# Model Minimal en 2

Embed Size (px)

Citation preview

• 8/6/2019 Model Minimal en 2

1/19

Minimal Models and Bisimulation in Modal Logic

Alexandru Dragomir

Abstract

First, I will introduce the notions of Kripke-model and bisim-

ulation and afterwards I will state and prove some of their prop-

erties. Next, I will present the construction of a minimal model

by factoring the model to its largest bisimulation. Obviously,

the domain of a minimal model (consisting of quotients modulo

the largest bisimulation) is at most as large as the original model.

Keywords: bisimulation, bisimulation contraction, Kripke model,

minimal model.

1 Kripke Models

Let us consider Kripke-model defined as follows:

M = (W, {a |a A}, ), where:

1. W is a finite, nonempty set ofpossible worlds, states, points or nodes,

2. {a |a A} is a collection of binary relations (accessibility relations

between the worlds of our model) indexed by the set of agents A: aA

1

• 8/6/2019 Model Minimal en 2

2/19

W W, and:

3. The valuation function - the function that assigns sets of worlds

(subsets of our domain, W) to our propositional variables or, equivalently,

the function that assigns the truthhood or the falsehood to propositional

variables of our language relative to the worlds of our domain 1:

(1.1) : V ar(L) W {, }

Or, equivalently 2:

(1.2) : V ar(L) 2W

Definitions (1.1) and (1.2) are equivalent if we assume the following

aspect: if a variable is not assigned to a certain world, then its negation is

true at that world.

Being that we defined our main tool for the construction of a semantics

of modal logic, the Kripke-model, we can now define the satisfaction relation

|=: |= (M, w)Prop(L) as the smallest relation that respects the following

conditions:

R1. M, w |= p iff w (p), for all p W and for all p V ar(L).

R2. M, w iffM, w , for all Prop(L)

R3. M, w iffM, w and M, w , for all , Prop(L)

R4. M, w iffM, w or M, w , , Prop(L)

1The first definition is usually offered in modal logic textbooks and articles (e.g.: Black-burn, P., Venema, Y., de Rijke, M., Modal Logic, Cambridge University Press, 2002), while

the second is preffered in the epistemic logic related texts (e.g.: Fagin, R., Halpern, J. Y.,Moses, Y. M., Vardi, Y., Reasoning about Knowledge, The MIT Press, Cambridge, 1995).

22W is the powerset ofW. This notation is not arbitrary: the cardinal of the powersetof any set P (the set of all subsets ofP) is 2card(P), where card(P) is the cardinal ofP.

2

• 8/6/2019 Model Minimal en 2

3/19

R5. M, w iffM, w or M, w , , Prop(L)

R6. M, w iff u : Rwu M, u , Prop(L)

R7. M, w iff u : Rwu M, u , L

2 Bisimulation

For starters, Ill offer the definition of the simplest notion of equivalence

between models:

Definition. Let w M and w M be two states of two models. We

call the states w and w equivalent iff they satisfy the same formulas (or

propositions):

w w iff { | M, w |= } = { | M, w |= }, or:

w w iff (M, w |= M, w |= )

Definition. Two models M and M are equivalent iff they satisfy the

same formulas:

M M iff { | M |= } = { | M |= }.

M M iff (M |= M |= )

The Bisimulation Relation Between Kripke-Models3

Lets consider a new equivalence relation between two models: WW. Well say is a bisimulation if the following conditions hold:

3Blackburn, P. et al., Modal Logic, pp. 65-66

3

• 8/6/2019 Model Minimal en 2

4/19

(2.1) Atomic harmony: If w w, then w and w satisfy the same

propositional letters:

w w p V ar(P) : M, w |= p M, w |= p.

(2.2) Zig: If w w si w v, then v M : v v and w v.

(2.3) Zag: If w w si w v, then v M : v v and w v.

2.1 Preliminary Results

Proposition. If two models are bisimilar (there is a bisimulation linking

them), they are equivalent (meaning that they verify the same formulas).

We say that between two bisimilar models all information is preserved.

w W, w W : (M, w) (M, w) (M, w) (M, w)

Proof4. By induction on the length of any proposition :

1. Basis: Assuming that w w, the atomic harmony condition assures

us that w |= p w |= p, p L

2. Induction Hypothesis: Assuming that w w, we obtain thatM, w |=

M, w |=

3. Induction Step:

3. a) The Case of Negation. Lets assume that M, w . Then,

M, w . From this, using the hypothesis of induction we arrive at:M

, w , so M, w . As a conclusion, he have that if w w,

4van Ditmarsch, H.P. et al., Dynamic Epistemic Logic, p. 25, Blackburn, P. et al.,Modal Logic, 67

4

• 8/6/2019 Model Minimal en 2

5/19

then M, w |= M, w |= .

