Mathematical Problems in Engineering

Volume 2015 (2015), Article ID 607013, 12 pages

http://dx.doi.org/10.1155/2015/607013

## A Deductive Approach towards Reasoning about Algebraic Transition Systems

^{1}School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China^{2}Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis, Guangxi University for Nationalities, Nanning 530006, China^{3}High Performance Network Lab, Institute of Acoustics, Chinese Academy of Sciences, Beijing 100190, China

Received 7 June 2015; Accepted 16 August 2015

Academic Editor: Krishnaiyan Thulasiraman

Copyright © 2015 Jun Fu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Algebraic transition systems are extended from labeled transition systems by allowing transitions labeled by algebraic equations for modeling more complex systems in detail. We present a deductive approach for specifying and verifying algebraic transition systems. We modify the standard dynamic logic by introducing algebraic equations into modalities. Algebraic transition systems are embedded in modalities of logic formulas which specify properties of algebraic transition systems. The semantics of modalities and formulas is defined with solutions of algebraic equations. A proof system for this logic is constructed to verify properties of algebraic transition systems. The proof system combines with inference rules decision procedures on the theory of polynomial ideals to reduce a proof-search problem to an algebraic computation problem. The proof system proves to be sound but inherently incomplete. Finally, a typical example illustrates that reasoning about algebraic transition systems with our approach is feasible.

#### 1. Introduction

System verification requires a mathematical structure on which the system in question is described precisely.* Labeled transition systems* [1] are such structures proposed for this purpose, which are widely used to specify hardware and software systems [2], for example, integrated circuit system, communication protocols, and concurrent algorithms. A labeled transition system is a specified transition system (first presented by Keller [3]) whose transitions are labeled by abstract labels. Abstract labels are sufficient for modelling atomic actions which trigger transitions of systems, but they are insufficient to describe enough details on transitions of complex systems. For instance, we concern much with the details on how a train reduces its speed in the brake mode, which is usually specified by mathematical equations.

*Algebraic transition systems* [4] are extended from labeled transition systems by labeling transitions with algebraic assertions, which are conjunctions of polynomial equations. Transitions labeled with algebraic assertions are able to describe how states change according to those polynomial equations. That is very necessary for modelling complex systems. What is more significant is that many mathematical techniques on polynomials are available to the analysis of complex systems, such as the theory of polynomial ideals [5]. On the other hand, conventional methods are not competent for the verification for algebraic transition systems due to the complexity of algebraic assertions. To the best of our knowledge, there is no approach for reasoning about algebraic transition systems. Our study is motivated mainly by this.

Our approach is related to* theorem proving* which is a well-established verification method of labeled transition systems. The theorem proving method [6, 7] tries to find a proof of the desired property, which is written as a theorem in logic languages. Another verification method, called* model checking*, uses a finite-state traversal technique algorithm [8, 9]. Hence model checking method automatically checks whether a given system satisfies the desired properties by traversing the state space of the system. However, model checking requires systems to be finite-state systems or those systems whose state space can be divided into finite quotient subspaces [10, 11]. While theorem proving method is not restricted by finite-state systems and hence applies to complex systems, most of which have infinite state spaces. Since the state spaces of algebraic transition systems are defined on which is infinite, we choose theorem proving method to verify of algebraic transition systems.

Inspired by [4, 12–14], we present a deductive approach for specifying and verifying algebraic transition systems. Our approach includes a modification of dynamic logic () and a proof system for . The is extended from dynamic logic [15] by allowing algebraic equations in modalities. There are two standard modalities and where is defined with algebraic equations. The refers to the states reachable by all runs of , while indicates the states reachable by some runs of . The formal semantics of modalities is defined with zero sets of polynomials. These modalities embedded in logical formulas are used to model behaviors of algebraic transition systems. The properties of algebraic transition systems are specified with formulas. The satisfaction of formulas is defined with zero sets of polynomials and the semantics of modalities. For deciding whether the desired properties are satisfied, a proof system of the sequent-calculus style, called calculus, is constructed. This proof system aims to find a proof of the desired properties with inference rules. Several special rules are customized to handle modalities with algebraic equations by reducing the proof-search problem to an algebraic computation problem. The algebraic computation procedures enhance the reasoning power of our proof systems. The proof system is proved to be sound but inherently incomplete as many other proof systems. Reasoning about algebraic transition systems with our approach is demonstrated with a typical example.

