)

If s′ ∈ SR then there exists some s ∈ S such that (|s|) = (|s′|). This in turnimplies that s′ |=

∧φ∈(|s|)k φ, and hence s′ |= χSk , for any k ∈ N. Ergo,⋂

k∈N[[χSk ]] ⊇ SR . (3.7)

If s′ /∈ SR then for all s ∈ S there exists some φs ∈ BI such that s |= φsand s′ 6|= φs. We can now create a formula, ΦS , that distinguishes s′ from anys ∈ S,

ΦS =∨s∈S

φs, where s |= φs, and s′ 6|= φs .

There must exist some k ∈ N such that for each s ∈ S we have that φs ∈ (|s|)k.Therefore, we get that s′ /∈ [[χSk ]], due to there existing some φs ∈ (|s|)k suchthat s′ 6|= φs, for any s ∈ S, i.e.

s′ 6|=∨s∈S

∧φ∈(|s|)k

φ ,

Ergo,⋂k∈N

[[χSk ]] ⊆ SR . (3.8)

By Equation (3.7) and 3.8 combined we have now shown that Equation (3.6)holds. By similar reasoning we can create a sequence of formulae [[χT0 ]] ⊇[[χT1 ]] ⊇ ... where⋂

h∈N[[χTh ]] = TR . (3.9)


We now show that

∀k, h ∈ N : Θ(m)([[χSk ]], [[χTh ]]) = Θ(n)([[χSk ]], [[χTh ]]) . (3.10)

Assume towards a contradiction that

∃k, h ∈ N : Θ(m)([[χSk ]], [[χTh ]]) 6= Θ(n)([[χSk ]], [[χTh ]]) .

which implies there exists some w ∈ R in one but not the other. Assume with aloss of generality that w ∈ Θ(m)([[χSk ]], [[χTh ]]) and that w /∈ Θ(n)([[χSk ]], [[χTh ]]).Since M is branching-compact there must exists a pair of rational numbers,v, u /∈ Θ(n)([[χSk ]], [[χTh ]]) such that w ∈ [v, u].

We can now create a distinguishing formula

χ = E[v,u] χSk U χTh

for which m |= χ and n 6|= χ, thereby contradicting that mRn, so Equa-tion (4.5) must hold.

By Lemma 2.6 we have that

Θ(m)(⋂k∈N

[[χSk ]],⋂h∈N

[[χTh ]]) =⋂

k,h∈NΘ(m)([[χSk ]], [[χTh ]])

Θ(n)(⋂k∈N

[[χSk ]],⋂h∈N

[[χTh ]]) =⋂

k,h∈NΘ(n)([[χSk ]], [[χTh ]])

By Equation (3.10), (3.6), and (3.9), we get that

Θ(m)(SR, TR) = Θ(n)(SR, TR) .

Infinite Case.

Suppose that S and T are infinite. SinceM is countable we have by Lemma 2.1that there exists two sequences of finite sets of states, S0 ⊆ S1 ⊆ ... andT0 ⊆ T1 ⊆ ..., such that

⋃k∈N Sk = S and

⋃h∈N Th = T .

Since Sk and Th are finite for any k, h ∈ N we have by what we previouslyshowed in the finite case , that

∀k, h ∈ N : Θ(m)(SRk , TRh ) = Θ(n)(SRk , T

Rh ) .

We therefore have that⋃k,h∈N

Θ(m)(SRk , TRh ) =

⋃k,h∈N

Θ(n)(SRk , TRh ) .

which is equivalent to

Θ(m)(SR, TR) = Θ(n)(SR, TR) .

ut

3.3 Behavioural Distance 25

3.3 Behavioural Distance

Often we will base our quantitative models upon real-world empirical datathat is measured with some degree of error, however our bisimulation only re-late systems with exactly equal weighted branching behaviour. This restrictionoften, especially in the case of larger models where uncertainty can accumu-late, renders the notion of an exact bisimulation useless.

In this section produce a relaxed bisimulation in which we allow for theweight of branching-behaviour to be matched with some degree of error. Weshow that this relaxation is characterised by a similar and intuitive relaxationof our WBL formulae. From this notion of relaxing our bisimulation we derivea distance between weighted systems, namely the greatest lower bounds oferrors required for two systems to be relaxed bisimilar. We show that systemsthat are close together (in accordance with the derived distance) also satisfysimilar formulae.

Definition 3.5 (Relaxed Bisimulation). Let M = 〈M, θ, `〉 be a WKS, R ⊆M×M and ε ∈ R≥0. We say that R is an ε-Weighted Branching Bisimulation(εWBB) if and only if whenever mRn then,

1. `(m) = `(n), and2. ∀S, T ⊆M : H

(Θ(m)(R(S),R(T )), Θ(n)(R(S),R(T ))

)≤ ε.

We useε≈ to denote the largest ε-Weighted Branching Bisimulation (εWBB).

4

Intuitively condition (1 ) is the requirement of state-wise equal behaviourand condition (2 ) is that the accumulated weights of any branching-behaviourdoes not differ more than some given margin of error, ε.

If we were to restrict ourselves to a margin of error of 0, then for branching-compact WKS we would simply end up with WBB.

Proposition 3.2. For branching-compact WKS we have that ≈=0≈.

Proof. Consequence of the Hausdorff distance being a metric on closed setsand therefore satisfying the identity of indiscernibles axiom. ut

We also have that as we increase our margin of error, we get a coarser andcoarser relation.

Proposition 3.3. LetM = 〈M, θ, `〉 be a branching-compact WKS and ε, γ ∈R≥0. If ε ≤ γ then

ε≈ ⊆

γ≈.

Proof. Left up to the reader. ut

Remark 3.2. With the exception of ε = 0 on branching-compact WKS, the

family of relations,ε≈, are not equivalence relations. While they are reflexive

and symmetric, they are not transitive.


While our relaxed bisimulation does not satisfy transitivity, it does satisfytriangular inequality on branching-compact WKS.

Proposition 3.4. LetM = 〈M, θ, `〉 be a branching-compact WKS, m,n, o ∈M , and ε, γ ∈ R≥0. If m

ε≈n and n

ε≈o then m

ε+γ≈ o.

Proof. Consequence of the Hausdorff distance being a metric on closed setsand therefore satisfying the triangular inequality axiom. ut

We now introduce the way in which we relax our WBL formulae such thatwe may later use this to characterise our relaxed bisimulations. The relaxationof formulae leaves most untouched, but increases the interval on the existentialand universal quantifiers for until-formulae. If before a systems satisfied theformula E[v,u]aU b, then it would make sense that any other systems that isbisimilar with a margin of ε ∈ R≥0 should at least satisfy E[v−ε,u+ε]aU b

Definition 3.6 (Relaxed Formulae). Given an ε ∈ R, we define the ε-relaxation of WBL formulae, ε : L → L, inductively for arbitrary φ ∈ Las follows:

φε =

a if φ = a

¬φε1 if φ = ¬φ1φε1 ∧ φε2 if φ = φ1 ∧ φ2E[v−ε,u+ε]φ

ε1Uφ

ε2 if φ = E[v,u]φ1Uφ2

A[v−ε,u+ε]φε1Uφ

ε2 if φ = A[v,u]φ1Uφ2

where a ∈ AP and v, u ∈ Q. 4

The implication that we wish however only works for positive formulae.When we expand a positive formula the number of systems satisfying saidformula increases, as we increase the likelihood of its behaviour accumulatingweights within the given interval. However, in the case of negated formula theinverse is the true, as we relax our formulae, and thereby increasing our inter-vals, we decrease the likelyhood of our behaviour not being in that interval.

