Approximating a Behavioural Pseudometric without Discount for<br> Probabilistic Systems

Logical Methods in Computer Science V ol. 4 (2:2) 2008, pp. 1–23 www .lmcs-online.org Submitted Sep . 20, 2007 Published Apr . 0 9, 2008 APPR OXIMA TING A BEHA VIOURAL PSEUDOMETRIC WITHOUT DISCOUNT F OR PR OBABILISTIC SYSTEMS ∗ FRANCK V A N BREUGEL a , BABIT A SHARMA b , AND JAMES WORRELL c a Y ork Universi ty , 47 00 Keele Street, T oronto, M3J 1P3, Canada e-mail addr ess : franc k@cse.y orku.ca b IBM T oronto Lab, 8200 W arden Avenue, Markham, L6G 1C7, Canada e-mail addr ess : babitas@ca.ibm.com c Oxford Universit y Computing Lab oratory , Pa rks Road, Oxford, OX1 3QD, England e-mail addr ess : jb w@comlab.o x.ac.uk Abstra ct. Desharnais, Gupta, Jag adeesan and Panangaden i ntroduced a family of b e- havio ural pseudometrics for p robabilistic transition systems. These pseudometrics are a quantitativ e analo gue of probabili stic bisimi larit y . Distance zero captu res probabilistic bisimilarit y . Eac h p seudometric has a discount factor, a real num b er in th e interv al (0 , 1]. The smal ler the discoun t factor, the mo re the future is discounted. If the discoun t factor is one, th en the future is not discounted at all. Desharnais et al. show ed that the b eh a vioural distances can b e calculated up to any desired degree of accuracy if t he discoun t factor is smaller than one. In this pap er, we show that the distances can also be approximated if the future is not discounted. A key ingredien t of our algorithm is T arski’s d ecision pro cedure for the first order theory ov er real closed fields. By exploiting th e K anto ro vic h-Rubinstein dualit y theorem we can restrict to the existential frag men t for which more efficient decis ion procedu res exist. 1. Intr oduction F or systems that con tain quant itativ e information, lik e, for example, probabilities, time and costs, sev eral b e haviour al pseudometrics (and closely r elated notions) hav e b een intro- duced (see, f or example, [6, 8, 10, 14, 15, 18, 19, 20, 21, 28, 33]). In this pap er, we f o cus on pr ob abilistic tr ansition systems , whic h are a v ariant of Marko v c hains. D esharnais, Gupta, Jagadeesan and P anangaden [18] introd uced a family of b eha vio ural pseud ometrics for these systems. T hese p seudometrics assign a d istance, a real n um b er in the in terv al [0 , 1], to eac h pair of states of the probabilistic transition system. The distance captur es the b ehavio ural similarit y of the states. The smaller the distance, the m ore alik e the states b ehav e. The 1998 ACM Subje ct Classific ation: F.3.1, F.3.2. Key wor ds and phr ases: p robabilistic transition system, b ehavioural p seudometric, probabilistic bisimi- larit y , approximation algorithm. ∗ An extended abstract of this pap er has app eared as [5]. a,b Supp orted by N SERC. LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.216 8/LMCS-4 (2:2) 2008 c  F . v an Breugel, B . Sharma, and J. W orrell CC  Creative Commons 2 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL distance is zero if and only if the states are pr ob abilistic bisimilar , a b eha vioural equiv alence in trod uced by Larsen and Sko u [26]. The p seudometrics of Desharnais et al. are defined via real-v alued inte rpretations of Larsen and Sk ou’s probabilistic mo dal logic. F ormula e assume truth v alues in the inte rv al [0 , 1]. Conjunction and disjunction are interpreted u sing th e lattice structure of the unit in terv al. The mo dalit y h a i is interpreted arithmetical ly by in tegra tion. The b ehavio ural distance b et wee n states s 1 and s 2 is then defin ed as the su premum o v er all f orm ulae ϕ of the difference in the truth v alue of ϕ in s 1 and in s 2 . 1 The definition of the b ehavio ural pseud ometrics of Desharnais et al. is parametrized b y a disc ount f actor δ , a r eal num b er in the interv al (0 , 1]. T h e smaller th e discount factor, the m ore (b eha vioural d ifferences in) the futur e are discoun ted. In the case that δ equals one, the future is not discounte d. All differences in b eha viour, whether in the near or far future, con tribute alik e to the distance. F or systems that (in principle) run forever, w e ma y b e int erested in all these differences and , hence, in the pseudometric that do es not discount the futur e. In [16], Desharnais et al. presente d an algorithm to appr oximate t he b eha viour al dis- tances for δ smaller than one. The first and third author [7 ] presen ted also an appro ximation algorithm for δ smaller than one. There is a fun damen tal difference b et w een p seudometrics that discount the futur e and the one that do es not. This is, for example, reflected by the fact that all p seudometrics that discoun t the future give rise to the same top ology , whereas the pseud ometric that d o es not discoun t the future giv es rise to a different top ology (see, for example, [18, page 350]). As a consequence, it may n ot b e surp rising that neither appro ximation algorithm ment ioned in the pr evious paragraph can b e mo dified in an ob vious wa y to h andle the case that δ equals one. The main con tribution of this pap er is an algorit hm that appro ximates b eha vioural distances in case th e discount factor δ equals one. Starting f r om the lo gic al d efinition of the pseud ometric b y Desharnais et al., we first giv e a charac terisatio n of the pseudometric as the greatest (p ost-)fixed p oint of a functional on a complete lattice [0 , 1] S , where S is the set of states of the prob abilistic transition system in question. Th is fun ctional is closely related to the Kan toro vic h me tric [24] on probabilit y measures. Next, we dualize this c h aracteriza tion exploiting the Kan toro vic h-Rubinstein dualit y theorem [25]. Su b sequen tly , w e sho w, exploiting the dual charact erizatio n, that a pseudometric b eing a p ost-fixed p oin t can b e expressed in the existenti al fragmen t of the fir st order theory ov er r eal closed fields. Based on the fact that this first order theory is decidable, a result du e to T arski [31], we sho w h o w to approximat e the b eha vioural distances. Finally , we discuss an imp lementa tion of our algorithm in Mathematica. Exploiting the tec hniques pu t forward in this pap er, w e h a v e also dev elop ed an algo- rithm to appr oximat e the b eha viour al ps eudometric that is presen ted in [3]. The other algorithm can b e f ound in [30]. 1 More generally , de Alfaro [13] and McIver and Morgan [27] ha ve given real-v alued interpreta tions to t he modal mu-calculus follo wing this pattern. Moreo ver, de Alfaro has sho wn that the behavioural pseud ometrics induced by m u-calculus form u lae agree with those of [18]. APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 3 2. S ystems and pseudometrics Some basic n otions that will pla y a role in the r est of this pap er are presen ted b elo w. First we introdu ce the systems of interest : probabilistic transition systems. Definition 2.1. A pr obabilistic transition system is a tuple h S, π i consisting of • a finite set S of states and • a function π : S × S → [0 , 1] ∩ Q satisfying P s ′ ∈ S π ( s, s ′ ) ∈ { 0 , 1 } . W e write s → if P s ′ ∈ S π ( s, s ′ ) = 1 and s 6→ if P s ′ ∈ S π ( s, s ′ ) = 0. F or states s and s ′ , π ( s, s ′ ) is the pr obabilit y of making a transition to state s ′ giv en that the system is in state s . Eac h state s either has no outgoing tr ans itions ( s 6→ ) or a transition is tak en with pr obabilit y 1 ( s → ). T o simplify the presen tation, w e do not consider th e case that a state