3. b) The Case of Conjunction. Lets assume that M, w |= . From

the semantic rule R3, we have that M, w |= and M, w |= . By the

hypothesis of induction we have that M, w |= and M, w |= , and, by

the semantic rule R3, we arrive at: M, w |= .

3. c) The Case of Necessity. Well prove that if w w, then, if

M, w |= , then: M, w |= .

Lets say thatM, w |= . We arbitrarily choose a state u ofW, so that

w u. Because w w, from zag, we have that u : w u and u u.

By the hypothesis induction, we have: M, u |= M, u |= . Because

M, w |= , then M, u |= , so M, u |= . Since u was arbitrarily chosen,

we have that for all u in W so that w u it holds that M, u |= . By

the definition of the necessity operator, we derive that M, w |= .

In order to show that if w w, then, ifM, w |= , then M, w |= ,

we only have to reason analogously, this time using zig.

3. d) The Case of the Possibility Operator.

Well show that for w w, ifM, w |= , then M, w |= .

IfM, w |= , then u : w u, with M, u |= . By zig, we have that

u : w u and u u. By the hypothesis induction, we know that

M, u |= . From this we conclude that M, w |= , by the semantic rule

of the possibility operator.

In order to show that: ifw w, then, ifM, w |= , then M, w |= ,

we can reason by analogy, using, this time, zag.

5

• 8/6/2019 Model Minimal en 2

6/19

The Henessy-Milner Theorem5. If two finite models are equivalent,

then they are bisimilar.

First, I want to emphasize that if we ignore the condition of finitude,

then we can find both equivalent and bisimilar models. As shown in the

figure below, the infinite model M2 is equivalent to the finite model M1,

but, on the other hand, the two are not bisimilar.

...

M1

...

. . .M2

Figure 1. In this figure two equivalent but not bisimilar models are

represented.

Proof. The idea of this proof is to show that the equivalence relation

between models (as defined at the beginning of the second section) is a

bisimulation relation.

1. has the property of atomic harmony. IfM, w M, w, then, by

the definition of equivalence, the two of them satisfy the same propositions

and atoms.

2. has the property of zig. Let us assume that M, w M, w and

that w u. Lets presuppose, for the sake of contradiction, that u :

5Blackburn, P. et al, Modal Logic, pp. 69-70.

6

• 8/6/2019 Model Minimal en 2

7/19

(w u u u).

Well consider the following set: S = {u | w u}, as the set of

all states accessible by M from the states w M. We know that

w u, so w , which is equivalent to w , so w . Because it

holds that w w, we have that w , so S = (the states in which it

is true that are the dead-end states - the ones that have no other state

accessible).

Now, because M is finite, it follows that S = is finite, so its ele-

ments can be enumerated (of course, since its an enumerable set): S =

{u1,...,un}. By assumption, we have that u

i S

, i : (M, u i

M, ui i).

From ui S, i : M, ui i, we deduce that M

, ui i. Now, a

little less formal, in any state ui accessible from w, there is a formula i

so that M, u i, so ui Si : M, ui

ni=1 i. We deduce that

M, w (

i) M, w (

n

i=1

i) M, w (n

i=1

i)

M, w (

ni=1 i). (*)

From ui S, i : M, u i, we immediately obtain that M, u

ni=1 i, and that M, w (

ni=1 ), which contradicts our previous (*),

and finally we see rejected our assumption that the zig property doesnt

hold. So, has the property zig.

3. has the property ofzag. We can proceed in analogy with the above

(for zig).

In conclusion, any two finite models are bisimilar if and only if they are

equivalent.

7

• 8/6/2019 Model Minimal en 2

8/19

Properties:

a) Bisimulation is an equivalence relation between two models (an equiv-

alence relation is a reflexive, symmetrical, and transitive relation).

Proof. To prove our assertion, well have to show that bisimulation

verifies the three properties of an equivalence relation, for an arbitrarily

chosen model M = (W, , ).

1. Reflexivity: a a. It is clear that a satisfies the same variables as a,

(by atomic harmony). Ifa x, then (x) : a x (zig), so a a.