Definition 3.7 (Positive Formulae). Let AP be a set of atomic propositions,the positive subset of WBL is induced by the following context-free grammar:

L+ : φ ::= a | ¬a | φ ∧ φ | φ ∨ φ | E[v,u] φ1 U φ2 | A[v,u] φ1 U φ2

where a ∈ AP and v, u ∈ Q. 4

Theorem 3.2. Let M = 〈M, θ, `〉 be a branching-compact, countable, andlabel-finite WKS, for arbitrary m,n ∈M ,

mε≈n if and only if ∀φ ∈ L+ :

m |= φ =⇒ n |= φε

n |= φ =⇒ m |= φε.

3.3 Behavioural Distance 27

The proof is very similar to that of Theorem 3.1. For a full version, seeAppendix A.

By taking the greatest lower bounds of margin of errors required for twosystems to be relaxed bisimilar, we can induce a distance between weightedsystems.

Definition 3.8 (Distance). Let M = 〈M, θ, `〉 be a WKS, we define thedistance, d : M × M → R≥1, between two arbitrary states m,n ∈ M asfollows:

d(m,n) = inf{ε ∈ R≥0 | mε≈n} (3.11)

where inf ∅ =∞. 4

And in fact, it is the case that this distance nicely forms a pseudometric.

Theorem 3.3. Given a branching-compact WKSM = 〈M, θ, `〉, the distancefunction d is a relative-pseudometric, i.e. for arbitrary m,n, o ∈ M we havethat

1. d(m,m) = 0 (Identity)2. d(m,n) = d(n,m) (Symmetry), and3. d(m, o) ≤ d(m,n) · d(n, o) (Relative Triangular Inequality).

Proof. (1 ) is a consequence of Proposition 3.2, (2 ) is a consequence of theHausdorff distance being a metric on closed sets, and (3 ) is a consequence ofProposition 3.4. ut

But more importantly, we have that our distance in a sense epitomizes ouridea of branching-behaviour. This is shown in the following two theorems.

The first states that systems at distance zero are behaviourally equivalentand that our distance and relaxed bisimulation agree.

Theorem 3.4 (Behavioural Distance). Let M = 〈M, θ, `〉 be a branching-compact WKS, m,n ∈ M , and ε ∈ R≥1, then d(m,n) = ε if and only if

mε≈n.

The second theorem states that state that are close together, also sat-isfy similar formulae. This theorem is of great importance, as it states thatgiven a model of a weighted system with some known error, we can still inferproperties on said system.

Theorem 3.5 (Robustness). Let M = 〈M, θ, `〉 be a branching-compactWKS, m,n ∈ M , and ε ∈ R≥1. If d(m,n) ≤ ε then ∀φ ∈ L : m |= φ =⇒n |= φε.

4

Cheaper Than

Often we are not interested in whether two weighted systems are behaviourallyequivalent, usually it suffices to reason about whether one system is cheaperthan another. But what exactly would it mean for a weighted system to becheaper than another? And how does this reflect itself in branching-time? Inthis chapter we attempt to answer these questions.

We produce two classifications of what we mean by systems being cheaperthan one another. The first is the Possibly Cheaper Than relations. Here wesay that you are possibly cheaper than I, if whenever I can perform somebehaviour, then there exists a cheaper way (i.e. it is possible) for you todo the same behaviour. The second is the Always Cheaper Than relations.Here we say you are always cheaper than I, if whenever I can perform somebehaviour, then you always perform said behaviour in a cheaper manner.

Like in the previous chapter, we also here produce a notion of distance be-tween systems based on our notion of Possibly Cheaper Than, thus producinga behavioural hemi-metric.

4.1 Possibly Cheaper Than

Like Hansen et al. [HLM+17], when reasoning about whether a systems ischeaper than another, we are only really interested in the extremities of theweights in questions, the bounds.

In this section we introduce our Possibly Cheaper Than (PCT) relation,in which we compare the cheapest paths of differing systems characterised bysome behaviour with one another. As mentioned, for a system to be possi-bly cheaper than another, it is only required for there to exists at least onecheaper than path for each behaviourally equivalent path in the systems weare comparing it to. This means that it is possible for a possibly cheaper thansystems to have other, more expensive, paths as well.

30 4 Cheaper Than

m0{a}

m1{b}

n0 {a}

n1 {b}

3

0

2 5

0

Fig. 4.1: A WKS illustrating the concept of Possibly Cheaper Than, wherem0 . n0.

Example 4.1. Consider the WKS shown in Figure 4.1. Here n0 is possiblycheaper than m0, as if m0 wished to move to a state where b is satisfied, itwould cost 3, but n0 is capable of doing a similar move with only a cost of 2.

Note however, that while it is possibly for n0 to be cheaper than m0, it isnot always the case, as n0 can also move to a state where b is satisfied with amore expensive cost of 5. 4

The PCT relation is well suited for systems in which we are only interestedin the best outcomes and deterministically can choose the cheapest path. E.g.when planning a route, we might only be interested in the shortest or fastestroute, thereby ignoring all other paths.

So what we want is a relation that compares the cheapest ways for twosystems to perform some branching behaviour.

Definition 4.1 (Possibly Cheaper Than). LetM = 〈M, θ, `〉 be a WKS, andR ⊆ M ×M . We say R is a Possibly Cheaper Than relation if and only ifwhenever mRn then,

1. `(m) ⊆ `(n), and2. ∀S, T ⊆M : inf Θ(m)(S, T ) ≥ inf Θ(n)(R(S),R(T )).

We use E to denote the largest Possibly Cheaper Than (PCT) relation. 4

Intuitively, condition (1 ) can be read as: for any state n that we considerpossibly cheaper than a state m, must be able to at least simulate the (state-wise) behaviour of m. Condition (2 ) can be read as: for whatever behaviourm can perform, the cheapest way for n to perform the same behaviour is equalto or less than m.

As with WBB, we now show that our PCT relation adheres to an under-lining structure, namely that it is a preorder.

Proposition 4.1. The relation E is a preorder.

The proof is left up to the reader.Unlike ≈, the relation E is not an equivalence relation, as it is not symmet-

ric. E.g. consider the WKS shown in Figure 4.1, as mentioned, n0 is cheaper

4.2 Always Cheaper Than 31

m0{a}

m1{b}

n0 {a}

n1 {b}

3

0

1 2

0

Fig. 4.2: A WKS illustrating the concept of Always Cheaper Than, wherem0 . n0.

than m0. The converse is however not the case, as m0 cannot perform a movecheaper than 3, while n0 can perform one of cost 2.

4.2 Always Cheaper Than

As mentioned, PCT is of use when we somehow can deterministically choosethe cheapest path through a system. But what if we cannot? Then for oneweighted system to be cheaper than another, we must ensure that no matterwhat move we perform, it is always cheaper than the other. We therefore inthis section introduce the concept of Always Cheaper Than (ACT).

Example 4.2. Consider the WKS illustrated in Figure 4.2. Here n0 is alwayscheaper than m0, as the cost for m0 to move to a state where b is satisfied isat least 3, while for n0 to move to a state where b is satisfied, the cost is atmost 2.

4

So in this case, we want a relation that compares the cheapest way for onesystem to perform some branching behaviour, with the most expensive wayfor another. This way we ensure that the other system is always cheaper thanthe first.

Definition 4.2 (Always Cheaper Than). Let M = 〈M, θ, `〉 be a WKS, andR ⊆ M ×M . We say R is an Always Cheaper Than relation if and only ifwhenever mRn then,

1. `(m) ⊆ `(n), and2. ∀S, T ⊆M : inf Θ(m)(S, T ) ≥ supΘ(n)(R(S),R(T )).

