Model Checking Fuzzy Computation Tree Logic Based on Fuzzy Decision Processes with Cost

Abstract

In order to solve the problems in fuzzy computation tree logic model checking with cost operator, we propose a fuzzy decision process computation tree logic model checking method with cost. Firstly, we introduce a fuzzy decision process model with cost, which can not only describe the uncertain choice and transition possibility of systems, but also quantitatively describe the cost of the systems. Secondly, under the model of the fuzzy decision process with cost, we give the syntax and semantics of the fuzzy computation tree logic with cost operators. Thirdly, we study the problem of computation tree logic model checking for fuzzy decision process with cost, and give its matrix calculation method and algorithm. We use the example of medical expert systems to illustrate the method and model checking algorithm.

1. Introduction

Model checking is an important formal verification method. Because of its automatic, model checking has been widely used in the analysis and verification of computer hardware and software systems, communication protocols, security protocols and so on. Model checking is mainly composed of three parts: the first is to model the system under consideration, the second is to use formal language to describe the properties, and the third is to use a model checking algorithm to systematically check whether or not the given model satisfies these properties [1].

Classical model checking [2,3] was formulated for verifying the qualitative properties of systems. However, the Boolean result is not enough for the models with quantitative information, such as a 90 percent probability of the system crashing during operation. At present, more and more complex computer systems have the characteristics of randomness, uncertainty and inconsistency. In order to deal with the verification of complex systems, many quantitative model checking methods have been proposed by academia.

Probabilistic model checking [4,5,6,7,8] mainly deals with the problem of model checking for systems with uncertainties generated by stochastic processes. Its goal is to determine the accuracy of probabilistic systems for quantitative probability specifications. Sometimes models may contain inconsistencies as they connect conflict points or contain components designed by different designers independently. In order to verify complex systems with inconsistencies and uncertainties, multi-valued model checking [9,10,11,12] is proposed. Fuzzy model checking [13,14,15,16,17,18,19,20] pays more attention to the true value of the properties, which is another kind of uncertainty, caused by unclear concept extension [21,22,23]. Both possibility model checking [13,14], and generalized possibility model checking [15,16,24] are based on possibility measure, a combination of possibility measure theory in fuzzy set with model checking. Possibilistic Kripke structure is used to model the system, and possibilistic temporal logic is used to describe properties. Li Yongming et al. [14] use the operators in possibilitic computation tree logic to replace the existence and arbitrary quantifiers of classical computation tree logic to calculate the possibility that the model satisfies the properties. In the process of calculating the possibility measure, the possibility of the path cylinder set after reaching the state also participates in the calculation, but these calculations can be ignored in most systems. Pan Haiyu et al. [19] use fuzzy Kripke structure to model the systems, fuzzy computation tree logic(FCTL) to describe properties and study fuzzy model checking.

Fuzzy Kripke structure is characterized by a state-to-state transition without a cost. However, in daily life, the transition may be different and have some cost [25]. For example, consider the disease diagnosis system studied in [14,19,26]. Suppose there are multi-steps treatments A and B for a disease, and different treatment needs different costs for each step during the process. The models in the literature [14,19,26] can only describe the situation that experts have been using treatment A or B during the treatment but cannot describe the situation where experts use A as the first and third steps and use B as the other steps. In addition, the cost of treatments is also unable to represent and verify. For the above reasons, we have done this paper. First, we define a fuzzy decision process model with a cost function, which can not only describe the nondeterministic choices but also describe the quantitative properties. Second, we introduce the definition of scheduler into the uncertain selection of actions so that the fuzzy decision process with cost function can be transformed into a fuzzy Kripke structure with a cost function. Then, we present the syntax and semantics of fuzzy computation tree logic with the cost operator. Finally, we calculate the quantitative possibility and cost of the problem according to the model checking algorithm. The main contributions of this paper are as follows.

• A fuzzy decision process model with cost function is defined, which can describe the cost and other quantitative properties of a fuzzy system. The action property in the model is used to describe the uncertain action selection of the model, and the cost property is used to describe the cost of the system.
• The FCTL is extended to FCTL with cost operator. The fuzzy computation tree logic with cost operator inherits the existence and arbitrary quantifiers of classical temporal logic and adds operators about cost.
• The fuzzy computation tree logic model checking quantitative calculation formula and algorithm are given. At the same time, the complexity of the algorithm is analyzed.