s ma y r efuse to make a transition with some p robabilit y , that is, P s ′ ∈ S π ( s, s ′ ) ∈ (0 , 1). How ev er, all our r esu lts can easily b e generalized to hand le that case as well (see [30]). W e also do not consider transitions that are lab elle d with actions. All our results can also easily b e mo dified to hand le lab elled trans itions (see [30]). In the lab elled case, th e d efi n ition of probabilistic transition system is a mild generalisation of the notion of Mark o v chain. W e restrict to rational transition p robabilities in ord er that pr ob abilistic transitions systems b e finitely represent able. Here w e assume that rational n um b ers are represent ed as p airs of integ ers in binary . W e b eliev e that the algorithm present ed in th is pap er could b e adapted to accommo date transition pr obab ilities that are algebraic num b ers, but we d o not pur sue this question here. In the rest of this pap er, w e will use the follo win g probabilistic transition system as our runnin g example. Example 2.2. W e consider a p robabilistic transition sys tem with fiv e states: s 1 , s 2 , s 3 , s 4 and s 5 . The follo wing table con tains the transition probabilities and, hence, captures π . s 1 s 2 s 3 s 4 s 5 s 1 0 2 5 3 5 0 0 s 2 7 10 0 0 1 5 1 10 s 3 0 0 1 0 0 s 4 0 0 0 0 0 s 5 0 0 0 0 1 The probabilistic transition system can b e d epicted as the follo w ing graph. s 1 2 5 ) ) 3 5   s 2 7 10 i i 1 5   1 10 B B B B B B B B s 3 1 7 7 s 4 s 5 1 g g W e consider states of a p robabilistic transition system b ehavio urally equiv alen t if they are probabilistic b isimilar [26]. Definition 2.3. Let h S, π i b e a probabilistic transition system. An equiv alence relation R on the set of states S is a probabilistic bisimula tion if s 1 R s 2 implies P s ∈ E π ( s 1 , s ) = P s ∈ E π ( s 2 , s ) for all R -equiv alence classes E . States s 1 and s 2 are p robabilistic b isimilar , denoted s 1 ∼ s 2 , if s 1 R s 2 for some pr obabilistic bisim ulation R . 4 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL Note that probabilistic bisimilar s tates s 1 and s 2 ha v e the same probabilit y of transi- tioning to an equiv alence class E of pr obabilistic bisimilar states. Example 2.4. Consider the pr obab ilistic transition system of Ex amp le 2.2. The smallest equiv alence relation con taining ( s 3 , s 5 ) is a probabilistic bisimula tion. Hence, the states s 3 and s 5 are probabilistic b isimilar. The b eh avio ural pseudometrics that w e study in this pap er yield ps eu d ometric sp aces on the state space of pr ob abilistic transition systems. Definition 2.5. A 1-b ound ed pseudometric space is a pair ( X , d X ) consisting of a s et X and a d istance function d X : X × X → [0 , 1] satisfying (1) for all x ∈ X , d X ( x, x ) = 0, (2) for all x , y ∈ X , d X ( x, y ) = d X ( y , x ), and (3) for all x , y , z ∈ X , d X ( x, z ) ≤ d X ( x, y ) + d X ( y , z ). Instead of ( X , d X ) w e often w r ite X and we d enote the d istance f u nction of a metric space X by d X . Example 2.6. Let X b e a set. The discrete metric d X : X × X → [0 , 1] is defined by d X ( x 1 , x 2 ) =  0 if x 1 = x 2 1 otherwise. A (1-b ound ed) pseu d ometric space differs from a (1-b ounded) metric sp ace in that differen t p oin ts ma y hav e distance zero in the former an d n ot in the latter. Since d iffer- en t states of a system ma y b eha v e the same, such states will hav e distance zero in our b ehavi oural pseud ometrics. In th e charact erizatio n of a b ehavi oural pseudometric in S ection 4 nonexpansive func- tions pla y a ke y role. Definition 2.7. Let X b e a 1-b ounded pseud ometric space. A function f : X → [0 , 1] is nonexpansiv e if for all x 1 , x 2 ∈ X , | f ( x 1 ) − f ( x 2 ) | ≤ d X ( x 1 , x 2 ) . The set of n onexpansiv e functions from X to [0 , 1] is denoted by X - - - - - - < [0 , 1]. Example 2.8. If the set X is endow ed with th e discrete metric, then ev ery function from X to [0 , 1] is nonexp ansiv e. 3. Beha vioural pseu dometrics Desharnais, Gupta, Jagadeesan and Pa nangaden [18] in tro duced a family of b eha vioural pseudometrics for probabilistic transitions systems. Belo w, we will b riefly review the ke y ingredien ts of their d efinition. T o defin e their b eh avio ural pseud ometrics, Desharnais et al. defin ed a real-v alued se- man tics of a v ariant of L ars en and Sk ou’s probabilistic mo dal logic [26]. W e describ e this v arian t, adapted to the case of unlab elled transition systems, in Definition 3.1. Definition 3.1. The logic L is defin ed b y ϕ ::= true | ♦ ϕ | ϕ ∧ ϕ | ¬ ϕ | ϕ ⊖ q where q ∈ [0 , 1] ∩ Q . APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 5 The main difference b et ween the ab o ve logic and the one of Larsen and Skou is that w e ha v e ♦ ϕ and ϕ ⊖ q whereas they com bine the op erators ♦ and ⊖ q in to one. S ince they consider lab elled transitions, they use the n otation h a i q for this combined op erator. Desharnais et al. p ro vided a family of r eal-v alued inte rpretations of the logic. T hat is, giv en a probabilistic tran s ition system and a discount factor δ , the interpretatio n giv es a quan titati v e m easur e of the v alidit y of a f orm ula ϕ of the logic in a state s of the system. The in terpretatio n J ϕ K δ ( s ) is a real num b er in the in terv al [0 , 1]. It measures the v alidit y of the formula ϕ in the state s . Th is real num b er can roughly b e though t of as the probabilit y that ϕ is tru e in s . Definition 3.2. Giv en a pr obabilistic transition system h S, π i and a discoun t factor δ ∈ (0 , 1], for eac h ϕ ∈ L , the fun ction J ϕ K δ : S → [0 , 1] is defined by J true K δ ( s ) = 1 J ♦ ϕ K δ ( s ) = δ P s ′ ∈ S π ( s, s ′ ) J ϕ K δ ( s ′ ) J ϕ ∧ ψ K δ ( s ) = min { J ϕ K δ ( s ) , J ψ K δ ( s ) } J ¬ ϕ K δ ( s ) = 1 − J ϕ K δ ( s ) J ϕ ⊖ q K δ ( s ) = max { J ϕ K δ ( s ) − q , 0 } Example 3.3. Consider the probabilistic transition system of Examp le 2.2. F or this system, J ♦ true K δ ( s 3 ) = δ and J ♦ true K δ ( s 4 ) = 0. Giv en a discount facto r δ ∈ (0 , 1], the b ehavio ural pseudometric d δ assigns a distance, a real n um b er in the interv al [0 , 1], to every pair of states of a probabilistic transition system. The distance is defined in terms of the logical formulae and their in terpretati on. Roughly sp eaking, the distance is captured by the logica l formula that distinguishes th e states the most. Definition 3.4. Giv en a pr obabilistic transition system h S, π i and a discoun t factor δ ∈ (0 , 1], the distance fu n ction d δ : S × S → [0 , 1] is defined by d δ ( s 1 , s 2 ) = sup ϕ ∈L J ϕ K δ ( s 1 ) − J ϕ K δ ( s 2 ) . Example 3.5. Consider the pr obabilistic transition system of Examp le 2.2. F or example, the states s 3 and s 4 are δ apart. This d istance is witnessed by the form ula ♦ true. The distances 2 are collecte d in the follo wing table. Since a distance fun ction is symmetric and the distance fr om a state to itself is zero, we do not giv e all the entrie s. s 1 s 2 s 3 s 4 s 2 25 δ 2 − 2 δ 4 125 − 25 δ − 35 δ 2 +7 δ 3 s 3 2 δ 3 25 − 7 δ 2 5 δ 2 25 − 7 δ 2 s 4 δ δ δ s 5 2 δ 3 25 − 7 δ 2 5 δ 2 25 − 7 δ 2 0 δ Prop osition 3.6 ([18, Theorem 5.2]) . d δ is a 1-b ounde d pseudometric sp ac e. Pr o of. First, obs erve that J ϕ K δ ( s 1 ) − J ϕ K δ ( s 2 ) = J ¬ ϕ K δ ( s 2 ) − J ¬ ϕ K δ ( s 1 ) . 2 These distances we re obtained by ad-hoc metho ds including Prop osition B.5 and chec ked for n umerous different discount factors using the algorithm described in [7]. 