We use A to denote the largest Always Cheaper Than (ACT) relation. 4

Again, we can intuitively read condition (1 ) as: for any state n that weconsider possibly cheaper than a state m, n must be able to at least simulatethe (state-wise) behaviour of m. Condition (2 ) can be read as: for whatever

32 4 Cheaper Than

branching behaviour m can perform, the most expensive way for n to performthe same behaviour is equal to or less than m.

Again we have that A forms a preorder, but not an equivalence relationfor similar reasons as that for E .

Proposition 4.2. The relation A is a preorder.

The proof is left up for the reader.

4.3 Bounded Branching Logic

Inspired by the Markovian-like modal logic introduced by Hansen et al. in[HLM+17], we introduce a similar branching logic, Bounded Branching Logic(BBL), in this section. With BBL we wish to reason about the extremitiesof our weighted systems branching behaviour, namely the cheapest and mostexpensive ways for said systems to perform some behaviour. We say that ourlogic is Markovian-like, as it takes base in the Markov operators, most (Mr)and least (Lr), for stochastic systems [CLM11].

Like with WBL we still use until-formulae to express behaviour in branch-ing time, we however replace the existential and universal quantifiers with aninfimum (I≤u) quantifier and a supremum (S≤u) quantifier.

Definition 4.3 (Syntax). Let AP be a set of atomic propositions, then theset of formulae of Bounded Branching Logic (BBL), denoted B, are inducedby the following context-free grammar:

B : φ ::= a | ¬φ | φ ∧ φ | I≤uψ | S≤uψψ ::= φUφ

where a ∈ AP , and u ∈ Q. 4

Definition 4.4 (Semantics). The satisfiability relation for BBL, |=⊆M×B,is given for arbitrary (M,m) ∈M:

(M,m) |= a iff a ∈ `(m)

(M,m) |= ¬φ iff not (M,m) |= φ

(M,m) |= φ1 ∧ φ2 iff (M,m) |= φ1 and (M,m) |= φ2

(M,m) |= I./uφ1Uφ2 iff inf Θ(m)([[φ1]], [[φ2]]) ≤ u(M,m) |= S./uφ1Uφ2 iff supΘ(m)([[φ1]], [[φ2]]) ≤ u

where a ∈ AP , and u ∈ R. 4

We conclude this section we two characterisation proofs of both PCT andACT with sublogics of BBL.

4.3 Bounded Branching Logic 33

4.3.1 Characterisation of Possibly Cheaper Than

As we are only concerned about the cheapest paths when considering PCT,we restrict our logic to one where we only have the basic boolean operatorsand the infimum operator.

Definition 4.5 (Possibly-Sublogic). Let AP be a set of atomic propositions,we define the following sublogic, BI , of BBL as follows;

BI : φ ::= > | ⊥ | a | φ ∧ φ | φ ∨ φ | I≤u φ U φ

where a ∈ AP and u ∈ Q. 4

The semantics are still given by Definition 4.4.In order to show that this PCT is characterised by this sublogic, we require

a few additional constructs. First, for a given WKS,M = 〈M, θ, `〉, and statem ∈M , let

(|m|) = {φ ∈ BI | m |= φ}

be the set of formulae satisfied by m. Now, as our logic is countable, we canenumerate the elements of (|m|), like so

{φ1, φ2, ...} = (|m|) .

For the following proof, we would like to take increasing finite bites of (|m|),as follows:

(|m|)k = {φ1, ..., φk}

where k ∈ N.With this in hand, we are now ready to show that we can characterise

our Possibly Cheaper Than relation with the given sublogic, i.e. a system ischeaper than another if and only if it satisfies the same formulae as the other.

There is the caveat that we require for the WKS in question to be bothbranching-compact and countable.

Theorem 4.1. Let M = 〈M, θ, `〉 be a branching-compact and countableWKS, for arbitrary m,n ∈M :

m E n if and only if ∀φ ∈ BI : m |= φ =⇒ n |= φ

Proof. (⇒) : We show that if m E n then ∀φ ∈ BI : m |= φ =⇒ n |= φ.Induction on the structure of φ ∈ BI . Suppose that m E n and that m |= φ,we show that n |= φ.Case φ = a:By Definition 4.4 we have that m |= a if and only if a ∈ `(m). Since m E nwe have by Definition 4.1 that `(m) ⊆ `(n), and therefore a ∈ `(n). So byDefinition 4.4 we have that n |= a.

34 4 Cheaper Than

Case φ = φ1 ∧ φ2:By Definition 4.4 we have that m |= φ1 ∧ φ2 if and only if m |= φ1 andm |= φ2. By induction we have that n |= φ1 and n |= φ2, and therefore, byDefinition 4.4, we have that n |= φ1 ∧ φ2.Case φ = φ1 ∨ φ2:Derived from Definition 4.4 we have that m |= φ1∨φ2 if and only if m |= φ1 orm |= φ2. By induction we have that either n |= φ1 or n |= φ2, and therefore,by Definition 4.4, we have that n |= φ1 ∨ φ2.Case φ = I≤uφ1Uφ2:By Definition 4.4 we have that m |= I≤uφ1Uφ2 if and only if

inf Θ(m)([[φ1]], [[φ2]]) ≤ u .

Since m E n, we have by Definition 4.1 that

inf Θ(m)([[φ1]], [[φ2]]) ≥ inf Θ(n)( E ([[φ1]]), E ([[φ2]])) .

By induction we have that E ([[φ1]]) = [[φ1]] and that E ([[φ2]]) = [[φ2]], wetherefore get that

u ≥ inf Θ(m)([[φ1]], [[φ2]]) ≥ inf Θ(n)([[φ1]], [[φ2]]) ,

and therefore by Definition 4.4 we have that n |= I≤uφ1Uφ2.

(⇐) : We show that if ∀φ ∈ BI : m |= φ =⇒ n |= φ then m E n. It issufficient to show that the relation

R = {(m,n) ∈M ×M | ∀φ ∈ BI : m |= φ =⇒ n |= φ}

is a Possibly Cheaper Than relation. Suppose that m,n ∈M and mRn.Clearly, mRn implies `(m) ⊆ `(n).We now show that mRn implies inf Θ(m)(S, T ) ≥ inf Θ(n)(R(S),R(T )),

for all S, T ⊆M . We handle the case of S and T being either finite or infiniteseparately.

Finite Case.



k ∈ N as follows:

χSk =∨s∈S

∧φ∈(|s|)Ik

.

Since S and (|s|)Ik are finite, we have that χSk is well formed.This allows us to create a decreasing sequence of sets of states, [[χS0 ]] ⊇

[[χS1 ]] ⊇ ..., for which we now show that

4.3 Bounded Branching Logic 35⋂k∈N

[[χSk ]] = R(S) . (4.1)

If s′ ∈ R(S) then there exists some s ∈ S such that (|s|) ⊆ (|s′|). This inturn implies that s′ |=

∧φ∈(|s|)Ik

φ, and hence s′ |= χSk , for any k ∈ N. Ergo,⋂k∈N

[[χSk ]] ⊇ R(S) . (4.2)

If s′ /∈ R(S) then for all s ∈ S there exists some φs ∈ BI such that s |= φsand s′ 6|= φs. We can now create a formula, ΦS , that distinguishes s′ from anys ∈ S,

ΦS =∨s∈S

φs, where s |= φs, and s′ 6|= φs .

