CS659: Autonomous Cyber-Physical Systems

Discrete Dynamics

Indranil Saha

Department of Computer Science and Engineering

Indian Institute of Technology Kanpur

January 19, 2021

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 1/30

State of a System

A state describes some information about a system at a certain

moment of its behavior.

Examples:
a state of a traffic light indicates the current color of the
light.
a state of a sequential computer program indicates the
current values of all program variables together with the
current value of the program counter that indicates the next
program statement to be executed.
In a synchronous hardware circuit, a state typically
represents the current value of the registers together with
the values of the input bits.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 2/30

Transition

Transitions specify how the system can evolve from one state to
another.

Examples:
In the case of the traffic light, a transition may indicate a
switch from one color to another.
For the sequential program, a transition typically
corresponds to the execution of a statement and may
involve the change of some variables and the program
counter.
In the case of the synchronous hardware circuit, a
transition models the change of the registers and output
bits on a new set of inputs.

Transitions are enabled by some actions.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 3/30

Atomic Propositions

Atomic propositions are used to formalize temporal

characteristics.

Atomic propositions intuitively express simple known facts

about the states of the system under consideration.

Examples:
x equals 0 or x is smaller than 200 for some given integer
variable x.
The velocity of a vehicle is more than 60 km/hr.
A robot is present in a location.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 4/30

Transition Systems

A transition system TS is a tuple (S, Act, →, I, AP, L) where

S is the set of states,
Act is the set of actions,
→⊆ S × Act × S is a transition relation,
I ⊆ S is the set of initial states,
AP is the set of atomic propositions, and
L : S → 2AP is a labeling function.

TS is finite if S, Act, and AP are finite.

α
→ s0 instead of (s, α, s0 ) ∈→.
For convenience, we write s −

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 5/30

Behavior of a Transition System

The transition system starts in some initial state s0 ∈ I.

It evolves according to the transition relation →.
α
→ s0 originating
If s is the current state, then a transition s −
from s is selected nondeterministically.
The action α is performed and the transition system evolves
from state s into the state s0 .
This selection procedure is repeated in state s0 .
The procedure finishes once a state is encountered that
has no outgoing transitions.
In case a state has more than one outgoing transition, the
“next” transition is chosen in a purely nondeterministic
fashion.
Similarly, when the set of initial states consists of more
than one state, the start state is selected
nondeterministically.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 6/30

Example: Beverage Vending Machine

S = {pay , select, soda, beer },

Act = {insert_coin, get_soda, ger _beer , τ },
insert_coin get_beer
pay −−−−−−→ select, beer −−−−−→ pay , . . .,
I = {pay },
AP = {paid, drink },
L(pay ) = ∅, L(select) = {paid}, L(soda) = L(beer ) = {paid, drink }.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 7/30

Direct predecessors and successors

Let TS be a transition system (S, Act, →, I, AP, L).

For s ∈ S and α ∈ Act:

α
[
Post(s, α) = {s0 ∈ S | s −
→ s0 }, Post(s) = Post(s, α),
α∈Act
[ [
Post(C, α) = Post(s, α), Post(C) = Post(s).
s∈C s∈C

Post(s, α) is called the set of direct α-successors of s.

α
[
Pre(s, α) = {s0 ∈ S | s0 −
→ s}, Pre(s) = Pre(s, α),
α∈Act
[ [
Pre(C, α) = Pre(s, α), Pre(C) = Pre(s).
s∈C s∈C

Pre(s, α) is called the set of direct α-predecessors of s.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 8/30

Terminal State

State s in transition system TS is called terminal if and only if

Post(s) = ∅.

Example. For a transition system modeling a sequential

computer program, terminal states occur as a natural
phenomenon representing the termination of the program.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 9/30

Deterministic Transition System

Let TS be a transition system (S, Act, →, I, AP, L).

TS is called action-deterministic if |I| ≤ 1 and |Post(s, α)| ≤ 1

for all states s and actions α.

TS is called AP-determinstic |I| ≤ 1 and

|Post(s) ∩ {s0 ∈ S|L(s0 ) = A}| ≤ 1 for all states s and A ∈ 2AP .