6 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL As a consequence, w e can rep lace J ϕ K δ ( s 1 ) − J ϕ K δ ( s 2 ) in the defin ition of d δ with | J ϕ K δ ( s 1 ) − J ϕ K δ ( s 2 ) | . C hec king no w that d δ satisfies the thr ee conditions of Definition 2.5 is straigh t- forw ard. States h a ving d istance zero defin es an equiv alence relation. Th at is, for a pseudometric d on states, the relation ≡ d on states defi n ed b y s 1 ≡ d s 2 if d ( s 1 , s 2 ) = 0 is an equiv alence relation. W e denote the equiv alence class that conta ins the state s b y [ s ] d , that is, [ s ] d = { s ′ ∈ S | d ( s, s ′ ) = 0 } . Eac h b ehavio ural p seudometric d δ is a qu antita tiv e analogue of probabilistic bisimilar- it y . This b eha vioural equiv alence is exactly captured by those states that ha v e distance zero. Prop osition 3.7 ([18, Theorem 4.10]) . Given a pr ob abilistic tr ansition system h S, π i and a disc ount factor δ ∈ (0 , 1] , ≡ d δ = ∼ . Pr o of. W e split the pr o of in tw o parts. • Assume that s 1 ∼ s 2 . It su ffices to sh o w that J ϕ K δ ( s 1 ) = J ϕ K δ ( s 2 ) f or all ϕ ∈ L . W e can pro v e this by structural induction on ϕ . W e fo cus here on the only nont rivial case: ♦ ϕ . Let { E i | i ∈ I } b e th e ∼ -equiv alence classes. Assu me that e i is an element of E i . By induction, the fu nction J ϕ K δ restricted to E i is constan t. Hence, J ♦ ϕ K δ ( s 1 ) = δ X s ∈ S π ( s 1 , s ) J ϕ K δ ( s ) = δ X i ∈ I X s ∈ E i π ( s 1 , s ) J ϕ K δ ( s ) = δ X i ∈ I J ϕ K δ ( e i ) X s ∈ E i π ( s 1 , s ) = δ X i ∈ I J ϕ K δ ( e i ) X s ∈ E i π ( s 2 , s ) [ s 1 ∼ s 2 ] = J ♦ ϕ K δ ( s 2 ) . • W e show that th e relation ≡ d δ is a probabilistic bisimulati on. Obvi ously , ≡ d δ is an equiv alence relation. Assume that s 1 ≡ d δ s 2 . That is, d δ ( s 1 , s 2 ) = 0. Let E b e an ≡ d δ - equiv alence class. Without loss of an y generalit y , we ma y assum e that E is of the form [ s ] d δ . F rom the definition of d δ w e can infer that all states in [ s ] d δ assign the same v alue to eac h formula. F or eac h state s ′ 6∈ [ s ] d δ there exists a formula ϕ s ′ suc h that J ϕ s ′ K δ ( s ) 6 = J ϕ s ′ K δ ( s ′ ). Without loss of any generalit y , we ma y assume that J ϕ s ′ K δ ( s ) > J ϕ s ′ K δ ( s ′ ). Hence, there exists a rational q s ′ in [0 , 1] suc h that J ϕ s ′ ⊖ q s ′ K δ ( s ′ ) = 0 and J ϕ s ′ ⊖ q s ′ K δ ( s ) > 0. No w consider the formula ϕ = ^ s ′ 6∈ [ s ] d δ ϕ s ′ ⊖ q s ′ . APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 7 Then J ϕ K δ ( s ′′ ) > 0 iff s ′′ ∈ [ s ] d δ . As a consequence, δ J ϕ K δ ( s ) X s ′ ∈ [ s ] d δ π ( s 1 , s ′ ) = δ X s ′ ∈ [ s ] d δ π ( s 1 , s ′ ) J ϕ K δ ( s ′ ) = δ X s ′′ ∈ S π ( s 1 , s ′′ ) J ϕ K δ ( s ′′ ) [ J ϕ K δ ( s ′′ ) = 0 for all s ′′ 6∈ [ s ] d δ ] = J ♦ ϕ K δ ( s 1 ) = J ♦ ϕ K δ ( s 2 ) [ d δ ( s 1 , s 2 ) = 0 ] = δ J ϕ K δ ( s ) X s ′ ∈ [ s ] d δ π ( s 2 , s ′ ) . Therefore, P s ′ ∈ [ s ] d δ π ( s 1 , s ′ ) = P s ′ ∈ [ s ] d δ π ( s 2 , s ′ ) and, h ence, ≡ d δ is a probabilistic bisim- ulation. In [16], Desharnais et al. pr esent a decision pro cedur e for the b eha vioural pseudometric d δ when δ is smaller than one. Let us br iefly sk etc h their algorithm. They d efi n e th e depth of a logical f ormula as follo ws. depth(true) = 0 depth( ♦ ϕ ) = depth( ϕ ) + 1 depth( ϕ ∧ ψ ) = max { depth( ϕ ) , depth( ψ ) } depth( ¬ ϕ ) = depth( ϕ ) depth( ϕ ⊖ q ) = depth( ϕ ) One can easily verify that J ϕ K δ ( s 1 ) − J ϕ K δ ( s 2 ) ≤ δ depth ( ϕ ) for eac h ϕ ∈ L . Th is suggests that one can compu te d δ to an y d esired d egree of accuracy by restricting atten tion to form ulae ϕ of a fixed mo d al dep th . Clearly , there exist infin itely many form ulae of eac h fi xed mo dal depth. Nev erth eless, Desharnais et al. sho w how to construct a fi nite subset F n of the logica l formulae of at most depth n suc h that d δ ( s 1 , s 2 ) − sup ϕ ∈F n J ϕ K δ ( s 1 ) − J ϕ K δ ( s 2 ) ≤ δ n . In this wa y , d δ ( s 1 , s 2 ) can b e app ro ximated u p to arbitrary accuracy pr ovide d δ is smaller than one. 4. A f ixed point characteriza tion and its dual F or the rest of this pap er, we fo cus on the b eha vioural pseudometric that do es not discoun t the future. That is, we concen trate on the ps eu d ometric d 1 . Belo w, we p resen t an alternativ e c haracteriza tion of this p seudometric. In p articular, we charac terize d 1 as the greatest (p ost-)fixed p oin t of a fu nction ∆ from a complete lattice to itself. T his c haracter- izatio n can b e view ed as a quant itativ e analogue of the greatest fixed p oin t charact erizatio n of bisimilarit y [29]. W e also dualize the d efinition of ∆ exploiting the Kantoro vic h -Ru binstein dualit y the- orem [25]. As we will see in S ection 5, this dual charac terizati on will allo w u s to define ∆ as th e solution to a min imizatio n p roblem rather than a m aximization p roblem, as ab o v e. 8 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL In turn this will allo w us to captur e the fact that a pseud ometric is a p ost-fixed p oint of ∆ in the existent ial fragment of the fir st ord er theory ov er r eal closed fi elds. F or th e rest of this pap er, we fix a pr obabilistic transition system h S, π i . W e endow the set of pseud ometrics on S with the follo wing ord er. Definition 4.1. The relation ⊑ on 1-b oun ded pseudometrics on S is defined by d 1 ⊑ d 2 if d 1 ( s 1 , s 2 ) ≥ d 2 ( s 1 , s 2 ) for all s 1 , s 2 ∈ S . Note the rev erse direction of ⊑ and ≥ in the ab o ve definition. W e decided to make this rev ersal so that d 1 is a greatest fixed p oint, in analogy with the charac terizati on of bisimilarit y , r ather than a least fixed p oint . This c hoice has no impact on an y results in this pap er. Prop osition 4.2 ([17, Lemma 3.2]) . The set of 1-b ounde d pseudometrics on S endowe d with the or der ⊑ forms a c omplete lattic e. Pr o of. Obviously , ⊑ is a p artial order. The top elemen t is th e 1-b ounded pseu d ometric ⊤ defined by ⊤ ( s 1 , s 2 ) = 0 . The b otto m elemen t is th e 1-b ounded pseudometric ⊥ d efined by ⊥ ( s 1 , s 2 ) =  0 if s 1 = s 2 1 otherwise. Let D b e a nonempt y set of 1-b ounded pseudometrics on S . The meet of D is the 1-b ounded pseudometric d D defined by ( l D )( s 1 , s 2 ) = su p d ∈ D d ( s 1 , s 2 ) . The join of D can b e expressed in terms of the meet of D (see, for example, [12, Lemma 2.15]) . Whereas meets of pseud ometrics are computed p oin t wise u s in g the supremum on [0,1], joins of p seudometrics are not. Next, w e introdu ce a function from th is complete lattic e to itself of which the b e- ha vioural pseudometric d 1 is the greatest fi xed p oint . Definition 4.3. Let d b e a 1-b ounded pseudometric on S . The distance fun ction ∆ ( d ) : S × S → [0 , 1] is defined by ∆( d )( s 1 , s 2 ) = max ( X s ∈ S f ( s )( π ( s 1 , s ) − π ( s 2 , s ))     f ∈ ( S, d ) - - - - - - < [0 , 1] ) if s 1 → and s 2 → , and ∆( d )( s 1 , s 2 ) =  0 if s 1 6→ and s 2 6→ 1 otherwise. Note that we can write max ab o ve rather than s u p since ( S, d ) - - - - - - < [0 , 1], b eing a closed subset of the pro du ct space [0 , 1] S , is compact. The fu nctional ∆ is closely related to the K an toro vic h metric [24 ] on probabilit y mea- sures. In the definition of that metric, nonexpans iv e functions p la y a key role. 3 3 The Kantoro vich metric is the smallest distance function on p robabilit y measures for which in tegration of nonexpansive functions is nonexp ansiv e. APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 9 Prop osition 4.4. ∆( d ) i s a 1-b ounde d pseudometric on S . Pr o of. Note th at f ∈ ( S, d ) - - - - - - < [0 , 1] implies 1 − f ∈ ( S, d ) - - - - - - < [0 , 1]. F