The paper is organized as follows: in Section 2, the basic theoretical knowledge of fuzzy mathematics and fuzzy Kripke structure are given. In Section 3, we define a fuzzy decision process model with a cost function. In Section 4, we define fuzzy computation tree logic with a cost operator. In Section 5, we give the fuzzy computation tree logic model checking quantitative calculation formula and algorithm. Section 6 is an example. Section 7 summarizes this paper.

2. Preliminaries

A fuzzy set is a mathematical concept proposed by Zadeh in 1965. Fuzziness, in general, refers to any indistinct phenomena, where there is no clear boundary between “stability” and “instability”, “healthy” and “unhealthy”. The transition from one state to another is a continuous process when quantitative changes accumulate and eventually result in a qualitative change, which is due to the uncertainty caused by the breaking of the law of excluded middle. To model and verify fuzzy systems, we provide some necessary knowledge, which includes the fuzzy set, fuzzy set operation, fuzzy matrix operation, closure and others.

Definition 1

([27]). Let X be a universal set. A fuzzy set A of X is a function which associates each element in X a value in the interval $[0,1],$ i.e., $A:X⟶[0,1]$. For $x\in X$, $A\left(x\right)$ is the membership of x in the fuzzy set A.

We use $\mathcal{F}\left(X\right)$ to represent all fuzzy sets in X, i.e., $\mathcal{F}\left(X\right)=\{A\mid A:X⟶[0,1\left]\right\}$.

Definition 2

([27]). Let $A,B\in \mathcal{F}\left(X\right)$, we use $A\cup B$, $A\cap B$, $A^c$ to represent the union, intersection and complement of A and B. The definition is as follows.

$(A\cup B)\left(x\right)=A\left(x\right)\vee B\left(x\right)=max\left\{A\right(x),B(x\left)\right\}$,

$(A\cap B)\left(x\right)=A\left(x\right)\wedge B\left(x\right)=min\left\{A\right(x),B(x\left)\right\}$,

$A^c\left(x\right)=1-A\left(x\right)$.

Furthermore, we have De Morgan’s laws.

$${(A\cup B)}^c=A^c\cap B^c,{(A\cap B)}^c=A^c\cup B^c.$$

Fuzzy matrix is a kind of special matrix, in which the value of each element is in the interval $[0,1]$. It has some interesting operations and natures as follows.

Definition 3

([28]). Let R and S be two fuzzy matrixes with m rows and n columns, i.e., $R={\left(r_{ij}\right)}_{m\times n}$, $S={\left(s_{ij}\right)}_{m\times n}$.

The standard operations on fuzzy matrixes $R,S$ are defined in the following manner:

$R=S$, if and only if $r_{ij}=s_{ij}$ for all $i,j$.

$R\subseteq S$, if and only if $r_{ij}\le s_{ij}$ for all $i,j$.

$R\cup S={(r_{ij}\vee s_{ij})}_{m\times n}$.

$R\cap S={(r_{ij}\wedge s_{ij})}_{m\times n}$.

$R^c={(1-r_{ij})}_{m\times n}$.

Definition 4

([28]). Let R be a fuzzy matrix with m rows and n columns, S be a fuzzy matrix with n rows and l columns, i.e., $R={\left(r_{ij}\right)}_{m\times n}$, $S={\left(s_{ij}\right)}_{n\times l}$. The composition operation of R and S is $R\circ S={\left(t_{ij}\right)}_{m\times l}$, where $t_{ij}=\underset{k=1}{\overset{n}{\vee }}(r_{ik}\wedge s_{kj})$, ($i=1,2,\dots ,m,j=1,2,\dots ,l$). For fuzzy matrixes R, S, T the composition operation has some laws.

$$(R\circ S)\circ T=R\circ (S\circ T);$$

$$(R\cup S)\circ T=(R\circ T)\cup (S\circ T).$$

Let X be a universal set. For the fuzzy matrix $R={\left(R(s,t)\right)}_{s,t\in X}$, we use $R^{+}$ to denote its transitive closure. When X is finite, and X has $\mid X\mid$ elements, then $R^{+}=R\cup R^2\cup \dots \cup R^{\mid X\mid }$ [29], where $R^{k+1}=R^k\circ R$ for any positive integer number k. The Kleene closure $R^{*}=R^0\cup R^{+}$, for each $1\le s,t\le \mid S\mid$, $R^0(s,t)=\left\{\begin{array}{ccc}\hfill 1& & s=t\hfill \\ \hfill 0& & s\ne t\hfill \end{array}\right.$.