2. Symmetry: Lets assume that a b. Then, b and a satisfy the same

propositional variables (by atomic harmony). In addition, if a x and

()y : b y, then: if b y, then ()x : a x (zig), so b a.

3. Transitivity: Lets assume that a b si b c. Then, a x, b y,

c z. Then, if a x and c z, we have that a c.

b) If is a bisimulation on M, then its inverse: 1

is also a bisimula-

tion on M.

Proof. We have that: a b and 1= {(b, a) : a b}. From a b we

deduce that: (1) p : a |= p b |= p, (2) zig: a a b : b b and

a b, (3) zag: b b a : a a and a b. We arbitrarily choose

a and b, and proceed to show b 1 a is a bisimulation as follows:

Atomic harmony: From (1), we immediately obtain that p : b |= p

a |= p.

Zig: zig for b 1 a is identical with proposition (3) (zag for a b).

8

• 8/6/2019 Model Minimal en 2

9/19

Zag: The same, condition zag for b 1 a is identical with proposition

(2) (zig for a b).

In another approach, a b b a is true because bisimulation is

a symmetrical relation (being an equivalence relation), so a 1 b is a

bisimulation.

c) If and are bisimulation on M, then their composition: is

also a bisimulation on M.

Proof. If X Y, Y Z (bisimulations), then X Z,

= {(x, z) : y(x y y z)}. We will only prove the atomic harmony

and zig.

Atomic harmony: Because it holds that x y, we have that: p : x |=

p y |= p. Also, because y z, we have that p : y |= p z |= p, so:

p : x |= p z |= p.

Zig: If x y, x x y : y y and x y and if y z,

y y z : z z and y z. Because we have that x x

and z z and x y, y z (so (x, z) ), it results that the

condition zig is verified by .

d) If{i: i I} is a set of bisimulations on M, then their union:iI i

is a bisimulation on M.

Proof: Well show that for any 1 and 2 bisimulation on M, it holds

that: 1 2 is a bisimulation on M.First, lets remember that: 1 2= {(x, y) 1 2 | (x, y) 1

(x, y) 2}.

9

• 8/6/2019 Model Minimal en 2

10/19

Well assume w(1 2)u and show the following:

1) Atomic harmony: From our assumption, it results that w 1 u or

w 2 u; Also from the assumption - the fact that 1 and 2 are bisimula-

tions - we conclude that in both cases w and u satisfy the same propositional

variables;

2) zig: if (w, u) 1 2, then we distinguish two cases: a) if w 1 u

and w w, then u : u u and w 1 u, by which: w(1 2)u;

and b) if w 2 u and w w, then u : u u and w 2 u

, and we

conclude that: w(1 2)u.

3. Zag: We reason by analogy with zig.

e) The empty relation is a bisimulation.

Proof: It is evident. By the fact that the empty bisimulation doesnt con-

tain any relation between states, the conditions of bisimulation are satisfied

by default.

Given the property expressed by (d), we can define the largest bisimu-

lation on a model. Lets consider , a bisimulation that relates or links all

states ofW. Then, B =

WW is the union of all bisimulations and a

bisimulation itself. B is the largest bisimulation on M.

Its interesting that bisimulation links also the states that are not ac-

cesibile to any other state. Lets assume that M contain such an isolated

state w. Also, lets consider another model M as a copy ofM, but without

the isolated state w. Then, the two models would not be equivalent, since

model M satisfies an extra formula: , at w: M, w |= .

10

• 8/6/2019 Model Minimal en 2

11/19

We can say that bisimulations 6 are weaker than isomorphisms, but

stronger than homomorphisms. In what sense ? All three of them preserve

the structure of the model, but, on the other hand, two homomorphical mod-

els may not preserve the same information (they might not satisfy the same

formulas) while isomorphic models even though satisfy the same proposi-

tions, do not allow for any change of structure: remember that you can

find models of different structure that preserve the same information. As

an advantage, the bisimulation relation may hold between models with very

different structure but satisfying the same formulas.

It is worthy of another commentary that, dependending on the field of

study, bisimulation has different uses and theoretical meanings. In automata

theory, a bisimulation is an equivalence relation between distinct (not iso-

mophic) transition systems of similar behaviour. In set theory without the

axiom of foundation - which tells us that a set cannot contain itself as a

subset - the identity or equality of two sets cannot be defined extensiona

extensionally, like this: two sets are equal if they contain the same elements.