urthermore, if s 1 → and s 2 → then X s ∈ S (1 − f )( s )( π ( s 1 , s ) − π ( s 2 , s )) = X s ∈ S π ( s 1 , s ) − X s ∈ S π ( s 2 , s ) + X s ∈ S f ( s )( π ( s 2 , s ) − π ( s 1 , s )) = X s ∈ S f ( s )( π ( s 2 , s ) − π ( s 1 , s )) = X s ∈ S f ( s ) π ( s 2 , s ) − X s ∈ S f ( s ) π ( s 1 , s ) . As a consequence, if s 1 → and s 2 → then ∆( d )( s 1 , s 2 ) = max (      X s ∈ S f ( s ) π ( s 1 , s ) − X s ∈ S f ( s ) π ( s 2 , s )          f ∈ ( S, d ) - - - - - - < [0 , 1] ) . No w that w e ha v e this alternativ e represen tation of ∆( d ), c hec king that it satisfies the three conditions of Definition 2.5 is straigh tforw ard. Prop osition 4.5 ([4, P rop osition 38]) . ∆ is or der-pr eserving. Pr o of. Let d 1 and d 2 b e 1-b ounded p seudometrics on S with d 1 ⊑ d 2 . Note that an y fun ction S → [0 , 1] that is nonexpansiv e w ith resp ect to d 2 is also nonexp ans iv e with resp ect to d 1 . Therefore ∆( d 2 )( s 1 , s 2 ) ≤ ∆( d 1 )( s 1 , s 2 ) for all s 1 , s 2 ∈ S since the latter inv olve s taking the max o ver a larger set. Since ∆( d ) is a 1-b oun ded pseudometric on S and ∆ is order-p reserving, we can conclude from T arski’s fixed p oin t theorem [32, Theorem 1] that ∆ h as a greatest fixed p oin t. W e denote the greatest fixed p oin t of ∆ by gfp(∆). This greatest fixed p oint of ∆ is also the greatest p ost-fixed p oin t of ∆ (see, for example, [12, T heorem 4.11] 4 ). Theorem 4.6. d 1 = gfp(∆) . Pr o of. W e first p ro v e that d 1 is a p ost-fixed p oin t of ∆. That is, we sho w that ∆( d 1 )( s 1 , s 2 ) ≤ d 1 ( s 1 , s 2 ). T o pr ov e this, we d istinguish the follo win g th ree cases. • If s 1 6→ and s 2 6→ then the prop erty is v acuously true. • If s 1 6→ and s 2 → , or s 1 → and s 2 6→ , th en the formula ♦ tru e witnesses th at the states s 1 and s 2 ha v e distance one. • Assume that s 1 → and s 2 → . According to [6, Prop osition 39], the set { J ϕ K 1 | ϕ ∈ L } is dense in ( S, d 1 ) - - - - - - < [0 , 1], that is, eac h f ∈ ( S, d 1 ) - - - - - - < [0 , 1] can b e appr o ximated up to 4 d is a p ost-fixe d p oint of ∆ if d ⊑ ∆( d ). In [12, page 94], such a d is called a p re-fixp oint. 10 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL arbitrary accuracy by s ome J ϕ K 1 . As a consequence, max ( X s ∈ S f ( s )( π ( s 1 , s ) − π ( s 2 , s ))     f ∈ ( S, d 1 ) - - - - - - < [0 , 1] ) = max ( X s ∈ S J ϕ K 1 ( s )( π ( s 1 , s ) − π ( s 2 , s ))     ϕ ∈ L ) = max ( X s ∈ S π ( s 1 , s ) J ϕ K 1 ( s ) − X s ∈ S π ( s 2 , s ) J ϕ K 1 ( s )     ϕ ∈ L ) = max  J ♦ ϕ K 1 ( s 1 ) − J ♦ ϕ K 1 ( s 2 )     ϕ ∈ L  ≤ d 1 ( s 1 , s 2 ) . Next we p r o v e that d 1 is the greatest p ost-fixed p oin t of ∆. Assum e that d is a p ost- fixed p oin t of ∆. W e hav e to show th at d ⊑ d 1 . T hat is, d 1 ( s 1 , s 2 ) ≤ d ( s 1 , s 2 ). W e restrict our atten tion to the case that s 1 → and s 2 → . I t suffices to show that J ϕ K 1 ( s 1 ) − J ϕ K 1 ( s 2 ) ≤ d ( s 1 , s 2 ) for all ϕ ∈ L . This can b e prov ed by stru ctural induction on ϕ . W e consider only the non trivial case: ♦ ϕ . J ♦ ϕ K 1 ( s 1 ) − J ♦ ϕ K 1 ( s 2 ) = X s ∈ S π ( s 1 , s ) J ϕ K 1 ( s ) − X s ∈ S π ( s 2 , s ) J ϕ K 1 ( s ) = X s ∈ S J ϕ K 1 ( s )( π ( s 1 , s ) − π ( s 2 , s )) ≤ max ( X s ∈ S f ( s )( π ( s 1 , s ) − π ( s 2 , s ))     f ∈ ( S, d ) - - - - - - < [0 , 1] ) [ b y induction, J ϕ K 1 ∈ ( S, d ) - - - - - - < [0 , 1 ] ] = ∆( d )( s 1 , s 2 ) ≤ d ( s 1 , s 2 ) [ d is a p ost- fixe d p oint of ∆ ] A similar result can b e obtained by com bining Th eorem 40 and 44 of [4]. Let us r ecall (a minor v ariation of ) the K an toro vic h-Rubinstein dualit y theorem. Let X b e a 1-b ound ed compact ps eudometric space. Let µ 1 and µ 2 b e Borel probabilit y measures on X . W e denote the set of Borel p robabilit y m easur es on the pr o duct space w ith m arginals µ 1 and µ 2 , that is, the Borel pr obabilit y measur es µ on X 2 suc h that for all Borel su bsets B of X , µ ( B × X ) = µ 1 ( B ) and µ ( X × B ) = µ 2 ( B ) , b y µ 1 ⊗ µ 2 . The Kantoro vic h-Rubinstein dualit y theorem tells u s max  Z X f dµ 1 − Z X f dµ 2     f ∈ X - - - - - - < [0 , 1]  = min  Z X 2 d X dµ     µ ∈ µ 1 ⊗ µ 2  . APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 11 The follo w in g p rop osition, which is a consequence of the Kant oro vic h-Rubinstein du alit y theorem, defines ∆ ( d ) as a minimum as opp osed to the maxim um in Definition 4.3. Prop osition 4.7 ([7, Corollary 19]) . L et d b e a 1-b ounde d pseudometric on S . L et s 1 , s 2 ∈ S suc h that s 1 → and s 2 → . Then ∆( d )( s 1 , s 2 ) = min    X ( s i ,s j ) ∈ S 2 d ( s i , s j ) µ ( s i , s j )     µ ∈ π ( s 1 , · ) ⊗ π ( s 2 , · )    wher e µ ∈ π ( s 1 , · ) ⊗ π ( s 2 , · ) if ∀ s j ∈ S X s i ∈ S µ ( s i , s j ) = π ( s 1 , s j ) ∧ ∀ s i ∈ S X s j ∈ S µ ( s i , s j ) = π ( s 2 , s i ) . Pr o of. Since the set S is finite, the space ( S, d ) is compact. T he pr obabilit y distributions π ( s 1 , · ) and π ( s 2 , · ) define Borel p robabilit y measures on ( S, d ). Applying the Kant oro vich- Rubinstein giv es u s the desired r esult. 5. The algorithm Before w e present our algorithm, we first sh o w that the fact that a ps eu d ometric is a p ost-fixed p oin t of ∆ can b e expressed in (the existen tial fragmen t of ) the first order theory o v er r eal closed fi elds. T his will allo w us to exploit T arski’s decision p ro cedure to appro ximate the b eha vioural p seudometric. F or th e rest of this pap er, we assume that the probabilistic transition system h S, π i h as N states s 1 , s 2 , . . . , s N . In stead of π ( s i , s j ) we w ill wr ite π ij . W e repr esent a 1-b ounded pseudometric on the set S of states of the pr obabilistic transition system, as (the v alues of ) a collectio n of r eal v alued v ariables d ij . The fact that d is a 1-b ounded pseudometric can now b e captured as follo ws. Definition 5.1. The predicate ps eudo( d ) is defined by pseudo( d ) ≡ ^ 1 ≤ i,j ≤ N d ij ≥ 0 ∧ d ij ≤ 1 ∧ ^ 1 ≤ i ≤ N d ii = 0 ∧ ^ 1 ≤ i,j ≤ N d ij = d j i ∧ ^ 1 ≤ h,i,j ≤ N d hj ≤ d hi + d ij F urthermore, the fact that d is a p ost-fixed p oin t of ∆ can b e captured as follo ws. Definition 5.2. The predicate p ost-fixed( d ) is defin ed by p ost-fixed( d ) ≡ ^ 1 ≤ i 0 ,j 0 ≤ N p ost-fixed 1 ( d, i 0 , j 0 ) ∨ p ost-fixed 2 ( d, i 0 , j 0 ) ∨ p ost-fixed 3 ( d, i 0 , j 0 ) 12 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL where p ost-fixed 1 ( d, i 0 , j 0 ) ≡ X 1 ≤ i ≤ N π i 0 i > 0 ∧ X 1 ≤ j ≤ N π j 0 j > 0 ∧ ∃ ( µ ij ) 1 ≤ i,j ≤ N ^ 1 ≤ i,j ≤ N µ ij ≥ 0 ∧ µ ij ≤ 1 ^ 1 ≤ j ≤ N X 1 ≤ i ≤ N µ ij = π i 0 j ∧ ^ 1 ≤ i ≤ N X 1 ≤ j ≤ N µ ij = π j 0 i ∧ X 1 ≤ i,j ≤ N d ij µ ij ≤ d i 0 j 0 p ost-fixed 2 ( d, i 0 , j 0 ) ≡ X 1 ≤ i ≤ N π i 0 i = 0 ∧ X 1 ≤ j ≤ N π j 0 j = 0 ∧ 0 ≤ d i 0 j 0 p ost-fixed 3 ( d, i 0 , j 0 ) ≡     X 1 ≤ i ≤ N π i 0 i > 0 ∧ X 1 ≤ j ≤ N π j 0 j = 0   ∨   X 1 ≤ i ≤ N π i 0 i = 0 ∧ X 1 ≤ j ≤ N π j 0 j > 0     ∧ 1 ≤ d i 0 j 0 No w we are ready to pr esen t our algorithm. C onsider the states s i 0 and s j 0 . W e restrict our atten tion to the case that s i 0 → and s j 0 → . In the other cases the computation of the distance is trivial. In our algorithm, w e u se the algorithm tarsk i that tak es as inp ut a sente nce of the first order theory of real closed fi elds and decides the truth or falsit y of the giv en sen tence. The fact that there exists su c h an algorithm was first prov ed b y T arski [31]. Let ǫ b e the d esired accuracy . That is, we wan t to find an int erv al [ ℓ 0 , u 0 ] ⊆ [0 , 1] suc h that u 0 − ℓ 0 ≤ ǫ and d 1 ( s i 0 , s j 0 ) ∈ [ ℓ 0 , u 0 ]. Th e algorithm appro ximate tak