There must exist some k ∈ N such that for each s ∈ S we have that φs ∈ (|s|)Ik.Therefore, we get that s′ /∈ [[χSk ]], due to there existing some φs ∈ (|s|)k suchthat s′ 6|= φs, for any s ∈ S, i.e.

s′ 6|=∨s∈S

∧φ∈(|s|)h

φ ,

Ergo,⋂k∈N

[[χSk ]] ⊆ R(S) . (4.3)

By Equation (4.2) and 4.3 combined we have now shown that Equation (4.1)holds. By similar reasoning we can create a sequence of formulae [[χT0 ]] ⊇[[χT1 ]] ⊇ ... where⋂

h∈N[[χTh ]] = R(T ) . (4.4)

We now show that

∀k, h ∈ N : inf Θ(m)(S, T ) ≥ inf Θ(n)([[χSk ]], [[χTh ]]) . (4.5)


∃k, h ∈ N : inf Θ(m)(S, T ) < q < inf Θ(n)([[χSk ]], [[χTh ]]) .

where q ∈ Q. Since inf Θ(m) is monotonic and since S ⊆ [[χSk ]] and T ⊆ [[χTh ]]we have that

inf Θ(m)([[χSk ]], [[χTh ]]) ≤ inf Θ(m)(S, T ) < q .


36 4 Cheaper Than

χ = I≤u χSk U χTh

for which m |= χ and n 6|= χ, thereby contradicting that mRn, so Equa-tion (4.5) must hold.


Θ(n)(⋂k∈N

[[χSk ]],⋂h∈N

[[χTh ]]) =⋂

k,h∈NΘ(n)([[χSk ]], [[χTh ]])

SinceM is branching-compact and due to Equation (4.5), we get by Lemma 2.3that

inf Θ(m)(S, T ) ≥ inf⋂

k,h∈NΘ(n)([[χSk ]], [[χTh ]])

and by Equation (4.1) and (4.4) we get that

inf Θ(m)(S, T ) ≥ inf Θ(n)(R(S),R(T )) . (4.6)

Infinite Case.


⋃k∈N Sk = S and

⋃h∈N Th = T .

Since Sk and Th are finite for any k, h ∈ N we have by what we previouslyshowed in the finite case (Equation (4.6)), that

∀k, h ∈ N : inf Θ(m)(Sk, Th) ≥ inf Θ(n)(R(Sk),R(Th))

Clearly, we have that

R(S) = R(⋃k∈N

Sk) =⋃k∈NR(Sk)

and similarly

R(T ) = R(⋃h∈N

Th) =⋃h∈NR(Th) .

Therefore, due to , we have by Lemma 2.2 that

inf⋃

k,h∈NΘ(m)(Sk, Th) ≥ inf

⋃k,h∈N

Θ(n)(R(Sk),R(Th))


inf Θ(m)(S, T ) ≥ inf Θ(n)(R(S),R(T )) .

ut

4.3 Bounded Branching Logic 37

4.3.2 Characterisation of Always Cheaper Than

Much in the same way as with PCT, we here also require a different sublogic.However, as we this time wish to reason about the lower bounds in one andthe upper bounds in another, two different sublogics are required for the twosystems we wish to relate.

We still make use of the previously defined logic BI given in Definition 4.5for the systems we wish to relate to. For the system we wish to always becheaper, the following sublogic is used:

Definition 4.6 (Always-Sublogic). Let AP be a set of atomic propositions,we define the following sublogic, BS , of BBL as follows;

BS : φ ::= > | ⊥ | a | φ ∧ φ | φ ∨ φ | S≤u φ U φ

where a ∈ AP and u ∈ Q. 4

The semantics are still given by Definition 4.4.We also require a way to map between the two logics. This is done in a

straight forward manner where we turn infima expressions (I≤u) into corre-sponding suprema expressions (S≤u), leaving anything else untouched.

Definition 4.7. We define the following mapping u : BI → BS , for arbitraryφ ∈ BI as follows:

φu =

> if φ = >⊥ if φ = ⊥a if φ = a, and a ∈ APφu1 ∧ φu2 if φ = φ1 ∧ φ2φu1 ∨ φu2 if φ = φ1 ∨ φ2S≤u φ

u1 U φ

u2 if φ = I≤u φ1 U φ2, and u ∈ Q

where φ ∈ LI . 4

We also need an additional construct. For a given WKS M = 〈M, θ, `〉, let

(|m|)u = {φ ∈ BI | s |= φu}

be the inverse image of u on the set of BS formulae satisfied by a state m ∈M .We are now ready to give a logical characterisation of ACT, again restrict-

ing ourselves to branching-compact and countable WKS.

Theorem 4.2. Let M = 〈M, θ, `〉 be a branching-compact and countableWKS, for arbitrary m,n ∈M , then

m A n if and only if ∀φ ∈ BI : m |= φ =⇒ n |= φu

The proof is very similar to that of Theorem 4.1. For a full version, see Ap-pendix A.

38 4 Cheaper Than

4.4 Cheaper Than Distance

We conclude this chapter by introducing similar ideas regarding distance be-tween weighted systems as we did for WBB, only this time for PCT. Many ofthe results are very similar, the only notable difference being that the distancenow only forms a behavioural hemimetric.

First, we introduce the idea of relaxing our PCT relation. Here we simplysubtract the margin of error from the greatest lower bound of accumulatedweight of whatever branching behaviour in question.

Definition 4.8 (ε-Possibly Cheaper Than). Let M = 〈M, θ, `〉 be a WKS,R ⊆ M ×M and ε ∈ R≥0. We say R is a ε-Possibly Cheaper Than relationif and only if whenever mRn then

1. `(m) ⊆ `(n), and2. ∀S, T ⊆M : inf Θ(m)(S, T ) ≥ inf Θ(n)(R(S),R(T ))− ε.

We use E ε to denote the largest ε-PCT relation. 4

Here condition (2 ) can be read intuitively as, whatever m does, n can docheaper if we subtract ε.

Again we introduce a similar notion of relaxing our logic, so that we maycharacterise our relaxed PCT.

Definition 4.9. We define the family of functions ε : LI → LI , for ε ∈ R≥1,as follows:

φε =

> if φ = >⊥ if φ = ⊥a if φ = a, and a ∈ APφε1 ∧ φε2 if φ = φ1 ∧ φ2φε1 ∨ φε2 if φ = φ1 ∨ φ2I≤u+ε φ

ε1 U φ

ε2 if φ = I≤u φ1 U φ2, and u ∈ Q

where φ ∈ LI . 4

Theorem 4.3. Let M = 〈M, θ, `〉 be a branching-compact and countableWKS. For arbitrary m,n ∈M we have that

m E εn if and only if ∀φ ∈ BI : m |= φ =⇒ n |= φε

The proof is very similar to that of Theorem 4.1. For a full version, see Ap-pendix A.

As with WBB, we can induce a distance from the infimum of relaxedPCTs.

Definition 4.10 (Distance). Let M = 〈M, θ, `〉 be a WKS. The distancebetween arbitrary states m,n ∈M is given by the function d : M×M → R≥0,defined as follows:

4.4 Cheaper Than Distance 39

d(m,n) = inf{ε ∈ R | m E εn}

where inf ∅ =∞. 4

As with before, this distance adheres to our idea of relaxing our PCTs.

Theorem 4.4. Let M = 〈M, θ, `〉 be a branching-compact WKS, m,n ∈ Mand ε ∈ R.

If d(m,n) = ε then m E εn .