In recent decades, the deductive approach for specifying and verifying transition systems has received fruitful results [16]. [17] is a specification language designed by Lamport for formally describing and reasoning about distributed systems. Systems are specified in as formulas of the Temporal Logic of Actions (TLA) [6], which is a variant of temporal logic. The proof system (TLAPS) [18, 19] is a general platform for development of proofs. A whole proof in TLAPS is decomposed into a collection of subproofs which are sent to backend verifiers including SMT solvers, theorem provers, and proof assistants. Compared with and TLAPS, our approach is designed for the direct proof of properties on algebraic transitions. With our approach the proof problem is reduced to an algebraic computation problem such as the ideal membership problem on ideal theory. Our proof system can be considered as a backend verifier of TLAPS for algebraic transition systems.

Combined with mathematical procedures, the deductive approach can be used for the verification of more complex systems, for example, real-time systems and reactive systems [20–22]. Platzer [12, 23] developed a deductive framework for the verification of hybrid systems, which are dynamic systems containing continuous evolutions and discrete transitions. A discrete transition in [12] is specified as an explicit assignment of a variable. For instance, the primed variable in the discrete transition , which assigns the value of to , can be immediately eliminated by a replacement with . In contrast, a transition in algebraic transition system is modelled as an algebraic equation. Consider the transition as an example. The primed variable in this transition will be directly eliminated only if can be equivalently written as a polynomial on , such as . In most cases, the transitions in algebraic transition systems generalise the discrete parts of hybrid systems. Algebraic transition systems cannot simply be seen as subsets of hybrid systems and therefore are not covered by usual methods. Somehow our approach can be considered as a complement to usual methods for verifying complex systems.

The rest of this paper is organized as follows. Section 2 presents some preliminary concepts and some theorems which lie in the core of our approach. We introduce our understanding of algebraic transition systems in Section 3. The algebraic modification of dynamic logic is described in Section 4. In Section 5 we construct a proof system for this logic and prove the soundness and inherent incompleteness of the proof system in Section 7. Our approach is illustrated by reasoning about a train control system in Section 6. Section 8 concludes with some ideas for future work.

#### 2. Preliminary

In this section, we introduce several important conclusions on polynomial ideal theory, which lie in the core of our approach.

We begin with the concepts of polynomials and ideals. Let be the set of natural numbers including 0, the set of reals, and the set of complex numbers obtained as the* algebraic closure* of the reals. Let be a set of variables. The set of polynomials on the variables, whose coefficients are drawn from the reals, is denoted by .

*Definition 1 (zero set). *Let be a polynomial on ; the zero set of , denoted by , is the set of points in the complex plane such thatwhere is obtained from by replacing all variables with the elements of the point .

We write instead of when the variables are understood in the context. Let be a finite set of polynomials over ; its corresponding zero set is defined asWe say the polynomial * vanishes* at the set if for all .

*Definition 2 (ideals). *A subset is an ideal, if and only if(1);(2)for all , , ;(3)if and , then , where indicates the product of polynomials , .

An ideal generated by a set of polynomials , denoted by , is the smallest ideal containing and equivalentlyThe ideal is said to be finitely generated if the set is finite. Hilbert’s basis theorem says that every ideal in is finitely generated.

The basic relation of an ideal and its generators is that they have the same zero set according to the following theorem.

Theorem 3. *Given an ideal generated by , then the zero set of and the zero set of are the same:*

*Proof. *(1) Since , we immediately conclude that . That is, (2) Conversely,

*Definition 4 (radical ideal). *Let be an ideal. The* radical* of , denoted by , is the set

The following theorem asserts a significant relation between zero sets and ideal membership, which is the underlying algebraic principle of axiom rules in Section 5.