es as inp ut an in terv al [ ℓ, u ] ⊆ [0 , 1] suc h that d 1 ( s i 0 , s j 0 ) ∈ [ ℓ, u ] and returns the d esired result. As a consequence, approxi mate (0, 1) returns an appr o ximation of d 1 ( s i 0 , s j 0 ) with accuracy ǫ . approxim ate ( ℓ , u ): if u − ℓ ≤ ǫ return [ ℓ, u ] else m = ℓ + u 2 if tarski( ∃ d pseu d o( d ) ∧ p ost-fixed ( d ) ∧ d i 0 j 0 ≤ m ) return approxim ate ( ℓ , m ) else return approxim ate ( m , u ) APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 13 Note that the argumen t of tarski is a sentence that is p art of the existen tial f ragmen t of the first order theory o v er r eal closed fields. F or th is fragmen t there are more efficient decision pro cedures than for the general theory (see, for example, [2]). Let us s k etc h a correctness pro of of our algorithm. Assume that d 1 ( s i 0 , s j 0 ) ∈ [ ℓ, u ]. W e distinguish the follo wing thr ee cases. • If u − ℓ ≤ ǫ , then the algorithm ob viously returns the desired result. • Assume that u − ℓ > ǫ and supp ose that tarski return s true. T h en there exists a 1-b ounded pseudometric d that is a p ost-fixed p oin t of ∆ and d ( s i 0 , s j 0 ) ≤ m . Since d 1 is the greatest p ost-fixed p oin t of ∆, we ha v e that d ⊑ d 1 . Hence, d 1 ( s i 0 , s j 0 ) ≤ d ( s i 0 , s j 0 ) ≤ m . By assumption d 1 ( s i 0 , s j 0 ) ∈ [ ℓ, u ], therefore d 1 ( s i 0 , s j 0 ) ∈ [ ℓ, m ]. • Assume that u − ℓ > ǫ and su pp ose that ta rski returns false. Then d ( s i 0 , s j 0 ) > m for ev ery 1-b ounded p seudometric d that is a p ost-fixed p oin t of ∆. Since d 1 is a p ost-fixed p oint of ∆, we hav e that d 1 ( s i 0 , s j 0 ) > m . By assumption d 1 ( s i 0 , s j 0 ) ∈ [ ℓ, u ], therefore, d 1 ( s i 0 , s j 0 ) ∈ [ m, u ]. Ob viously , the algorithm terminates. 6. Conclus ion This pap er com bines a num b er of ingredient s, kn o w n already for a long time, including the Kan toro vic h-Rubinstein dualit y theorem of the fifties, T arski’s fi xed p oint theorem of the forties and T arski’s decision pro cedur e for the first order theory of real closed fields of the th ir ties. W e show that the b eha vioural pseudometric d 1 , w hic h d o es not discoun t the future, can b e appr o ximated up to an arbitrary accuracy . Whi le the com bination of the ab o v e r esults into a decision p ro cedure for the pseud ometric is not tec hnically difficult, we do solv e a problem that has b een op en since 1999. Most of the results in Section 3 and 4 are (v ariations on) kno wn r esults. As far as we kno w, the results in S ection 5 and App end ix B are new. Th e tec hn iques exploited in this pap er ha v e also b een used to approxi mate other b ehavi oural pseudometrics that do not discount the future suc h as, for example, the one presen ted in [3]. F urthermore, our algorithm can easily b e adjusted to the discount ed case. Since the satisfiabilit y pr oblem for the existen tial fragmen t of the fir st order theory of real closed fi elds is in PSP A CE , it is not su r prising that our algorithm can only handle small examples as we ha ve sho wn in App endix B. As a consequence, the quest for p r actical algorithms to app ro ximate d 1 is still op en. Since the closure ordinal of ∆ is ω , as prov ed in App end ix A, an iterativ e algorithm migh t b e feasible. As future work, we plan to apply our tec hniques to obtain appro ximation algorithms for other b eh avio ural pseudometrics suc h as, for example, the on e for systems that com bine nondeterminism and probabilit y presen ted in [15] and the p seudometric for w eak p robabilis- tic b isimilarit y in [17]. In th e latter case the pseudometric can b e c h aracterize d as the fixed p oint of a fun ctional based on the Kan toro vic h and Hausdorff metrics. Th ese can easily b e enco ded in the first-order theory of the reals. Ho w ev er, the need to consider the transitiv e closure of the silent transition r elation suggests that some non-trivial extension of the work presen ted here is called for. A cknowledgement The authors wo uld lik e to thank Christel Baier for providing some p oin ters to the literature and Jeff Edmonds, P ark e Go d f rey and the referees for their constructiv e feedbac k. 14 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL Referenc es [1] C. Baier, B. En gelen, and M. Ma jster-Cederbaum. Deciding bisimilarit y and similari t y for probabilistic processes. Journal of Computer and System Scienc es , 60(1):187–231 , F ebruary 2000. [2] S. Basu, R . Pollac k, and M.-F. R oy . On th e combinatorial an d algebrai c complexity of quantifier elimi- nation. Journal of the ACM , 43(6):100 2–104 5, N o vem b er 1996. [3] F. v an Breugel. A b eh avioural pseudometric for metric lab elled transition systems. In M. Abadi and L. de A lfaro, editors, Pr o c e e dings of the 16th International C onf er enc e on Concurr ency The ory , vol ume 3653 of L e ctur e Notes in C omputer Scienc e , pages 14 1–155 , S an F rancisco, August 2005. Springer-V erlag. [4] F. van Breugel, C. Hermida, M. Makk ai, and J. W orrell. Recursively defined metric spaces without con traction. The or etic al Computer Scienc e , 380(1/2): 143–16 3, June 2007. [5] F. va n Breugel, B. Sharma, and J . W orrell. Ap proxima ting a b ehavioural pseudometric wi thout discoun t. In H. Seidl, editor, Pr o c e e dings of the 10th International Confer enc e on F oundations of Softwar e Scienc e and Computation Structur es , volume 4423 of L e ctur e Notes in Computer Scienc e , pages 123–1 37, Braga, Marc h 2007. Springer-V erlag. [6] F. va n Breugel and J. W orrell. A b eha vioural pseudometric for probabilistic transition systems. The o- r etic al Computer Scienc e , 331(1):115 –142, F eb ruary 2005. [7] F. v an Breugel and J. W orrell. An algorithm for approximating b ehavio ural pseudometrics for proba- bilistic transition systems. The or etic al Computer Scienc e , 360(1/3):3 73–385 , August 2006. [8] M. Brouck e. Regularit y of solutions and homotopic equival ence for hybrid systems. In Pr o c e e dings of the 37th I EEE Confer enc e on De ci si on and Contr ol , volume 4, pages 4283– 4288, T ampa, Decem b er 1998. IEEE. [9] C.W. Brown. An ov erview of QEPCAD B: a to ol for real q uantifier elimination and form ula simplifica- tion. Journal of Jap an So ciety f or Symb olic and Algebr aic Computation , 10(1):13– 22, 2003. [10] P . Caspi and A. Benv eniste. T ow ard an approxima tion t h eory for computerised control. In A.L. Sangio v anni-Vincentelli and J. S ifakis, editors, Pr o c e e dings of the 2nd International Confer enc e on Em- b e dde d Softwar e , vol ume 2491 of L e ctur e Notes in Computer Scienc e , p ages 294–304, Grenoble, October 2002. Springer-V erlag. [11] G.E. Collins. Quantifier elimination for real closed fields by cy lindrical algebraic decomp osition. In H. Barkhage, editor, Pr o c e e dings of the 2nd GI Confer enc e on Automat a The ory and F ormal L anguages , vol ume 33 of Le ctur e Notes in Computer Scienc e , p ages 134–183, Kaiserslautern, Ma y 1975. Springer- V erlag. [12] B.A. Dav ey and H.A. Priestley . I ntr o duction to L attic es and O r der . Cam bridge Universit y Press, Cam- bridge, 1990. [13] L. de Alfaro. Quantitativ e verificati on and control via the m u-calculus. In R.M. A madio and D. Lugiez, editors, Pr o c e e di ngs of the 14th International Confer enc e on Concurr ency The ory , vol ume 2761 of L e c- tur e Notes in Computer Scienc e , pages 102–126, Marseille, September 2003. Springer-V erlag. [14] L. de Alfaro, T.A. Henzinger, and R. Ma jumdar. Discoun ting the futu re in systems theory . I n J.C.M. Baeten, J.K. Lenstra, J. Parro w, and