Proof. Clearly, d(m,n) = ε implies that `(m) ⊆ `(n), as there must existssome γ ≥ ε such that m E γn. Assume now towards a contradiction, thatthere exists some pair S, T ⊆M such that

inf Θ(m)(S, T ) < inf Θ(n)(SEε , T

Eε)− ε . (4.7)

However, since d(m,n) = inf{γ ∈ R|m E γn} = ε we have that there exists adecreasing sequence γ0 ≥ γ1 ≥, ...,≥ ε such that lim

k→∞γk = ε, for all k ∈ N we

have that m E γkn, and

∀n ∈ N : inf Θ(m)(S, T ) ≥ inf Θ(n)(SEγn , T

Eγn )− γn . (4.8)

Note that SEε =

⋂k∈N S

Eγk and that T

Eε =

⋂k∈N T

Eγk . Since M is

branching-compact we get by Lemma 2.3 that

inf Θ(m)(S, T ) ≥ inf Θ(n)(SEε , T

Eε)− ε . (4.9)

ut

As mentioned, this distance forms a hemimetric.

Theorem 4.5. Let M = 〈M, θ, `〉 be a branching-compact WKS, d is anextended hemi-metric, i.e. for m,n, o ∈M :

1. d(m,m) = 02. d(m, o) ≤ d(m,n) + d(n, o).

Proof. (1 ): Clearly d(m,m) = 0 for all m ∈ M , as inf Θ(m)(S, T ) ≥inf Θ(m)(S

E

, TE

) − 0, due to the monotonicity of inf Θ(m) and that

S ⊆ S E

and T ⊆ T E

. ut

Lastly, we conclude this section, by producing a robustness results statingthat systems that are close together also satisfy similar formula.

Theorem 4.6 (Robustness). Let M = 〈M, θ, `〉 be a branching-compactWKS, m,n ∈ M , ε ∈ R and φ ∈ LI . If d(m,n) ≤ ε and m |= φ, thenn |= φε.

Proof. Follows from Theorem 4.3 and Theorem 4.4. ut

5

Conclusion

In this Thesis we delved into world of weighted systems and perceived themthrough the temporal lense of branching-time. We developed a mathemati-cally concise way of reasoning about weighted behaviour in branching-time,resulting in a behavioural relation, namely Weighted Branching Bisimulation.

We developed a temporal logic which can be used to reason about weightedbehaviour in branching-time and showed that for a class of branching-compactsystems, that this logic completely characterises our Weighted BranchingBisimulation.

Due to the restrictive nature of exact quantitative behavioural relations,we developed a notion of relaxing our bisimulation. In parallel with this wewere also capable of relaxing our logic in a intuitive way that preserved ourcharacterisation result. From this notion of relaxtion we induced a behaviouraldistance from the infimum of margin of errors required for two systems tobe relaxed-Weighted Branching Bisimilar. We showed that this distance is apseudometric on branching-compact systems, and that behave in accordancewith our ideas of weighted branching behaviour. We also produced robustnessresults, stating that weighted systems close together (small distance from eachother) satisfy similar formulae.

As it is often not required to reason about weighted systems as a whole,we produced two cheaper than relations. One in which it is only required fora cheaper than system to be possibly cheaper than the other, and another inwhich it must always be cheaper than the other.

We developed another temporal logic to reason about the bounds ofweighted systems in branching time and show that we can characterise ourcheaper than relations using fragments of this logic.

Lastly, we extended the notion of relaxing our behavioural relations toour cheaper than relations, showing similar results for them as we did for ourbisimulation. We induced a distance and showed it is a hemimetric and similarrobustness results as before.

42 5 Conclusion

5.1 Future Work

Decidability and complexity results for the problems of equivalence checkingany of our behavioural relations, a long with the problems of model checkingany of our logics on our specified models, are all open problems.

One could also be interested in further extending the work of Hansen et al.[HLM+17], and develop a notion of General Weighted Branching Bisimulation,in which one only require the bounds of weighted systems to agree.

Lastly, one could look into compositionality with regards to weighted sys-tems. What does it mean to run two weighted systems in parallel, and can wecommunicate somehow?

References

AILS07. Luca Aceto, Anna Ingolfsdottir, Kim Guldstrand Larsen, and Jiri Srba.Reactive systems: modelling, specification and verification. cambridgeuniversity press, 2007.

BCG88. Michael C. Browne, Edmund M. Clarke, and Orna Grumberg. Charac-terizing finite kripke structures in propositional temporal logic. Theor.Comput. Sci., 59:115–131, 1988.

CE08. Edmund M. Clarke and E. Allen Emerson. Design and synthesis of syn-chronization skeletons using branching time temporal logic. In 25 Yearsof Model Checking - History, Achievements, Perspectives, pages 196–215,2008.

CES86. Edmund M. Clarke, E. Allen Emerson, and A. Prasad Sistla. Automaticverification of finite-state concurrent systems using temporal logic spec-ifications. ACM Trans. Program. Lang. Syst., 8(2):244–263, 1986.

CHM+15. Peter Christoffersen, Mikkel Hansen, Anders Mariegaard, Julian TrierRingsmose, Kim Guldstrand Larsen, and Radu Mardare. Parametricverification of weighted systems. In Etienne Andre and Goran Frehse,editors, 2nd International Workshop on Synthesis of Complex Parame-ters, SynCoP 2015, April 11, 2015, London, United Kingdom, volume 44of OASICS, pages 77–90. Schloss Dagstuhl - Leibniz-Zentrum fuer Infor-matik, 2015.

CLM11. Luca Cardelli, Kim G. Larsen, and Radu Mardare. Modular markovianlogic. In Automata, Languages and Programming - 38th InternationalColloquium, ICALP 2011, Zurich, Switzerland, July 4-8, 2011, Proceed-ings, Part II, pages 380–391, 2011.

DGJP99. Josee Desharnais, Vineet Gupta, Radha Jagadeesan, and Prakash Panan-gaden. Metrics for labeled markov systems. In Jos C. M. Baeten andSjouke Mauw, editors, CONCUR ’99: Concurrency Theory, 10th Inter-national Conference, Eindhoven, The Netherlands, August 24-27, 1999,Proceedings, volume 1664 of Lecture Notes in Computer Science, pages258–273. Springer, 1999.

DP03. Josee Desharnais and Prakash Panangaden. Continuous stochastic logiccharacterizes bisimulation of continuous-time markov processes. J. Log.Algebr. Program., 56(1-2):99–115, 2003.

44 References

DV95. Rocco De Nicola and Frits W. Vaandrager. Three logics for branchingbisimulation. J. ACM, 42(2):458–487, 1995.

EC80. E. Allen Emerson and Edmund M. Clarke. Characterizing correctnessproperties of parallel programs using fixpoints. In Automata, Languagesand Programming, 7th Colloquium, Noordweijkerhout, The Netherland,July 14-18, 1980, Proceedings, pages 169–181, 1980.

FLM16. Louise Foshammer, Kim Guldstrand Larsen, and Anders Mariegaard.Weighted branching simulation distance for parametric weighted kripkestructures. 220:63–75, 2016.

FLMX17. Louise Foshammer, Kim Guldstrand Larsen, Radu Mardare, and Bing-tian Xue. Logical characterization and complexity of weighted branchingpreorders and distances. Unpublished Draft, 2017.

FTL11. Uli Fahrenberg, Claus R. Thrane, and Kim G. Larsen. Distances forweighted transition systems: Games and properties. 57:134–147, 2011.

GJS90. Alessandro Giacalone, Chi-Chang Jou, and Scott A Smolka. Algebraicreasoning for probabilistic concurrent systems. In Proc. IFIP TC2 Work-ing Conference on Programming Concepts and Methods. Citeseer, 1990.

HLM+17. Mikkel Hansen, Kim Guldstrand Larsen, Radu Mardare, Mathias Rug-gaard Pedersen, and Bingtian Xue. Reasoning about bounds in weightedtransition systems. CoRR, abs/1703.03346, 2017.