Theorem 5. *Given and , if there is an integer such that , that is, , then vanishes at the zero set of ; that is, . Equivalently,*

*Proof. *This theorem immediately corresponds to one direction of the famous theorem called* Hilbert’s Nullstellensatz*. The proof of Hilbert’s Nullstellensatz can be found in [5].

A fundamental question in ideal theory is checking whether a given polynomial belongs to the radical of an ideal, which is known as* radical membership problem*. This problem involves the following theorem.

Theorem 6. *Let be a polynomial and let be an ideal. Then belongs to the radical of the ideal if and only if the constant belongs to the ideal ; that is,where is a new variable different from .*

*Proof. *A proof of this theorem can be found in any standard text on ideal theory (see Proposition 8 in [5]).

The core of solving radical membership problem requires a special kind of generators, called* reduced Gröbner basis*. Every ideal of has a unique finite reduced Gröbner basis [24]. To determine if , we compute the reduced Gröbner basis of the ideal . If the result is , then . Otherwise, .

Another application of reduced Gröbner basis, shown by the following theorem, is deciding whether there exists a zero set for a finite set of polynomials.

Theorem 7. *Let be a finite set of polynomials and the reduced Gröbner basis for . Then has an empty zero set if and only if ; that is, .*

*Proof. *A proof of this theorem can be found in Corollary 4.3.7 in text [24].

#### 3. Algebraic Transition Systems

In this section, we demonstrate how algebraic assertions enrich the abstract labels of labeled transition systems.

*Definition 8 (algebraic assertions). *An* algebraic assertion * over the set of variables is defined as a finite union of polynomial equations of the formwhere, for each , .

For an algebraic assertion , its zero set is defined asWe say that a point satisfies , denoted by , if belongs to the zero set of ; that is, .

An algebraic transition system is specialized from a labeled transition system. Each transition of an algebraic transition system is labeled with an algebraic assertion instead of an abstract label.

*Definition 9 (algebraic transition system). *An algebraic transition system is a tuple , where (i) is the set of states;(ii) is the set of transitions;(iii) is a set of algebraic assertions on including the null label ;(iv) is a label function assigning each transition to an algebraic assertion.

For an algebraic transition system , a state is a function which maps each variable in to a real. According to the label function , each transition is labeled with an algebraic assertion denoted by . The algebraic assertion is defined on , where denotes the current-state variables and denotes the next-state variables.

The transition relation of , which describes how states change, is defined by algebraic assertions on . For each , the transition relation is determined by the label as follows:where , indicate the current state and the next state, respectively, and is evaluated by substituting each variable of with the corresponding value in and each variable with the corresponding value in , respectively. In particular, the null label specifies an identical relation on ; that is, . The transition labeled by from to is denoted by .

An algebraic transition system is* deterministic* if there is at most one transition and one label for any state; otherwise it is* nondeterministic*. As for a deterministic algebraic transition system, the next state is determined uniquely by the current state. For instance, given an algebraic assertion , the next state is obtained by adding 1 to the variable in the current state. We say the transition labeled by is deterministic and nondeterministic if (because the next state can take or ). Obviously, an algebraic transition must be deterministic if for all each variable in can be written as a unique polynomial over . In this case, each algebraic assertion can be written as with each and . Hence the value of each variable in the next state is uniquely determined by in the current state according to .

*Definition 10 (run). *Given an algebraic transition system , a run of is defined by a sequence of transitions as follows:where the th element of is denoted by and for each there exists a transition from state to state such that

*Example 11. *In order to illustrate algebraic transition systems, we present a simplified train control system shown in Figure 1. Assume that a train has two modes: the acceleration mode () and the deceleration mode (). The train keeps checking the current mode and velocity. If it is in mode and its velocity reaches , it will invert the acceleration power () and change its mode to mode . Then the position of the train evolves with velocity along and . If the velocity of the train slows down to in mode , it will invert its deceleration power () and switch to mode . Compared with real-time systems and hybrid system, the behavior of algebraic transition systems is discrete, such as the discrete behavior of the train with time period . Note that we use the relaxed version of algebraic assertions. For instance, we write as the relaxed version of . The and can be any certain constants.