Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

146 CHAPTER 6. HML WITH RECURSION
1. if q|= max Xp, then p ∼ q, and
2. if p ∼ q, then q|= max Xp.
As the first step in the proof of Theorem 6.4, we prove the following lemma to the
effect that the former statement holds.
Lemma 6.1 Let Xp be defined as in (6.15). Then, for each q ∈ Proc, we have that
q |= max Xp ⇒ p ∼ q .
Proof: Let R = {(p, q) | q |= max Xp}. We will prove that R is a bisimulation, and
thus that p ∼ q whenever q|= max Xp. To this end, we have to prove the following
two claims, where b is an arbitrary action in Act and p1, q1 are processes in Proc.
a) (p, q) ∈ R and p b → p1 ⇒ ∃ q1. q b → q1 and (p1, q1) ∈ R.
b) (p, q) ∈ R and q b → q1 ⇒ ∃ p1. p b → p1 and (p1, q1) ∈ R.
We prove these two claims separately.
a) Assume that (p, q) ∈ R and p b → p1. This means that
From equation (6.15), it follows that
q|= max
a,p ′ .p a → p ′
q |= max Xp and p b → p1 .
〈a〉Xp ′
∧ [a]
a
p ′ .p a → p ′
Xp ′
As p b → p1, we obtain, in particular, that q |= 〈b〉Xp1 max , which means that,
for some q1 ∈ Proc,
q b → q1 and q1|= max Xp1 .
Using the definition of R, we have that
which was to be shown.
q b → q1 and (p1, q1) ∈ R ,
.