HM85. Matthew Hennessy and Robin Milner. Algebraic laws for nondeterminismand concurrency. J. ACM, 32(1):137–161, 1985.

Jen18. Mathias Claus Jensen. Weighted branching systems: Behavioural equiv-alence, metric structure, and their characterisations, 2018.

JLSO16. Jonas Finnemann Jensen, Kim Guldstrand Larsen, Jirı Srba, andLars Kaerlund Oestergaard. Efficient model-checking of weighted CTLwith upper-bound constraints. volume 18, pages 409–426, 2016.

Kri07. Saul Kripke. Semantical considerations of the modal logic. Studia Philo-sophica, 1, 2007.

LFT11. Kim G. Larsen, Uli Fahrenberg, and Claus R. Thrane. Metrics forweighted transition systems: Axiomatization and complexity. Theor.Comput. Sci., 412(28):3358–3369, 2011.

LPY97. Kim Guldstrand Larsen, Paul Pettersson, and Wang Yi. UPPAAL in anutshell. STTT, 1(1-2):134–152, 1997.

LPY01. Magnus Lindahl, Paul Pettersson, and Wang Yi. Formal design andanalysis of a gear controller. STTT, 3(3):353–368, 2001.

LS91. Kim Guldstrand Larsen and Arne Skou. Bisimulation through proba-bilistic testing. Inf. Comput., 94(1):1–28, 1991.

LS98. Xinxin Liu and Scott A. Smolka. Simple linear-time algorithms forminimal fixed points (extended abstract). In Automata, Languages andProgramming, 25th International Colloquium, ICALP’98, Aalborg, Den-mark, July 13-17, 1998, Proceedings, pages 53–66, 1998.

Mil80. Robin Milner. A Calculus of Communicating Systems, volume 92 ofLecture Notes in Computer Science. Springer, 1980.

Mil89. Robin Milner. Communication and concurrency. PHI Series in computerscience. Prentice Hall, 1989.

Pan09. Prakash Panangaden. Labelled Markov Processes. Imperial College Press,2009.

References 45

Par81. David Michael Ritchie Park. Concurrency and automata on infinite se-quences. In Peter Deussen, editor, Theoretical Computer Science, 5th GI-Conference, Karlsruhe, Germany, March 23-25, 1981, Proceedings, vol-ume 104 of Lecture Notes in Computer Science, pages 167–183. Springer,1981.

RSV10. Anders P. Ravn, Jirı Srba, and Saleem Vighio. A formal analysis of theweb services atomic transaction protocol with UPPAAL. In LeveragingApplications of Formal Methods, Verification, and Validation - 4th Inter-national Symposium on Leveraging Applications, ISoLA 2010, Heraklion,Crete, Greece, October 18-21, 2010, Proceedings, Part I, pages 579–593,2010.

TFL10. Claus Thrane, Uli Fahrenberg, and Kim G Larsen. Quantitative analy-sis of weighted transition systems. The Journal of Logic and AlgebraicProgramming, 79(7):689–703, 2010.

vGW89. Rob J. van Glabbeek and W. P. Weijland. Branching time and abstrac-tion in bisimulation semantics (extended abstract). In IFIP Congress,pages 613–618, 1989.

A

Proofs

Theorem 3.2

Proof. (⇒) : We show that if mε≈n then ∀φ ∈ L+ :

m |= φ =⇒ n |= φε

n |= φ =⇒ m |= φε.

Induction on the structure of φ ∈ L. Suppose mε≈n and that m |= φ, we show

that this implies that n |= φε.Case φ = a:

By Definition 3.4 we have that m |= a if and only if a ∈ `(m). Since mε≈n

we have by Definition 3.5 that `(m) = `(n), and therefore a ∈ `(n). So byDefinition 3.4 we have that n |= aε = a.Case φ = a:

By Definition 3.4 we have that m |= ¬a if and only if a /∈ `(m). Since mε≈n

we have by Definition 3.5 that `(m) = `(n), and therefore a /∈ `(n). So byDefinition 3.4 we have that n |= ¬aε = ¬a.Case φ = φ1 ∧ φ2:By Definition 3.4 we have that m |= φ1 ∧ φ2 if and only if m |= φ1 andm |= φ2. By induction we have that n |= φε1 and n |= φε2, and therefore, byDefinition 3.4, we have that n |= φε1 ∧ φε2.Case φ = E[v,u] φ1 U φ2:By Definition 3.4 we have that m |= E[v,u] φ1 U φ2 if and only if

[v, u] ∩Θ(m)([[φ1]], [[φ2]]) 6= ∅ .

Since mε≈n we have by Definition 3.5 that

H(Θ(m)([[φ1]]

ε≈, [[φ2]]

ε≈), Θ(n)([[φ1]]

ε≈, [[φ2]]

ε≈))≤ ε .

By induction we get that [[φ1]]ε≈ = [[φε1]] and [[φ2]]

ε≈ = [[φε2]]. This in turn gives

us

[v − ε, u+ ε] ∩Θ(n)([[φε1]], [[φε2]]) 6= ∅ .

48 A Proofs

So, by Definition 3.4 we have that n |= E φε1 U[v−ε,u+ε] φε2.

Case φ = A[v,u] φ1 U φ2:By Definition 3.4 we have that m |= A[v,u] φ1 U φ2 if and only if

[v, u] ∪Θ(m)([[φ1]], [[φ2]]) = [v, u] .

Since mε≈n we have by Definition 3.5 that

H(Θ(m)([[φ1]]

ε≈, [[φ2]]

ε≈), Θ(n)([[φ1]]

ε≈, [[φ2]]

ε≈))≤ ε .

By induction we get that [[φ1]]ε≈ = [[φε1]] and [[φ2]]

ε≈ = [[φε2]]. This in turn gives

us

[v − ε, u+ ε] ∪Θ(n)([[φε1]], [[φε2]]) = [v − ε, u+ ε] .

So, by Definition 3.4 we have that n |= A φε1 U[v−ε,u+ε] φε2.

(⇐) : We show that the relation

R =

{(m,n) ∈M ×M | ∀φ ∈ L :

m |= φ =⇒ n |= φε

n |= φ =⇒ m |= φε

}is a ε-Weighted Branching Bisimilation relation.

Suppose that m,n ∈M and mRn.Clearly, mRn implies `(m) = `(n).We now show that mRn implies H(Θ(m)(SR, TR), Θ(n)(SR, TR)) ≤ ε,

for all S, T ⊆M . We handle the case of S and T being either finite or infiniteseparately.

Finite Case.



k ∈ N as follows:

χSk =∨s∈S

∧φ∈(|s|)k

φ .



[[(χSk )ε]] = SR . (A.1)

If s′ ∈ SR then there exists some s ∈ S such that (|s|) ⊆ (|s′|)ε. This inturn implies that s′ |=

∧φ∈(|s|)k φ

ε, and hence s′ |= (χSk )ε, for any k ∈ N. Ergo,

A Proofs 49⋂k∈N

[[(χSk )ε]] ⊇ SR . (A.2)

If s′ /∈ SR then for all s ∈ S there exists some φs ∈ BI such that s |= φsand s′ 6|= φεs. We can now create a formula, ΦS , that distinguishes s′ from anys ∈ S,

ΦS =∨s∈S

φs, where s |= φs, and s′ 6|= φεs .