The reason is simple: if a set contains itself as a subset, then its depth is

infinite, so induction could not be used to establish its equality to other

sets7. Actually, the equality of such unusual sets is proved by showing that

they are bisimilar (there is a bisimulation between them).

6...and the equivalent notion of a p-morphism.7Davide Sangiorgi, On The Origin of Bisimulation and Coinduction, p. 133

11

• 8/6/2019 Model Minimal en 2

12/19

3 The Minimal Model

Bibliographical indications: Wang, Y., Epistemic Modelling and Proto-

col Dynamics, p. 12., Van Bentham, J., Modal Logic for Open Minds, pp.

27-28.

Let M be a model that satisfies a set of propositions. We can ask

ourselves: what is the smallest model that preserves the same information ?

In our understanding, a minimal model (the one used and analysed in this

paper8) will be a model factorized by the largest bisimulation on it. This

construction is also entitled the (bisimulation contraction). In automata

theory we find an analogous structure named quotient transition system,

and also in graph theory the structure named quotient graph.

Well use the following notation for our minimal model: M/ = (W/,

, ). Its construction needs a few other preliminary constructions and some

steps to follow (each step corresponding to a stage of its construction).

a) M/ is the quotient model - the model factorized by the relation .

Also, it should be mentioned (once again) that is the largest bisimulation

on M. Once weve found a relation W W, we can proceed:

b) W/, is the set of all equivalence (modulo ) classes of our states of

W. So:

(3.1) W/ = {[w] | w W}, unde:

(3.1.1) [w] = {w W | w w}

8See also: De Lavalette, G.R.R., Van Ditmarsch, H.P., Epistemic Actions and MinimalModels

12

• 8/6/2019 Model Minimal en 2

13/19

c) To obtain W/ W/, we could use the following rule:

(3.2) w a w = [w] a [w]

a, then their quotients (modulo ) ([w] and [w]) are linked by the

relationa

.

d) The valuation function is defined by taking into account that W

is a set of equivalence classes of elements of W. So:

(3.3) : V ar(P) 2W/

So, we can have two alternative and equivalent definitions of the valuation

function :

(3.4) (p) = {[(p)]}

As it can be seen, the variable p is no longer sent into a set of states, but

into a set of equivalence classes of states. If the variable is sent into a single

state, we can write: (p) = [(p)].

(3.5) : V ar(P) W/ {, }

Then, is defined as follows:

(3.6) (p,w) = (p, [w])

Because M/ is obtained by factoring the model M by , the two

models are bisimilar, and therefore equivalent (in the sense that they cotain

the same information).

Example:

Lets consider the Kripke-modelM = (W, a, ), defined in the follow-

ing manner: W = {1, 2, 3, 4}, a= {(1, 2), (1, 3), (2, 4), (3, 4)}. The largest

13

• 8/6/2019 Model Minimal en 2

14/19

bisimulation on the model M is constructed out of the following bisimula-

tions: 1 1, 2 3, 4 4. As we defined it above, the largest bisimulation

is the union of bisimulations: = {(1, 1), (2, 3), (4, 4)}. Because bisimula-

tion is an equivalence relation (see the proof above), we can construct the

quotient model, the model ofM by :

W/ = {[1], [2], [4]}.

Given that [2] = [3], we have equivalently: W/ = {[1], [3], [4]}.

Then, in order to obtain the accessibility relation required for a quotient

model:

1 2 = [1] [2]

1 3 = [1] [3]

2 4 = [2] [4]

3 4 = [3] [4]

Since it holds that: [2] = [3], we have that: [1] [3] is iden-

tical to [1] [2], and [3] [4] is identical to [2] [4],

so [1] [3] and [3] [4] can be eliminated from the graphic

representation.

14

• 8/6/2019 Model Minimal en 2

15/19

• 8/6/2019 Model Minimal en 2

16/19

Proof. Lets consider = {(x, x) | x W}. We have to shot that

verifies the three conditions for being a bisimulation.

1. Atomic harmony: Let us assume that (x, x) . Then, x |= p iff

x |= p is evidently true.

2. Zig. Let us assume that (x, x) and x y. Then, (y) :

x y for y = y si (y, y) from the definition of our relation .

3. Zag. The argument is symmetrical to Zig.

Proposition. Every bisimulation on the minimal model (the quotient

model) is included in the diagonal bisimulation. Formally:

Let us consider the model M and the largest bisimulation on it and

its quotient model M/. Also, W/ W/ a bisimulation on M/

and W/ W/ the diagonal bisimulation. Then: , for

W/ W/.