Transition systems or Kripke structures are the key models for model checking. Corresponding to fuzzy model checking, we expend the notion of fuzzy Kripke structures, defined as follows.

Definition 5

([19]). A fuzzy Kripke structure(FKS) is a tuple $\mathcal{K}=(S,P,I,AP,L)$, where

• S is a countable, non-empty set of states,
• $P:S\times S⟶[0,1]$ is the fuzzy transition. For each $s\in S$, there exist $t\in S$ such that $P(s,t)>0$,
• $I:S⟶[0,1]$ is the initial fuzzy distribution function. The initial state is s, and the truth value is $I\left(s\right)$,
• $AP$ is the set of atomic propositions,
• $L:S\times AP⟶[0,1]$ is a fuzzy labeling function. $L(s,p)$ is the truth value to the atomic proposition p in state s.

The transition of FKS is certain for a pair of states, i.e., $P(s,t)$ is unique. However, on many occasions, we can transmit from one state to another by many methods. In other words, $P(s,t)$ is not certain. We carry out the fuzzy decision processes with a cost which are uncertain in the transition and have a function of cost. For the conditions of daily life, we use the natural number set $\mathbb{N}$ as the range of the cost function as an example.

3. Fuzzy Decision Processes with Cost

Fuzzy systems are often used to describe the medical expert systems. Due to the different judgment standards of each expert on the patient’s condition and treatment effect, it establishes the model better. At the same time, there are many new problems caused by a variety of treatment options for the same disease. For instance, how to choose the best treatment option in a variety of options? How to evaluate the cost of various treatment options? FKS cannot model the interleaving behavior and the cost of concurrent processes in an adequate manner. For this purpose, we extend FKS to an uncertain system model with cost. The specific definition is as follows.

Definition 6.

A fuzzy decision process with cost (FDPC) is a tuple $M_f=(S,Act,P,I,AP,L,C)$, where

• S is a countable, non-empty set of states,
• $Act$ is the set of actions,
• $P:S\times Act\times S⟶[0,1]$ is the fuzzy transition. For each $s\in S$ and $\alpha \in Act$, there exists $t\in S$ which let $P(s,\alpha ,t)>0$,
• $I:S⟶[0,1]$ is the initial fuzzy distribution function. For $s\in S$, the truth value is $I\left(s\right)$,
• $AP$ is the set of atomic propositions,
• $L:S\times AP⟶[0,1]$ is a fuzzy labeling function. $L(s,p)$ is the truth value to the atomic proposition p in state s.
• $C:S\times Act⟶\mathbb{N}$ is a cost function. For each $s\in S$ and $\alpha \in Act$, $C(s,\alpha )$ is the cost of that the action α is selected in state s.

If S, $Act$ and $AP$ are finite, we say the $M_f$ is finite. We say that action $\alpha$ is enabled in state s if there exists a state $t\in S$ such that $P(s,\alpha ,t)>0$. $Act\left(s\right)$ denotes the set of actions which can be enabled in state s.

$\stackrel{\wedge }{\pi }=s_0{\alpha }_0{s}_1{\alpha }_1{s}_2\dots s_{n-1}{\alpha }_{n-1}{s}_n$ denotes a finite path of $M_f$, and $\pi =s_0{\alpha }_0{s}_1{\alpha }_1{s}_2\dots \in {(S\times Act)}^{\omega }$ denotes an infinite path of $M_f$. $Paths\left(s\right)$ denotes the set of the infinite paths which begin from state s. $Pat{h}^{fin}\left(M_f\right)$ denotes the set of finite paths which begin from all states of $M_f$. $Paths\left(M_f\right)$ is the set of infinite paths which begin from all initial states of $M_f$.