G.J. W oeginger, editors, Pr o c e e dings of 30th International C ol lo- quium on Automat a, L anguages and Pr o gr amming , vol ume 2719 of L e ctur e Notes in Computer Scienc e , pages 1022–1 037, Eindhov en, June/July 2003. Springer-V erlag. [15] Y . Deng, T. Chothia, C. Pal amidessi, and J. Pang. Metrics for action-lab elled quantitativ e transition systems. In A. Cerone and H. Wiklicky , ed itors, Pr o c e e dings of 3r d Workshop on Quantitative Asp e cts of Pr o gr amming L anguages , volume 153(2) of Ele ctr onic Notes in The or etic al Computer Scienc e , pages 79–96, Edinburgh, A pril 2005. Elsevier. [16] J. Desharnais, V . Gupta, R. Jagadeesan, and P . Panangaden. Metrics for lab eled Marko v systems. In J.C.M. Baeten and S. Mau w, editors, Pr o c e e di ngs of 10th International Confer enc e on Concurr ency The ory , vol ume 1664 of L e ctur e Notes i n C om puter Scienc e , pages 258–27 3, Eindhove n, August 1999. Springer-V erlag. [17] J. Desharnais, V. Gupta, R. Jagadeesan, and P . Pananga den. The metric analogue of w eak b isim ulation for probabilistic pro cesses. I n Pr o c e e dings of 17th Annual IEEE Symp osium on L o gic i n Computer Scienc e , pages 413–42 2, Cop enhagen, July 2002. IEEE. [18] J. Desharnais, V. Gupta, R. Jagadeesa n, and P . Pa nangaden. Metrics for lab elled Mark o v pro cesses. The or etic al Computer Scienc e , 318(3):323 –354, June 2004. [19] A . Di Pierro, C. Hankin, and H. Wiklicky . Quantitativ e r elations and approximate pro cess equiva lences. In R. Amadio and D. Lugiez, editors, Pr o c e e dings of the 14th I nternational Confer enc e on Concurr ency APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 15 The ory , vo lume 2761 of L e ctur e Notes i n Com puter Scienc e , pages 508– 522, Marseille, September 2003. Springer-V erlag. [20] A . Giacalo ne, C.-C. Jou, and S.A. Smolk a. Algebraic reasoning for probabilistic concurrent systems. In Pr o c e e dings of the IFIP WG 2.2/2.3 Working Confer enc e on Pr o gr amm ing Conc epts and Metho ds , pages 443–45 8, Sea of Gallilee, April 1990. N orth-Holland. [21] A . Girard and G.J. Pappas. Approximate bisim u lations for nonlinear dynamical systems. In Pr o c e e dings of the 44th IEEE Confer enc e on De cision and Contr ol and the Eur op e an Contr ol Confer enc e , pages 684– 689, Seville, December 2005. IEEE. [22] C.M. Grinstead and J.L. Snell. Intr o duction to Pr ob ability . AMS, Providence, second revised edition, 1997. [23] L. H¨ ormander. The Analysis of Li ne ar Partial Differ ential Op er ators II : Differ ential Op er ators with Constant Co efficients . Classics in Mathematics. Springer-V erlag, Berlin, 2005. [24] L. Kantoro vich. On the t ransfer of masses (in R u ssian). Doklady Akade mii Nauk , 37(2):227– 229, 1942. T ranslated in Management Scienc e , 5:1–4, 1959. [25] L.V. K anto ro vic h and G.Sh. Rubinstein. On the space of c ompletely additive fun ctions (in Russian). V estnik L eningr adsko go Universiteta , 3(2):52–59, 1958. [26] K .G. Larsen and A. Skou. Bisim ulation through probabilistic testing. Information and Computation , 94(1):1–2 8, September 1991. [27] A . McIver and C. Morgan. R esults of the quantitativ e µ -calculus qM µ . A CM T r ansac tions on Compu- tational L o gic , 8(1), January 2007. [28] J.C Mitchell, A. Ramanathan, A. Scedrov, and V. T eague. A probabilistic p olynomial-time pro cess calculus for the analysis of cry ptographic protocols. The or etic al Computer Scienc e , 353(1/3):118– 164, Marc h 2006. [29] D . P ark. Concurrency and automata on infinite sequences. In P . Deussen, editor, Pr o c e e dings of 5th GI-Confer enc e on The or etic al Computer Scienc e , volume 104 of L e ctur e Notes i n Computer Scienc e , pages 167–18 3, Karlsruhe, March 1981. Spring-V erlag. [30] B. Sharma. An algorithm to q uantif y b ehavioural similarit y b etw een p robabilistic systems. Master’s thesis, Y ork U niversi ty , T oronto, December 2006. [31] A . T arski. A de cision metho d f or elementary algebr a and ge ometry . Universit y of California Press, Berk eley , 1951. [32] A . T arski. A lattice-theoretic fixed p oint theorem and its applications. Pacific Journal of Mathematics , 5(2):285– 309, June 1955. [33] M. Ying. Bisim ulation indexes and th eir app lications. The or etic al Computer Scienc e , 275(1/2):1–68, Marc h 2002. Appendix A. Closur e ordinal of ∆ The greatest fixed p oint of an order-preserving function on a complete lattice can b e obtained by iteration (see, for example, [12, Exercise 4.13]). Definition A.1. F or eac h ordinal α , the 1-b ounded ps eu d ometric d α on S is defined by d 0 = ⊤ d α +1 = ∆( d α ) d β = l α ∈ β d α if β is a limit ordinal As we will see in the next example, f or some systems we need at least ω iterations to reac h the greatest fixed p oin t of ∆. Example A.2. Consider the system of Example 2.2. F or all n , d n +1 ( s 1 , s 2 ) = 1 4 + 5 8 d n ( s 1 , s 3 ) d n +1 ( s 1 , s 3 ) = 2 5 d n ( s 2 , s 3 ) d n +1 ( s 2 , s 3 ) = 1 5 + 7 10 d n ( s 1 , s 3 ) 16 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL Hence, for this system w e need ω iterations. In the rest of this app end ix, we pro v e that we need at most ω iterations for an y system. This tells us that the closure ordinal of ∆ is ω , that is, ∆( d ω ) = d ω . As a consequence, d ω is the greatest fi xed p oint of ∆ (see, f or example, [12, E xamp le 4.13]) . As we will see b elo w, the fact that d ω is a fixed p oin t of ∆ follo ws from the facts that ∆ is order-preserving (Prop osition 4.5) and Lipsc hitz (Prop osition A.6). In [17, p age 418], Desharnais et al. s tate that a functional similar to ∆ has closure ordinal ω . Recall that for a pseudometric d , the equiv alence relation ≡ d relates states that hav e distance zero. F rom eac h equiv alence class [ s ] d w e p ic k a designated state wh ich we denote b y h s i d . Hence, h s i d ∈ [ s ] d and also d ( s, h s i d ) = 0. Prop osition A.3. F or al l s 1 , s 2 ∈ S , d ( h s 1 i d , h s 2 i d ) = d ( s 1 , s 2 ) . Pr o of. d ( h s 1 i d , h s 2 i d ) ≤ d ( h s 1 i d , s 1 ) + d ( s 1 , s 2 ) + d ( s 2 , h s 2 i d ) = d ( s 1 , s 2 ) ≤ d ( s 1 , h s 1 i d ) + d ( h s 1 i d , h s 2 i d ) + d ( h s 2 i d , s 2 ) = d ( h s 1 i d , h s 2 i d ) . Let d 1 ⊑ d 2 . The r atio ρ ( d 1 , d 2 ) of d 1 and d 2 is defined by ρ ( d 1 , d 2 ) = min  d 2 ( s 1 , s 2 ) d 1 ( s 1 , s 2 )     d 2 ( s 1 , s 2 ) > 0  Note that we nev er d ivide by zero since d 1 ⊑ d 2 and, hence, d 1 ( s 1 , s 2 ) ≥ d 2 ( s 1 , s 2 ). Belo w, we will u se th e conv ent ion that the minimum of the empt y set is one and the maxim um of the empty set is zero. Giv en pseudometrics d 1 and d 2 suc h that d 1 ⊑ d 2 and giv en an f ∈ ( S, d 1 ) - - - - - - < [0 , 1], w e next show that there exists a g f ∈ ( S, d 2 ) → [0 , 1] that is nonexpansive . Prop osition A.4. L et d 1 ⊑ d 2 and f ∈ ( S, d 1 ) - - - - - - < [0 , 1] . L e t g f : S → [0 , 1] b e define d by g f ( s ) = ρ ( d 1 , d 2 ) f ( h s i d 2 ) . Then g f ∈ ( S, d 2 ) - - - - - - < [0 , 1] . Pr o of. Let s 1 , s 2 ∈ S . W e ha v e to show that | g f ( s 1 ) − g f ( s 2 ) | ≤ d 2 ( s 1 , s 2 ) . W e distinguish tw o cases. If d 2 ( s 1 , s 2 ) = 0 then h s 1 i d 2 = h s 2 i d 2 and, hence, f ( h s 1 i d 2 ) = f ( h s 2 i d 2 ). Therefore g f ( s 1 ) = g f ( s 2 ) and, hence, the prop erty is v acuously true. Let d 2 ( s 1 , s 2 ) > 0. According to Pr op osition A.3, d 2 ( h s 1 i d 2 , h s 2 i d 2 ) > 0. Also d 1 ( s 1 , s 2 ) > 0 since APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 17 d 1 ⊑ d 2 , and | g f ( s 1 ) − g f ( s 2 ) | = | ρ ( d 1 , d 2 ) f ( h