What does this mean ? That any possible bisimulation on the minimal

model links states to themselves. To observe the difference, the bisimulation

on the non-minimal model of Figure 2 (see above) links the distinct states

2 and 3.

Proof10. Well consider w and u two states ofM, [w] and [u] their

equivalence classes modulo (so [w] M/ and [u] M/). Let be

a bisimulation between [w] and [u]. In order to shot that is includedin the diagonal, we have to show that [w] = [u], and this can be proved

10See http : //www.cs.indiana.edu/cmcs/bisimulation.pdf

16

• 8/6/2019 Model Minimal en 2

17/19

easily by showing that w u (remember a property of equivalence classes:

[a] = [b] a b).

Lets consider a relation on M ( W W) between any w and u

defined as such:

w u [w] [u]

Lets prove that is a bisimulation. First, well presuppose (to prove

zig11) that w w. Because is a bisimulation, we have that if [w]

[w] then it exists [x] so that: [u] [x]. By the definition of

equivalence classes, we have that it exists u : u u. Because [u]

[x], we have that it exists a state x so that u x. Because is a

bisimulation, we obtain (zag) that it exists a state x so that u x and

x x. Since it holds that u x, we proved that w u is a bisimulation.

Now, because ( is included in the largest bisimulation on the models,

), we have that w u = w u, what was to be demonstrated.

w u u iff [w] [u]

w x x [w] [x]

1

2

3

Figure 3: To ease the understanding of the proof, I attached a graphic

representation of the accessibility relations ( and ) and bisimula-

tions (, , ) between states and classes.

11Well show only zig! The argument for zag is symmetrical.

17

• 8/6/2019 Model Minimal en 2

18/19

Proposition. Let us consider two models M and M/ and a bisim-

ulation on M/. Then, it holds that: , W/ W/.

Proof. We have to show that, for [w] and [u] chosen arbitrarily from

W/: if ([w], [u]) , then [w] [u]. Which means that we have to

prove that is a bisimulation, the truth of which we proved above.

As a conclusion, we arrive at a new definition of a minimal model:

Proposition. A model M is minimal iff the only bisimulation on M is

the diagonal ofM.

Proof. 1) . We have to prove that every bisimulation on the min-

imal model is identical to the diagonal bisimulation: W/ W/ :

= . We proved that in a minimal model, any bisimulation is included in

the diagonal of the model: and that in a minimal model the diagonal

is included in any bisimulation: .

2) . In words, we have to show that if in a model there exists a single

bisimulation (the diagonal of that model), then that model is minimal. Lets

take a model M, and . To show that it is minimal, well prove that the

quotient model ofM is identical to M. And this is possible by applying

the four rules a, b, c, d for the construction of the minimal model: a)

taking into account the definition of , we have that any [w] = {w},

and card(W/)=card(W). b) from the way W/ was constructed, we have

that =. c) the same, from the construction of W/, we have that

= .

Example: in Figure 2, = {(1, 1), (2, 2), (3, 3)}, so: W/: [1] = {1},

[2] = {2}, [3] = {3}, so W/ = {1, 2, 3}.

18

• 8/6/2019 Model Minimal en 2

19/19

4 References

See below:

[1] Van Bentham, J., 2010, Modal Logic for Open Minds, available online:

http : //fenrong.net/teaching/mljvb.pdf

[2] Blackburn, P., Venema Y., De Rijke, M., 2002, Modal Logic, Cam-

bridge University Press.

[3] Fagin, R., Halpern, J. Y., Moses, Y., Vardi, M. Y., 1995, Reasoning

about Knowledge, The MIT Press, Cambridge.

[4] De Lavalette, G.R., Van Ditmarsch, H.P., 2002, Epistemic Actions

and Minimal Models, Technical Report OUCS - 2002 - 03, Depart ment of

Computer Science, University of Otago, available online:

http : //www.cs.otago.ac.nz/trseries/oucs 2002 03.pdf

[5] Sangiorgi, D., 2009, On the origins of bisimulation and coinduction,

ACM Transactions on Programming Languages and Systems, Volume 31

Issue 4, ACM New York, NY, USA.

[6] Wang, Y., 2010, Epistemic Modelling and Protocol Dynamics, ILLC

Dissertation Series DS-2010-06.

[7] An online presentation on the 5th International Workshop on Coal-

gebraic Methods in Computer Science :

http : //www.cs.indiana.edu/cmcs/bisimulation.pdf

19