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 10/30

Execution

Definition (Finite Execution Fragment)

Let TS be a transition system (S, Act, →, I, AP, L). A finite
execution fragment of TS is an alternating sequence of states
and actions ending with a state % = s0 α1 s1 α2 . . . αn sn such that
αi+1
si −−→ si+1 for all 0 ≤ i < n, where n ≥ 0.

Definition (Infinite Execution Fragment)

An infinite execution fragment of TS is an alternating sequence
of states and actions ending with a state % = s0 α1 s1 α2 s2 α3 . . .
αi+1
such that si −−→ si+1 for all 0 ≤ i.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 11/30

Execution

Definition (Maximal and Initial Execution Fragment)

A maximal execution fragment is either a finite execution
fragment that ends in a terminal state, or an infinite execution
fragment.
An execution fragment is called initial if it starts in an initial
state, i.e., if s0 ∈ I.

Definition (Execution)
An execution of a transition system is an initial, maximal
execution fragment.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 12/30

Example: Beverage Vending Machine

insert_coin τ get_soda insert_coin τ

ρ1 : pay −−−−−−→ select −
→ soda −−−−−→ pay −−−−−−→ select −
→
get_soda
soda −−−−−→ . . .
τ get_soda insert_coin τ get_beer
ρ2 : select −
→ soda −−−−−→ pay −−−−−−→ select −
→ beer −−−−−→ . . .
insert_coin τ get_soda insert_coin τ
ρ3 : pay −−−−−−→ select −
→ soda −−−−−→ pay −−−−−−→ select −
→
get_beer
beer −−−−−→

Which one of the above is an execution?

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 13/30

Rechable States

Let TS be a transition system (S, Act, →, I, AP, L).

A state s ∈ S is called reachable in TS if there exists initial,

α1 α2 αn
finite execution fragment s0 −→ s1 −→ . . . −→ sn = s.

Reach(TS) denotes all rechable states of S.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 14/30

State Graph

Definition (State Graph)

The state graph of TS denoted by G(TS) is the digraph (V , E)
with vertices V = S and edge
E = {(s, s0 ) ∈ S × S | s0 ∈ Post(s)}.

The state graph is obtained by omitting the state labels and the
transition labels from the transition system.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 15/30

Path Fragment

Definition (Finite Path Fragment)

A finite path fragment π̂ of TS is a finite state sequence
s0 s1 . . . sn such that si ∈ Post(si−1 ) for all 0 ≤ i < n where
n ≥ 0.

Definition (Infinite Path Fragment)

An infinite path fragment π of TS is an infinite state sequence
s0 s1 s2 . . . such that si ∈ Post(si−1 ) for all i > 0.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 16/30

Path

Definition (maximal Path Fragment)

A maximal path fragment is either a finite path fragment that
ends in a terminal state, or an infinite path fragment.

Definition (Initial Path Fragment)

A path fragment is called initial if it starts in an initial state, i.e.,if
s0 ∈ I.

Definition (Path)
A path of transition system TS is an initial, maximal path
fragment.

Let Paths(TS) denote the set of all paths in TS, and

Pathsfin (TS) the set of all initial, finite path fragments of TS.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 17/30

Example: Beverage Vending Machine

π1 : pay select soda pay select soda . . .

π2 : select soda pay select beer . . .
π3 : pay select soda pay select beer

Which one of the above is a path?

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 18/30

Trace

Definition (Trace)
Let TS be a transition system (S, Act, →, I, AP, L) without
terminal state.
The trace of the infinite path fragment π = s0 s1 . . . is defined as
Trace(π) = L(s0 )L(s1 ) . . ..
The trace of the finite path fragment π̂ = s0 s1 . . . sn is defined
as Trace(π̂) = L(s0 )L(s1 ) . . . L(sn ).

Traces(s) denotes the traces corresponding to all the paths

starting at state s.

Traces(TS) denotes the traces corresponding to all the paths

starting at some initial state s0 ∈ I.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 19/30

Example: Beverage Vending Machine

π1 : pay select soda pay select soda . . .