s 1 i d 2 ) − ρ ( d 1 , d 2 ) f ( h s 2 i d 2 ) | = ρ ( d 1 , d 2 ) | f ( h s 1 i d 2 ) − f ( h s 2 i d 2 ) | ≤ ρ ( d 1 , d 2 ) d 1 ( h s 1 i d 2 , h s 2 i d 2 ) [ f ∈ ( S, d 1 ) - - - - - - < [0 , 1 ] ] ≤ d 2 ( h s 1 i d 2 , h s 2 i d 2 ) d 1 ( h s 1 i d 2 , h s 2 i d 2 ) d 1 ( h s 1 i d 2 , h s 2 i d 2 ) = d 2 ( h s 1 i d 2 , h s 2 i d 2 ) = d 2 ( s 1 , s 2 ) [ Prop osition A.3 ] Next, we b ound f − g f from ab ov e. Prop osition A.5. L et d 1 ⊑ d 2 and f ∈ ( S, d 1 ) - - - - - - < [0 , 1] . L et µ = min { d 1 ( s 1 , s 2 ) | d 1 ( s 1 , s 2 ) > 0 } . Then f ( s ) − g f ( s ) ≤ µ + 1 µ max s ′ 1 ,s ′ 2 ∈ S d 1 ( s ′ 1 , s ′ 2 ) − d 2 ( s ′ 1 , s ′ 2 ) for al l s ∈ S . Pr o of. Let s ∈ S . Th en f ( s ) − g f ( s ) = f ( s ) − ρ ( d 1 , d 2 ) f ( h s i d 2 ) = ( f ( s ) − f ( h s i d 2 )) + ( f ( h s i d 2 ) − ρ ( d 1 , d 2 ) f ( h s i d 2 )) . F urthermore, f ( s ) − f ( h s i d 2 ) ≤ d 1 ( s, h s i d 2 ) [ f ∈ ( S, d 1 ) - - - - - - < [0 , 1 ] ] = d 1 ( s, h s i d 2 ) − d 2 ( s, h s i d 2 ) [ d 2 ( s, h s i d 2 ) = 0 ] ≤ max s ′ 1 ,s ′ 2 ∈ S d 1 ( s ′ 1 , s ′ 2 ) − d 2 ( s ′ 1 , s ′ 2 ) and f ( h s i d 2 ) − ρ ( d 1 , d 2 ) f ( h s i d 2 ) ≤ 1 − ρ ( d 1 , d 2 ) = 1 − min  d 2 ( s 1 , s 2 ) d 1 ( s 1 , s 2 )     d 2 ( s 1 , s 2 ) > 0  = max  d 1 ( s 1 , s 2 ) − d 2 ( s 1 , s 2 ) d 1 ( s 1 , s 2 )     d 2 ( s 1 , s 2 ) > 0  ≤ 1 µ max { d 1 ( s 1 , s 2 ) − d 2 ( s 1 , s 2 ) | d 2 ( s 1 , s 2 ) > 0 } ≤ 1 µ max s ′ 1 ,s ′ 2 ∈ S d 1 ( s ′ 1 , s ′ 2 ) − d 2 ( s ′ 1 , s ′ 2 ) . 18 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL No w we can prov e that ∆ is Lipschitz , that is, max s 1 ,s 2 ∈ S ∆( d 1 )( s 1 , s 2 ) − ∆( d 2 )( s 1 , s 2 ) ≤ λ max s ′ 1 ,s ′ 2 ∈ S d 1 ( s ′ 1 , s ′ 2 ) − d 2 ( s ′ 1 , s ′ 2 ) . for some constant λ . Prop osition A.6. L et d 1 ⊑ d 2 . F or al l s 1 , s 2 ∈ S , ∆( d 1 )( s 1 , s 2 ) − ∆( d 2 )( s 1 , s 2 ) ≤ | S | µ + 1 µ max s ′ 1 ,s ′ 2 ∈ S d 1 ( s ′ 1 , s ′ 2 ) − d 2 ( s ′ 1 , s ′ 2 ) . Pr o of. Let s 1 , s 2 ∈ S . Th en ∆( d 1 )( s 1 , s 2 ) − ∆( d 2 )( s 1 , s 2 ) = max ( X s ∈ S f ( s )( π ( s 1 , s ) − π ( s 2 , s ))     f ∈ ( S, d 1 ) - - - - - - < [0 , 1] ) − max ( X s ∈ S g ( s )( π ( s 1 , s ) − π ( s 2 , s ))     g ∈ ( S, d 2 ) - - - - - - < [0 , 1] ) = max ( min ( X s ∈ S f ( s )( π ( s 1 , s ) − π ( s 2 , s )) − X s ∈ S g ( s )( π ( s 1 , s ) − π ( s 2 , s ))     g ∈ ( S, d 2 ) - - - - - - < [0 , 1] )     f ∈ ( S, d 1 ) - - - - - - < [0 , 1] ) = max ( min ( X s ∈ S ( f ( s ) − g ( s ))( π ( s 1 , s ) − π ( s 2 , s ))     g ∈ ( S, d 2 ) - - - - - - < [0 , 1] )     f ∈ ( S, d 1 ) - - - - - - < [0 , 1] ) ≤ max ( X s ∈ S ( f ( s ) − g f ( s ))( π ( s 1 , s ) − π ( s 2 , s ))     f ∈ ( S, d 1 ) - - - - - - < [0 , 1] ) [ Prop osition A.4 ] ≤ max ( X s ∈ S f ( s ) − g f ( s )     f ∈ ( S, d 1 ) - - - - - - < [0 , 1] ) ≤ | S | µ + 1 µ max s ′ 1 ,s ′ 2 ∈ S d 1 ( s ′ 1 , s ′ 2 ) − d 2 ( s ′ 1 , s ′ 2 ) [ Prop osition A.5 ] Finally , we pro v e that the closure ordinal of ∆ is ω . Prop osition A.7. ∆( d ω ) = d ω . Pr o of. First, w e sho w that ∆( d ω ) ⊑ d ω . By d efinition, d ω = d n ∈ ω d n ⊑ d n for all n ∈ ω . Since ∆ is order-preserving, ∆( d ω ) ⊑ ∆( d n ) = d n +1 for all n ∈ ω . Obviously , ∆( d ω ) ⊑ d 0 . Therefore, ∆( d ω ) is a lo wer b ound of { d n | n ∈ ω } . S ince d ω is the greatest low er b ound b y definition, ∆( d ω ) ⊑ d ω . APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 19 W e ha v e left to show that ∆( d ω ) ⊒ d ω , th at is, ∆( d ω )( s 1 , s 2 ) ≤ d ω ( s 1 , s 2 ) for all s 1 , s 2 ∈ S . Let s 1 , s 2 ∈ S . Let ǫ > 0. It su ffices to sh o w that there exists an n such that ∆( d ω )( s 1 , s 2 ) − d n +1 ( s 1 , s 2 ) ≤ ǫ . Let µ = min { d ω ( s 1 , s 2 ) | d ω ( s 1 , s 2 ) > 0 } . Since the set S is finite, for every δ > 0 there exists an n su ch that for all s ′ 1 , s ′ 2 ∈ S , d ω ( s ′ 1 , s ′ 2 ) − d n ( s ′ 1 , s ′ 2 ) ≤ δ . Here we pick δ to b e µǫ ( µ +1) | S | . F rom Prop osition A.6 we can conclude that ∆( d ω )( s 1 , s 2 ) − d n +1 ( s 1 , s 2 ) = ∆( d ω )( s 1 , s 2 ) − ∆( d n )( s 1 , s 2 ) ≤ ǫ. Appendix B. An impl ement a tion i n Ma thema tica A decision pro cedu r e for the first order theory of real closed fields based on qu an tifier elimination wa s first giv en b y T arski [31]. A num b er of algorithms ha v e b een dev eloped thereafter for the theory (see, for example, [2, 11, 23]). C ollin’s algorit hm is imp lemented in the to ol Mathematica and can b e u sed f or solving our form ulae. Ho w ev er, it w orks for v ery s m all examples and therefore it is essentia l to simplify the formula and reduce its size to make it solv able. T o simplify th e formula, w e fi rst compu te some of the distances using the follo wing results. Prop osition B.1. • If s 1 6→ and s 2 6→ then d 1 ( s 1 , s 2 ) = 0 . • If s 1 6→ and s 2 → , or s 1 → and s 2 6→ then d 1 ( s 1 , s 2 ) = 1 . Pr o of. W e only consider th e first case. The second one can b e prov ed similarly . If s 1 6→ and s 2 6→ then δ ( s 1 , s 2 ) = ∆( δ )( s 1 , s 2 ) = 0. Example B.2. Consider the probabilistic transition s y s tem of Example 2.2. State s 4 has distance one to all other states. Next, we pr esent a simple c haracteriza tion of the d istance b etw een a s tate that nev er terminates (that is, the probability of reac hin g a state w ith no outgoing transitions is zero) and another state. Giv en a state s and n ∈ ω + 1, τ n ( s ) is th e pr obabilit y of terminating in less than n transitions when started in s . Definition B.3. F or eac h n ∈ ω + 1, the function τ n : S → [0 , 1] is defined by τ 0 ( s ) = 0 τ n +1 ( s ) =  1 if s 6→ P s ′ ∈ S π ( s, s ′ ) τ n ( s ′ ) otherwise τ ω ( s ) = sup n ∈ ω τ n ( s ) Example B.4. Consider the probabilistic transition system of Example 2.2. Then we hav e that τ ω ( s 1 ) = 1 9 , τ ω ( s 2 ) = 5 18 , τ ω ( s 3 ) = 0, τ ω ( s 4 ) = 1 and τ ω ( s 5 ) = 0. 20 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL Ob viously , for a state s w ithout outgoing transitions, w e ha v e that τ ω ( s ) = 1. F or a state s that cannot reac h an y state without ou tgoing transitions, we ha v e that τ ω ( s ) = 0. F or the remaining states, we can compute the p robabilit y of termination us ing standard tec hn iqu es as describ ed in, for example, [22, Section 11.2]. Prop osition B.5. If τ ω ( s 2 ) = 0 then d 1 ( s 1 , s 2 ) = τ ω ( s 1 ) . Pr o of. Assume th at τ ω ( s 2 ) = 0. W e pr o v e that for all n ∈ ω + 1, d n ( s 1 , s 2 ) = τ n ( s 1 ) b y induction on n . • Ob viously , d 0 ( s 1 , s 2 ) = 0 = τ 0 ( s 1 ). • W e h a ve to prov e that d n +1 ( s 1 , s 2 ) = τ n +1 ( s 1 ). W e distinguish the follo win g t wo cases. − If s 1 6→ then d n +1 ( s 1 , s 2 ) = 1 = τ n +1 ( s 1 ). − No w let us assum e that s 1 → . First we sho w that τ n as a function from ( S, d n ) to [0 , 1] is nonexpans ive. F or all s , s ′ , | τ n ( s ) − τ n ( s ′ ) | = | d n ( s, s 2 ) − d n ( s ′ , s 2 ) | [ induction ] ≤ d n ( s, s ′ ) [ triangle inequality ] Since d n +1 ( s 1 , s 2 ) = ∆( d n )( s 1 , s 2 ) ≥ X s ∈ S τ n ( s )( π ( s 1 , s ) − π ( s 2 , s )) [ τ n is nonexpansive ] = X s ∈ S τ n ( s ) π ( s 1 , s ) − X s ∈ S τ n ( s ) π ( s 2 , s ) = τ n +1 ( s 1 ) − τ n +1 ( s 2 ) = τ n +1 ( s 1 ) [ τ ω ( s 2 ) = 0 and, hence, τ n +1 ( s 2 ) = 0 ] Let f ∈ ( S, d n ) - - - - - - < [0 , 1]. F or all s , f ( s ) − f ( s 2 ) ≤ | f ( s ) − f ( s 2 ) | ≤ d n ( s, s 2 ) = τ n ( s ) . As a consequence, X s ∈ S f ( s )( π ( s 1 , s ) − π ( s 2 , s )) = X s ∈ S f ( s ) π ( s 1 , s ) − X s ∈ S f ( s ) π ( s 2 , s ) = X s ∈ S ( f ( s ) − f ( s 2 )) π ( s 1 , s ) − X s ∈ S ( f ( s ) − f ( s 2 )) π ( s 2 , s ) [ P s ∈ S f ( s 