There must exist some k ∈ N such that for each s ∈ S we have that φs ∈ (|s|)k.Therefore, we get that s′ /∈ [[(χSk )ε]], due to there existing some φs ∈ (|s|)k suchthat s′ 6|= φεs, for any s ∈ S, i.e.

s′ 6|=∨s∈S

∧φ∈(|s|)k

φε ,

Ergo,⋂k∈N

[[(χSk )ε]] ⊆ SR . (A.3)

By Equation (3.7) and A.3 combined we have now shown that Equation (A.1)holds. By similar reasoning we can create a sequence of formulae [[χT0 ]] ⊇[[χT1 ]] ⊇ ... where⋂

h∈N[[(χTh )ε]] = TR . (A.4)

We now show that

∀k, h ∈ N : H(Θ(m)([[(χSk )ε]], [[(χTh )ε]]), Θ(n)([[(χSk )ε]], [[(χTh )ε]])) ≤ ε . (A.5)


∃k, h ∈ N : H(Θ(m)([[(χSk )ε]], [[(χTh )ε]]), Θ(n)([[(χSk )ε]], [[(χTh )ε]])) > ε .

Assume without a loss of generality that there exists w ∈ Θ(m)([[(χSk )ε]], [[(χTh )ε]])and that for all v ∈ Θ(n)([[(χSk )ε]], [[(χTh )ε]]), |w−v| > ε. SinceM is branching-compact there must exists a pair of rational numbers, v, u /∈ Θ(n)([[χSk ]], [[χTh ]])such that w ∈ [v, u].


χ = E[v,u] χSk U χTh

for which m |= χ and n 6|= χε, thereby contradicting that mRn, so Equa-tion (A.5) must hold.


50 A Proofs

Θ(m)(⋂k∈N

[[(χSk )ε]],⋂h∈N

[[(χTh )ε]]) =⋂

k,h∈NΘ(m)([[(χSk )ε]], [[(χTh )ε]])

Θ(n)(⋂k∈N

[[(χSk )ε]],⋂h∈N

[[(χTh )ε]]) =⋂

k,h∈NΘ(n)([[(χSk )ε]], [[(χTh )ε]])

By Equation (3.10), (3.6), and (3.9), we get that

H(Θ(m)(SR, TR), Θ(n)(SR, TR)) ≤ ε .

Infinite Case.


⋃k∈N Sk = S and

⋃h∈N Th = T .

Since Sk and Th are finite for any k, h ∈ N we have by what we previouslyshowed in the finite case , that

∀k, h ∈ N : H(Θ(m)(SRk , TRh ), Θ(n)(SRk , T

Rh )) ≤ ε .

We therefore have that

H(⋃

k,h∈NΘ(m)(SRk , T

Rh ),

⋃k,h∈N

Θ(n)(SRk , TRh )) ≤ ε .


H(Θ(m)(SR, TR), Θ(n)(SR, TR)) ≤ ε .

ut

A Proofs 51

Theorem 4.2

Proof. (⇒) : We show that if m A n then ∀φ ∈ BI : m |= φ =⇒ n |= φu.Induction on the structure of φ ∈ BI . Suppose that m A n and that m |= φ,we show that n |= φu.Case φ = a:By Definition 4.4 we have that m |= a if and only if a ∈ `(m). Since m A nwe have by Definition 4.2 that `(m) ⊆ `(n), and therefore a ∈ `(n). So byDefinition 4.4 we have that n |= a and by Definition 4.7 we have that a = au.Case φ = φ1 ∧ φ2:By Definition 4.4 we have that m |= φ1 ∧ φ2 if and only if m |= φ1 andm |= φ2. By induction, we have that n |= φu1 and n |= φu2 , and therefore, byDefinition 4.4, we have that n |= φu1 ∧ φu2 . Lastly, by Definition 4.7 we havethat φu1 ∧ φu2 = (φ1 ∧ φ2)u.Case φ = φ1 ∧ φ2:Derived from Definition 4.4 we have that m |= φ1 ∨ φ2 if and only if m |= φ1or m |= φ2. By induction, we have that n |= φu1 or n |= φu2 , and therefore, byDefinition 4.4, we have that n |= φu1 ∨ φu2 . Lastly, by Definition 4.7 we havethat φu1 ∨ φu2 = (φ1 ∨ φ2)u.Case φ = I≤uφ1Uφ2:By Definition 4.4 we have that m |= I≤uφ1Uφ2 if and only if

inf Θ(m)([[φ1]], [[φ2]]) ≤ u .

Since m A n, we have by Definition 4.2 that

inf Θ(m)([[φ1]], [[φ2]]) ≥ supΘ(n)([[φ1]]A

, [[φ2]]A

) .

By induction, we have that [[φ1]]A

= [[φu1 ]] and that [[φ2]]A

= [[φu2 ]]. Wetherefore get that

u ≥ inf Θ(m)([[φ1]], [[φ2]]) ≥ supΘ(n)([[φu1 ]], [[φu2 ]]) .

Hence, by Definition 4.4, we have that n |= S≤uφu1 U φ

u2 , for which, by Defi-

nition 4.7, we have that S≤uφu1 U φ

u2 = (I≤uφ1Uφ2)u.

(⇐) : We show that if ∀φ ∈ BI : m |= φ =⇒ n |= φu then m A n. It issufficient to show that the relation

R = {(m,n) ∈M ×M | ∀φ ∈ BI : m |= φ =⇒ n |= φu}

is a Always Cheaper Than relation.Suppose that m,n ∈M and mRn.Clearly, mRn implies `(m) ⊆ `(n).We now show that mRn implies inf Θ(m)(S, T ) ≥ supΘ(n)(SR, TR), for

all S, T ⊆ M . We handle the case of S and T being either finite or infiniteseparately.

52 A Proofs

Finite Case.



k ∈ N as follows:

χSk =∨s∈S

∧φ∈(|s|)k

φ .



[[(χSk )u]] = SR . (A.6)

If s′ ∈ SR then there exists some s ∈ S such that (|s|) ⊆ (|s′|)u. This inturn implies that s′ |=

∧φ∈(|s|)k φ

u, and hence s′ |= (χSk )u, for any k ∈ N.Ergo,⋂

k∈N[[(χSk )u]] ⊇ SR . (A.7)

If s′ /∈ SR then for all s ∈ S there exists some φs ∈ BI such that s |= φsand s′ 6|= φus . We can now create a formula, ΦS , that distinguishes s′ from anys ∈ S,

ΦS =∨s∈S

φs, where s |= φs, and s′ 6|= φus .

There must exist some k ∈ N such that for each s ∈ S we have that φs ∈ (|s|)k.Therefore, we get that s′ /∈ [[χSk ]], due to there existing some φs ∈ (|s|)k suchthat s′ 6|= φus , for any s ∈ S, i.e.

s′ 6|=∨s∈S

∧φ∈(|s|)h

φu ,

Ergo,⋂k∈N

[[(χSk )u]] ⊆ SR . (A.8)

By Equation (A.7) and A.8 combined we have now shown that Equation (A.6)holds. By similar reasoning we can create a sequence of formulae [[χT0 ]] ⊇[[χT1 ]] ⊇ ... where⋂

h∈N[[(χTh )u]] = TR . (A.9)

A Proofs 53

We now show that

∀k, h ∈ N : inf Θ(m)(S, T ) ≥ supΘ(n)([[(χSk )u]], [[(χTh )u]]) . (A.10)


∃k, h ∈ N : inf Θ(m)(S, T ) < u < supΘ(n)([[(χSk )u]], [[(χTh )u]]) .

where u ∈ Q. Since inf Θ(m) is monotonic and since S ⊆ [[χSk ]] and T ⊆ [[χTh ]]we have that




for which m |= χ and n 6|= χu, thereby contradicting that mRn, so Equa-tion (4.5) must hold.