∅ {paid} {paid, drink } ∅ {paid} {paid, drink } . . .
π2 : select soda pay select beer . . .
{paid} {paid, drink } ∅ {paid} {paid, drink } . . .
π3 : select soda pay select beer
{paid} {paid, drink } ∅ {paid} {paid, drink }

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 20/30

LT Property

Definition (LT Property)

A Linear-time property (LT property) over the set of atomic
propositions AP is a subset of (2AP )ω .

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 21/30

Examples of LT Properties

Mutual Exclusion

Traffic Light

Multi-robot collision Avoidance

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 22/30

Satisfaction of an LT Property

Definition (Satisfaction of LT property)

Let P be an LT property over AP.
Let TS be a transition system (S, Act, →, I, AP, L) without
terminal state.
Then TS satisfies P, denoted by TS |= P, iff Traces(TS) ⊆ P.
A state s satisfies P, written as s |= P, whenever
Traces(s) ⊆ P.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 23/30

Data Dependent Systems
The executable actions of a data-dependent system typically
result from conditional branching
if x % 2 == 1 then
x=x+1
else
x=x-1

While modeling this program fragment as a transition system,

the conditions of transitions could be omitted and conditional
branchings could be replaced by nondeterminism
- results in a very abstract transition system for which only a few
relevant properties can be verified.

Alternatively, conditional transitions can be used

- the resulting graph (labeled with conditions) can be unfolded
into a transition system that subsequently can be subject to
verification.
CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 24/30
Program Graph

A program graph PG over set Var of typed variables is a tuple

(Loc, Act, Effect, ,→, Loc0 , g0 ), where
Loc is a set of locations and Act is a set of actions
Effect : Act × Eval(Var ) → Eval(Var )
,→⊆ Loc × Cond(Var ) × Act × Loc is the conditional
transition relation,
Loc0 ⊆ Loc is the set of initial locations
g0 ∈ Cond(Var ) is the initial condition
g:α
The notation ` ,−−→ `0 is written instead of (`, g, α, `0 ) ∈,→.

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 25/30

Example: Beverage Vending Machine
true:refill
T 1 : start ,−−−−→ start
true:coin
T 2 : start ,−−−−→ select
nsoda>0:get_soda
T 3 : select ,−−−−−−−−−−→ start
nbeer >0:get_beer
T 4 : select ,−−−−−−−−−−→ start
nsoda=0∧nbeer =0:ret_coin
T 5 : select ,−−−−−−−−−−−−−−−→ start

Var = {nsoda, nbeer } Effect(coin, η) = η

Loc = {start, select} Effect(ret_coin, η) = η
Loc0 = {start} Effect(sget, η) = η[nsoda := nsoda − 1]
g0 = (nsoda = max ∧ nbeer = max) Effect(bget, η) = η[nbeer := nbeer − 1]
Act = {bget, sget, coin, ret_coin, Effect(refill, η) = [nsoda := max, nbeer := max]
refill}

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 26/30

Transition System Semantics of a Program Graph

The Transition system TS(PG) of program graph

P = (Loc, Act, Effect, ,→, Loc0 , g0 ) over set Var of variables is
the tuple (S, Act, →, I, AP, L) where
S = Loc × Eval(Var )
→⊆ S × Act × S is defined by
g:α
` ,−−→ `0 ∧ η |= g
α
→ h`0 , Effect(α, η)i
h`, ηi −

I = {h`, ηi`l ∈ Loc0 , η |= g0 }

AP = Loc ∪ Cond(Var )
L(h`, ηi) = {`} ∪ {g ∈ Cond(Var ) | η |= g}

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 27/30

Example: Beverage Vending Machine

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 28/30

References

C. Baier and J.-P. Katoen. Principles of Model Checking. The

MIT Press, 2008. (Chapter 2 and Chapter 3)

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 29/30

Next Class

Discrete systems having parallelism and communication

CS659: Autonomous Cyber-Physical Systems Discrete Dynamics 30/30