Thursday, 12 March 2015

[Z] Solving a simple puzzle in Z by CTL model checking

For the same previous river crossing puzzle, it can be modeled in Z and solved in ProB as well.

The Z program

The LaTeX Source


\documentclass{article}
\usepackage{fuzz}

\begin{document} 

\begin{zed}
    DFR ::= F1 | F2 | F3 | R1 | R2 | R3 | Z \\
    F == \{F1, F2, F3\} \\
    R == \{R1, R2, R3\} \\
    FR == F \cup R \\
\end{zed}

\begin{zed}
    State \defs [~ ls: \power~FR; boat: \power~FR; rs: \power~FR | 
       (\#~boat \leq 2) \land 
       (
          (
             (\#~(ls \cap F) \leq \#~(ls \cap R)) 
             \land (\#~(ls \cap R) > 0)
          ) \lor (\#~(ls \cap R) = 0)
       ) \land
       (
          (
             (\#~(rs \cap F) \leq \#~(rs \cap R))
             \land (\#~(rs \cap R) > 0)
          ) \lor (\#~(rs \cap R) = 0)
       )
    ~] \\
    Init \defs [~ State' | ls' = FR \land rs' = \emptyset 
        \land boat' = \emptyset ~] \\
    % move two creatures frm LS to RS
    Move2 \defs [~ \Delta State; c1?: FR; c2?: FR | 
        c1? \in ls \land c2? \in ls \land 
        c1? \neq c2? \land
        boat = \emptyset \land
        ls' = ls \setminus \{c1?, c2?\} \land
        boat' = \{c1?, c2?\} \land rs'=rs
    ~] \\
    % move one creature frm LS to RS because there is 
    % a creature on boat
    Move1 \defs [~ \Delta State; c?: FR | 
        c? \in ls \land (\#~boat = 1) \land
        ls' = ls \setminus \{c?\} \land
        boat' = boat \cup \{c?\} \land rs'=rs
    ~] \\
    % load one and back another
    LoadBack \defs [~ \Delta State; c?: FR | 
        c? \in boat \land (\#~boat = 2) \land
        ls \neq \emptyset \land
        ls' = ls \land boat' = boat \setminus \{c?\} \land 
        rs'=rs \cup \{c?\}
    ~] \\
    % load two 
    LoadAll \defs [~ \Delta State | 
        (\#~boat = 2) \land ls = \emptyset \land
        boat' = \emptyset \land rs'=rs \cup boat 
    ~] \\
\end{zed}
\end{document}

Solving by CTL model checking in ProB

Check CTL formula: "AG(not e(LoadAll))",  and a counterexample found. This is one of the solutions.


Posted by at No comments :
Labels: , , , ,

[Circus] Modelling a simple puzzle in Circus

For the same river crossing puzzle (foxes and rabbits), it can be modeled in Circus as well.

The diagram below is the program written in Circus.
The Circus Crossing Program
Here's the latex source.

\documentclass{article}
%
\usepackage{circus}
%
\begin{document}

\begin{zsection}
    \SECTION\ CrossingPuzzle \parents\ circus\_toolkit
\end{zsection}

\begin{zed}
    DFR ::= F1 | F2 | F3 | R1 | R2 | R3 | Z \\
    F == \{F1, F2, F3\} \\
    R == \{R1, R2, R3\} \\
    FR == F \cup R \\
\end{zed}

\begin{circus}
    \circchannel\ move2: FR \cross FR \\ 
    \circchannel\ move1: FR \\ 
    \circchannel\ load: FR \\ 
    \circchannel\ escape \\
\end{circus}

\begin{circus}
    \circprocess\ Cross \circdef \circbegin \\
        \t1 \circstate\ State == [~ ls: \power~FR; boat: 
            \power~FR; rs: \power~FR | (\#~boat \leq 2) \land 
            % for ls or rs, if there exists rabbits, the number
            % of foxes shall be less than the number of rabbits
            (
              (
                (\#~(ls \cap F) \leq \#~(ls \cap R)) 
                \land (\#~(ls \cap R) > 0)
              ) \lor (\#~(ls \cap R) = 0)
            ) \land
            (
              (
                (\#~(rs \cap F) \leq \#~(rs \cap R))
                \land (\#~(rs \cap R) > 0)
              ) \lor (\#~(rs \cap R) = 0)
            )
        ~] \\
        \t1 Init == [~ (State)' | ls' = FR \land rs' = \emptyset 
            \land boat' = \emptyset ~] \\
        % move two creatures frm LS to RS
        \t1 Move2 == [~ \Delta State; c1?: FR; c2?: FR | 
            c1? \in ls \land c2? \in ls \land 
            c1? \neq c2? \land
            boat = \emptyset \land
            ls' = ls \setminus \{c1?, c2?\} \land
            boat' = \{c1?, c2?\} \land rs'=rs
        ~] \\
        % move one creature frm LS to RS because there is a creature on boat
        \t1 Move1 == [~ \Delta State; c?: FR | 
            c? \in ls \land (\#~boat = 1) \land
            ls' = ls \setminus \{c?\} \land
            boat' = boat \cup \{c?\} \land rs'=rs
        ~] \\
        % load one and back another
        \t1 LoadBack == [~ \Delta State; c?: FR | 
            c? \in boat \land (\#~boat = 2) \land
            ls \neq \emptyset \land
            ls' = ls \land boat' = boat \setminus \{c?\} \land 
            rs'=rs \cup \{c?\}
        ~] \\
        % load two 
        \t1 LoadAll == [~ \Delta State | 
            (\#~boat = 2) \land ls = \emptyset \land
            boat' = \emptyset \land rs'=rs \cup boat 
        ~] \\
        \t1 AMove \circdef (
            (\lcircguard boat = \emptyset \rcircguard \circguard 
               move2?c1?c2 \then \lschexpract Move2 \rschexpract) 
            \extchoice 
            (\lcircguard \#~boat = 1 \rcircguard \circguard 
               move1?c \then \lschexpract Move1 \rschexpract) 
            \extchoice 
            (\lcircguard ls \neq \emptyset \land \#~boat = 2 \rcircguard 
               \circguard load?c \prefixcolon (c \in boat) \then 
               \lschexpract LoadBack \rschexpract) 
            \extchoice 
            (\lcircguard ls = \emptyset \land \#~boat = 2 \rcircguard 
               \circguard \lschexpract LoadAll \rschexpract)
            ) \\
        \t1 AEnd \circdef (\lcircguard (ls = \emptyset \land boat = \emptyset) 
            \rcircguard \circguard escape \then \Skip) \\
        %
        \t1 \circspot \lschexpract Init \rschexpract \circseq (
            \circmu X \circspot (((AMove) \circseq X) \extchoice AEnd)) \\
    \circend
\end{circus}