2 ) π ( s i , s ) = f ( s 2 ) ] = X s ∈ S ( f ( s ) − f ( s 2 ))( π ( s 1 , s ) − π ( s 2 , s )) ≤ X s ∈ S τ n ( s )( π ( s 1 , s ) − π ( s 2 , s )) = τ n +1 ( s 1 ) . APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 21 Since f was c hosen arbitrarily , we can conclude that d n +1 ( s 1 , s 2 ) ≤ τ n +1 ( s 1 ) . − Finally , d ω ( s 1 , s 2 ) = sup n d n ( s 1 , s 2 ) = sup n τ n ( s 1 ) [ b y induction ] = τ ω ( s 1 ) . F rom T heorem 4.6 and Prop osition A.7 we can conclude that d 1 ( s 1 , s 2 ) = d ω ( s 1 , s 2 ) = τ ω ( s 1 ). Example B.6. C onsider the pr obabilistic transition system of Example 2.2. F rom Pr op osi- tion B.5 w e can conclude that d 1 ( s 1 , s 3 ) = 1 9 , d 1 ( s 2 , s 3 ) = 5 18 , d 1 ( s 4 , s 3 ) = 1 and d 1 ( s 5 , s 3 ) = 0. Giv en a prob abilistic b isimulatio n R , we can quotient the probabilistic transition system h S, π i as follo ws. Definition B.7. Let R b e a p robabilistic bisim ulation. The pr obabilistic transition system h S R , π R i consists of • the set S R = { [ s ] | s ∈ S } of R -equiv alence classes and • the fun ction π R : S R × S R → [0 , 1] defined by π R ([ s ] , [ s ′ ]) = X s ′′ R s ′ π ( s, s ′′ ) . Note that the function π R is we ll-defined since R is a probabilistic bisim u lation. W e will apply the ab o v e quotien t construction for probabilistic bisimilarit y (which can b e computed in p olynomial time [1]). Example B.8. Cons ider th e probabilistic transition sys tem of Example 2.2. The small- est equiv alence relation conta ining {h s 3 , s 5 i} is a probabilistic bisim ulation. T h e resulting quotien t can b e depicted as [ s 1 ] 2 5 + + 3 5   [ s 2 ] 7 10 k k 1 5   1 10 x x p p p p p p p p p p p p p [ s 3 ] 1 2 2 [ s 4 ] By quotien ting, the num b er of states that need to b e considered and, hen ce, the num- b er of v ariables in the formula may b e reduced. H o wev er, we still ha v e to chec k that the qu otien ted system giv es rise to th e same distances. Next we relate the b eha vioural pseudometric d 1 of the original system h S, π i with the b ehavi oural pseud ometric d R of the quotien ted system h S R , π R i . Prop osition B.9. F or al l s 1 , s 2 ∈ S , d R ([ s 1 ] , [ s 2 ]) = d 1 ( s 1 , s 2 ) . Pr o of. First all, note that X s ′ ∈ S π ( s, s ′ ) = X [ s ′ ] ∈ S R X s ′′ R s ′ π ( s, s ′′ ) = X [ s ′ ] ∈ S R π R ([ s ] , [ s ′ ]) . 22 F. V AN BREUGEL, B. SHARMA, AND J. W ORRELL As a consequence, w e hav e left to consider the case s 1 → and s 2 → . W e pro v e that for all n ∈ ω + 1, d n R ([ s 1 ] , [ s 2 ]) = d n 1 ( s 1 , s 2 ) by induction on n . W e distinguish the f ollo wing three cases. • If n = 0 then the prop ert y is v acuously true. • Assume that d n R ([ s ′ 1 ] , [ s ′ 2 ]) = d n 1 ( s ′ 1 , s ′ 2 ) for all s ′ 1 , s ′ 2 ∈ S . Let s 1 , s 2 ∈ S . W e hav e to pro v e that d n +1 R ([ s 1 ] , [ s 2 ]) = d n +1 1 ( s 1 , s 2 ). In the pro of of this case, w e m ak e use of the follo wing t wo observ ations. F or eac h f ∈ ( S R , d n R ) - - - - - - < [0 , 1], there exists a g ∈ ( S, d n 1 ) - - - - - - < [0 , 1] suc h that g ( s ) = f ([ s ]) for all s ∈ S , since | g ( s ) − g ( s ′ ) | = | f ([ s ]) − f ([ s ′ ]) | ≤ d n R ( s, s ′ ) [ f is nonexpansive ] = d n 1 ( s, s ′ ) [ induction ] . Similarly , w e can sho w that for eac h g ∈ ( S, d n 1 ) - - - - - - < [0 , 1], there exists f ∈ ( S R , d n R ) - - - - - - < [0 , 1] suc h that f ([ s ]) = g ( s ) for all s ∈ S . Note that if states s and s ′ are probabilistic bisimilar then d 1 ( s, s ′ ) = 0 and, hence, d n 1 ( s, s ′ ) = 0 and, therefore, g ( s ) = g ( s ′ ), since g is nonexpansiv e. d n +1 R ([ s 1 ] , [ s 2 ]) = ∆( d n R )([ s 1 ] , [ s 2 ]) = max    X [ s ] ∈ S R f ([ s ])( π R ([ s 1 ] , [ s ]) − π R ([ s 2 ] , [ s ]))     f ∈ ( S R , d n R ) - - - - - - < [0 , 1]    = max    X [ s ] ∈ S R f ([ s ]) X s ′ R s ( π ( s 1 , s ′ ) − π ( s 2 , s ′ ))     f ∈ ( S R , d n R ) - - - - - - < [0 , 1]    = max    X [ s ] ∈ S R X s ′ R s f ([ s ′ ])( π ( s 1 , s ′ ) − π ( s 2 , s ′ ))     f ∈ ( S R , d n R ) - - - - - - < [0 , 1]    = max ( X s ∈ S g ( s )( π ( s 1 , s ) − π ( s 2 , s ))     g ∈ ( S, d n 1 ) - - - - - - < [0 , 1] ) = ∆( d n 1 )( s 1 , s 2 ) = d n +1 1 ( s 1 , s 2 ) . • F urthermore, d ω R ([ s 1 ] , [ s 2 ]) = sup n d n R ([ s 1 ] , [ s 2 ]) = sup n d n 1 ( s 1 , s 2 ) [ induction ] = d ω 1 ( s 1 , s 2 ) . T o simplify the formula ev en fur ther, we exploit the follo wing thr ee observ ations. • Since d is a pseudometric, d ( s i , s i ) = 0 and d ( s i , s j ) = d ( s j , s i ). Therefore, in ps eu d o( d ) ∧ p ost-fixed( d ) w e can replace all d ii ’s with zero and all d ij ’s where i > j with d j i ’s. As a consequence, w e only need to consider d ij ’s with i < j . This reduces the num b er of v ariables in the form ula considerably . APPRO XIMA TING A BEHA VIOURAL PSEUDOMETRIC 23 • Let C b e the set of pairs of states for w hic h th e distances hav e already b een computed. Then ∃ d p s eudo( d ) ∧ p ost-fixed( d ) ∧ d i 0 j 0 ≤ m is equiv alen t to ∃ d p s eudo( d ) ∧ p ost-fixed( d ) ∧ d i 0 j 0 ≤ m ∧ ^ ( i,j ) ∈ C d ij = d 1 ( s i , s j ) since d 1 is the greatest p ost-fixed p oint . As a consequence, we can replace all d ij ’s where ( i, j ) ∈ C with their already computed distances d 1 ( s i , s j ). Again, the n um b er of v ariables ma y b e r ed u ced. • If π i 0 j = 0, w e can infer that µ ij = 0 for all 1 ≤ i ≤ N . As a consequence, w e can replace the o ccurrences of all those µ ij ’s with 0. Sym metrically , if π j 0 i = 0 w e can simplify the form ula similarly . Also th is simplification may reduce the n um b er of v ariables. W e hav e implemen ted these simplifications in the form of a Jav a pr ogram that tak es as in put the probabilit y matrix π and that pro d uces as output the simp lified formula in a format that can b e fed to Mathematica. 5 Example B.10. Consider the p r obabilistic transition system of Example 2.2 . The simpli- fied formula for this system is giv en b elo w. 1 Reduce[ 2 Exists[d12, 3 (0 <= d12 <= 1) && (0.111 12 <= d12 + 0.27778) && (d12 <= 0.38889) && 4 Exists[{u12,u13,u32,u42,u43,u33}, 5 (0 <= u12 <= 1) && (0 <= u13 <= 1) && (0 <= u32 <= 1) && 6 (0 <= u42 <= 1) && (0 <= u43 <= 1) && 7 (u12 + u32 + u42 == 0.4) && (u13 + u43 + u33 == 0.6) && 8 (u12 + u13 == 0.7) && (u32 + u33 == 0.1) && (u42 + u43 == 0.2) && 9 (d12 * u12 + 0.11112 * u13 + 0.2777 8 * u 32 + u42 + u43 <= d12)] && 10 Exists[{u21,u23,u24,u31,u33, u34}, 11 (0 <= u21 <= 1) && (0 <= u23 <= 1) && (0 <= u24 <= 1) && 12 (0 <= u31 <= 1) && (0 <= u34 <= 1) && 13 (u21 + u31 == 0.7) && (u23 + u33 == 0.1) && (u24 + u34 == 0.2) && 14 (u21 + u23 + u24 == 0.4) && (u31 + u33 + u34 == 0.6) && 15 (d12 * u21 + 0.27778 * u23 + u24 + 0.11112 * u31 + u34 <= d12)] && 16 (0 <= d12 <= 0.5)]] Line 3 corresp ond to pseudo( d ), line 4–9 corresp ond to p ost-fixed 1 ( d, 1 , 2) and line 10–15 corresp ond to p ost-fixed 1 ( d, 2 , 1). The f ormula was reduced to tru e by Mathematica in 8.2 seconds on a 3GHz mac hine with 1GB RAM. Wh en feeding Mathematica the f ormula that has not b een simplified , it run s out of memory after some time. W e also attempted to solve this example with a solv er called QEPCAD B [9] bu t the p erformance of Mathematica on this example w as b ette r. 5 The co de and do cumentation is av ailable at the UR L www.cse.yor ku.ca/ ~ franck/res earch/pm2 m . This wor k is licensed u nder the Cre ative Commons Attribution-NoDe rivs License. T o view a copy of this license, visit ht tp:/ /crea tivecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons , 559 Nathan Abbott Wa y , Stanford, California 94305, USA.