Θ(n)(⋂k∈N

[[(χSk )u]],⋂h∈N

[[(χTh )u]]) =⋂

k,h∈NΘ(n)([[(χSk )u]], [[(χTh )u]])

Since M is branching-compact and due to Equation (A.10), we get byLemma 2.3 that

inf Θ(m)(S, T ) ≥ sup⋂

k,h∈NΘ(n)([[χSk ]], [[χTh ]])

and by Equation (A.6) and (A.9) we get that

inf Θ(m)(S, T ) ≥ supΘ(n)(SR, TR) . (A.11)

Infinite Case.


⋃k∈N Sk = S and

⋃h∈N Th = T .

Since Sk and Th are finite for any k, h ∈ N we have by what we previouslyshowed in the finite case (Equation (A.11)), that

∀k, h ∈ N : inf Θ(m)(Sk, Th) ≥ supΘ(n)(SRk , TRk ) .

Therefore, by Lemma 2.2, we have that

inf⋃

k,h∈NΘ(m)(Sk, Th) ≥ sup

⋃k,h∈N

Θ(n)(SRk , TRh ) .


inf Θ(m)(S, T ) ≥ supΘ(n)(SR, TR) .

ut

54 A Proofs

Theorem 4.3

Proof. (⇒) : We show that if m E εn then ∀φ ∈ BI : m |= φ =⇒ n |= φε.Induction on the structure of φ ∈ BI . Suppose that m E εn and that m |= φ,we show that n |= φε.Case φ = a:By Definition 4.4 we have that m |= a if and only if a ∈ `(m). Since m E εnwe have by Definition 4.8 that `(m) ⊆ `(n), and therefore a ∈ `(n). So byDefinition 4.4 we have that n |= a and by Definition 4.9 we have that a = aε.Case φ = φ1 ∧ φ2:By Definition 4.4 we have that m |= φ1 ∧ φ2 if and only if m |= φ1 andm |= φ2. By induction, we have that n |= φε1 and n |= φε2, and therefore, byDefinition 4.4, we have that n |= φε1 ∧ φε2. Lastly, by Definition 4.9 we havethat φε1 ∧ φε2 = (φ1 ∧ φ2)ε.Case φ = φ1 ∧ φ2:Derived from Definition 4.4 we have that m |= φ1 ∨ φ2 if and only if m |= φ1or m |= φ2. By induction, we have that n |= φε1 or n |= φε2, and therefore, byDefinition 4.4, we have that n |= φε1 ∨ φε2. Lastly, by Definition 4.9 we havethat φε1 ∨ φε2 = (φ1 ∨ φ2)ε.Case φ = I≤uφ1Uφ2:By Definition 4.4 we have that m |= I≤uφ1Uφ2 if and only if

inf Θ(m)([[φ1]], [[φ2]]) ≤ u .

Since m E εn, we have by Definition 4.8 that

inf Θ(m)([[φ1]], [[φ2]]) ≥ inf Θ(n)([[φ1]]Eε , [[φ2]]

Eε)− ε .

By induction we have that [[φ1]]Eε = [[φε1]] and that [[φ2]]

Eε = [[φε2]]. We

therefore get that

u ≥ inf Θ(m)([[φ1]], [[φ2]]) ≥ inf Θ(n)([[φε1]], [[φε2]])− ε .

Hence, we get that

u+ ε ≥ inf Θ(n)([[φε1]], [[φε2]]) ,

and therefore by Definition 4.4 we have that n |= I≤u+εφε1Uφ

ε2.

(⇐) : We show that if ∀φ ∈ BI : m |= φ =⇒ n |= φε then m E εn. It issufficient to show that the relation

R = {(m,n) ∈M ×M | ∀φ ∈ BI : m |= φ =⇒ n |= φε}

is a Possibly Cheaper Than relation. Suppose that m,n ∈M and mRn.Clearly, mRn implies `(m) ⊆ `(n).We now show that mRn implies inf Θ(m)(S, T ) ≥ inf Θ(n)(SR, TR), for

all S, T ⊆ M . We handle the case of S and T being either finite or infiniteseparately.

A Proofs 55

Finite Case.



k ∈ N as follows:

χSk =∨s∈S

∧φ∈(|s|)k

.



[[(χSk )ε]] = SR . (A.12)

If s′ ∈ SR then there exists some s ∈ S such that (|s|) ⊆ (|s′|)ε. This inturn implies that s′ |=

∧φ∈(|s|)k φ

ε, and hence s′ |= (χSk )ε, for any k ∈ N. Ergo,

⋂k∈N

[[(χSk )ε]] ⊇ SR . (A.13)

If s′ /∈ SR then for all s ∈ S there exists some φs ∈ BI such that s |= φsand s′ 6|= φεs. We can now create a formula, ΦS , that distinguishes s′ from anys ∈ S,

ΦS =∨s∈S

φs, where s |= φs, and s′ 6|= φεs .

There must exist some k ∈ N such that for each s ∈ S we have that φs ∈ (|s|)k.Therefore, we get that s′ /∈ [[χSk ]], due to there existing some φs ∈ (|s|)k suchthat s′ 6|= φεs, for any s ∈ S, i.e.

s′ 6|=∨s∈S

∧φ∈(|s|)h

φε ,

Ergo,⋂k∈N

[[(χSk )ε]] ⊆ SR . (A.14)

By Equation (A.13) and A.14 combined we have now shown that Equa-tion (A.12) holds. By similar reasoning we can create a sequence of formulae[[χT0 ]] ⊇ [[χT1 ]] ⊇ ... where⋂

h∈N[[(χTh )ε]] = TR . (A.15)

56 A Proofs

We now show that

∀k, h ∈ N : inf Θ(m)(S, T ) ≥ inf Θ(n)([[(χSk )ε]], [[(χTh )ε]])− ε . (A.16)


∃k, h ∈ N : inf Θ(m)(S, T ) < u < inf Θ(n)([[(χSk )ε]], [[(χTh )ε]])− ε .

where u ∈ Q. Since inf Θ(m) is monotonic and since S ⊆ [[χSk ]] and T ⊆ [[χTh ]]we have that




for which m |= χ and n 6|= χε, thereby contradicting that mRn, so Equa-tion (4.5) must hold.


Θ(n)(⋂k∈N

[[(χSk )ε]],⋂h∈N

[[(χTh )ε]]) =⋂

k,h∈NΘ(n)([[(χSk )ε]], [[(χTh )ε]])

Since M is branching-compact and due to Equation (A.16), we get byLemma 2.3 that

inf Θ(m)(S, T ) ≥ inf⋂

k,h∈NΘ(n)([[χSk ]], [[χTh ]])− ε

and by Equation (A.12) and (A.15) we get that

inf Θ(m)(S, T ) ≥ inf Θ(n)(SR, TR)− ε . (A.17)

Infinite Case.


⋃k∈N Sk = S and

⋃h∈N Th = T .

Since Sk and Th are finite for any k, h ∈ N we have by what we previouslyshowed in the finite case (Equation (A.17)), that

∀k, h ∈ N : inf Θ(m)(Sk, Th) ≥ inf Θ(n)(SRk , TRk )− ε

Therefore, by Lemma 2.2, we have that

inf⋃

k,h∈NΘ(m)(Sk, Th) ≥ inf

⋃k,h∈N

Θ(n)(SRk , TRh )− ε


inf Θ(m)(S, T ) ≥ inf Θ(n)(SR, TR)− ε .

ut

Documents

Weighted Systems in Branching-Time · Weighted Systems in Branching-Time Behavioural Relations, Behavioural Distances, and their Logical Characterisations Aalborg University Department