\end{document}

Posted by at No comments :
Labels: , , , ,

Tuesday, 10 March 2015

[CSP] Solving a simple puzzle in CSP by CTL model checking

The puzzle

River crossing puzzle is quite common.  The Association of Automated Reasoning (AAR) President, Larry Wos, presented a simple crossing puzzle in the latest AAR newsletter.
The puzzle is described below:
The puzzle: On one side of a deep river, three foxes and three rabbits reside. A forest fire breaks out on this side of the river. The creatures instinctively would like to cross the river to safety, and indeed a boat exists that could be used. But a serious obstacle exists: The boat is so small that it can hold only two creatures at a time. Fortunately, all the foxes and all the rabbits know how to use a boat. Unfortunately, if at any time, on either side of the river, the number of foxes outnumbers the number of rabbits, the outnumbering foxes will eat the rabbits.
The challenge: Can a sequence of moves be made so that all six creatures finally end up safely on the side of the river away from the forest fire?

CSP solution 

Modelling

Escape from the left side of the river to the right bank.

FR - all creatures.
LS - the set of creatures on the left side. Initially it's FR and finally empty.
RS - the set of creatures on the left side. Initially it's empty and finally FR.
move - every time two creatures will be moved from the left side to the right side by the boat.
back - every time one of two creatures on move has to return back to the left side, but it still stays on the boat.

Specification

-- Z is dedicated for non-creature on boat
datatype DFR = F1 | F2 | F3 | R1 | R2 | R3 | Z
-- F for the set of foxes
F = {F1, F2, F3}
-- R for the set of rabbits
R = {R1, R2, R3}
-- FR for the set of creatures
FR = union(F, R)

channel move: FR
channel back: FR
channel end -- successfully

-- check if the number of foxes in s outnumbers the number of rabbits
FoxesEatRabbits(s) = (card(inter(R,s)) != 0) and (card(inter(F,s)) > card(inter(R,s)))

CROSS = let
-- z - creature on boat
-- LS - left bank
-- RS - right bank
S(z, LS, RS) =
    if (FoxesEatRabbits(LS) or FoxesEatRabbits(RS)) then
        STOP
    else
        if not empty(LS) then
            if z == Z then
                move?x:LS -> move?y:diff(LS, {x}) -> (
                    SS(x, diff(LS, {x,y}), union(RS, {y}))
                    []
                    SS(y, diff(LS, {x,y}), union(RS, {x}))
                    )
            else
                move?x:LS -> (
                    SS(x, diff(LS, {x}), union(RS, {z}))
                    []
                    SS(z, diff(LS, {x}), union(RS, {x}))
                    )
        else
            end -> SKIP   

-- x - creature on boat
-- LS - left bank
-- RS - right bank
SS(x, LS, RS) =
    if (FoxesEatRabbits(LS) or FoxesEatRabbits(RS)) then
        STOP
    else
        if not empty(LS) then
            back.x -> S(x, LS, RS)
        else
            end -> SKIP   
-- Initially, there's no creatures on boat, all on left bank and non on right bank
within S(Z, FR, {})



MAIN = CROSS

Model Checking

By modelling in CSP, if the situation, that the number of foxes outnumbers the number of rabbits on both sides, occurrs, it behaves like STOP (deadlock). Otherwise, finally it will terminate successfully after engaged in the end event.

Using the CTL checking capability for CSP specification in ProB to check the formula "AG(not e(end))", the statement that the end event always is not enable, to be false. At the same time, a counterexample is provided. This is one of the desired solutions.

The diagram represents the solution:
       LS / Boat / RS
 0)  FR / {} / {}
 1)  {F3, R1, R2, R3} / {F1, F2} / {}
 2)  {F3, R1, R2, R3} / {F1} / {F2}
 3)  {F3, R2, R3} / {F1, R1} / {F2}
 4)  {F3, R2, R3} / {F1} / {F2, R1}
 5)  {F3, R3} / {F1, R2} / {F2, R1} 
 6)  {F3, R3} / {F1} / {F2, R1, R2}
 7)  {R3} / {F1, F3} / {F2, R1, R2}  
 8)  {R3} / {F3} / {F1, F2, R1, R2} 
 9)  {} / {F3, R3} / {F1, F2, R1, R2}
 10)  {} / {} / {F1, F2, F3, R1, R2, R3}  




Posted by at No comments :
Labels: , , ,
Subscribe to: Posts ( Atom )