Example 1.

Figure 1, Figure 2, Figure 3 and Figure 4 is a simple, in which there are three transitions represented by α, β and γ. The model has three states $s_0$, $s_1$ and $s_2$. The variables in the state indicate the atomic proposition a and b. Different states have different memberships of atomic propositions. Therefore, we use fuzzy values to describe them. When action ${\alpha }_i$ is used in state $s_i$, cost function $C(s_i,{\alpha }_i)$ is generated. When using a single transition α or β or γ, the FKSs are shown in Figure 1, Figure 2 and Figure 3. The FDPC produced by them is shown in Figure 4. The transition possibility is given by the number on the connecting line, and the cost is indicated by the underlined number in the figure. For example, $s_0\stackrel{\alpha ,0.8,\underline{160}}{\to }{s}_1$ indicates that in state $s_0$, using treatment scheme α, the possibility of transition to state $s_1$ is 0.8, and the treatment cost is 160.

FDPCs are more complex than FKSs because of the interleaving of the transitions. For example, for a states sequence $s_0{s}_1{s}_2$, there is only one possibility in an FKS, but it may be multiple possibilities in a FDPC, such as $s_0\alpha s_1\beta s_2$ or $s_0\gamma s_1\beta s_2$ or the others. We introduce a scheduler to convert FDPC into FKS with cost. In this way, the relevant methods in FKS can be used.

Definition 7.

Let $M_f=(S,Act,P,I,AP,L,C)$ be a finite FDPC. $Adv:S⟶2^{Act}$ is a function of $M_f$. For each $s\in S$, there is $Adv\left(s\right)\subseteq Act\left(s\right)$.

Under the scheduler $Adv$, $Pat{h}_{Adv}\left(s\right)$ denotes the set of infinite paths which start from the state s, $Pat{h}_{Adv}^{fin}\left(M_f\right)$ denotes the set of finite paths which start from all initial states in $M_f$. $Pat{h}_{Adv}\left(M_f\right)$ denotes the set of infinite paths which start from all initial states in $M_f$.

We often care about the maximum (or minimum) possibility. We select the maximum (or minimum) possibility of transition from state s to t by action in $Adv\left(s\right)$ as an example to introduce our thought of scheduler. If there are two or more actions in $Adv\left(s\right)$ such that $P(s,{\alpha }_j,t)=P(s,{\alpha }_k,t)=\underset{{\alpha }_i\in Adv\left(s\right)}{\vee }P(s,{\alpha }_i,t)$ for ${\alpha }_j,{\alpha }_k,{\alpha }_i\in Adv\left(s\right)$, we can select the action by the algebraic product $P(s,{\alpha }_i,t)·C(s,{\alpha }_i)$. Through the operation of a scheduler, an FDPC can be switched to an FKS with cost.

Remark 1.

It is easy to prove that the select operations do not change the maximum or minimum possibility of the $Adv$, because we can use the actions which are selected by us to replace the actions in the maximum or minimum possibility path.

Example 2.

For the FDPC of Figure 4, suppose the scheduler function is $Adv\left(s_0\right)=\{\alpha ,\beta \}$, $Adv\left(s_1\right)=\{\beta ,\gamma \}$, $Adv\left(s_2\right)=\left\{\gamma \right\}$. The FDPC of $Adv$, the maximum possibility transition FDPC of $Adv$ and the minimum possibility transition FDPC of $Adv$ are shown in Figure 5, Figure 6 and Figure 7. In fact, Figure 6 and Figure 7 are FKSs with cost.

The actions are eliminated in the conversion period, so we design an action index matrix to store those actions. The transition matrix in the corresponding FKS and the index matrix for recording actions under a specific scheduler are given below.

Let $M_f=(S,Act,P,I,AP,L,C)$ be a finite FDPC and $\pi =s_0{\alpha }_0{s}_1{\alpha }_1{s}_2\dots \in Paths\left(s\right)$ be a path of $M_f$.

$P_{\alpha }$ is a $\mid S\mid \times \mid S\mid$ fuzzy matrix of transition possibility under the action $\alpha$. For each $s,t\in S$,

$$P_{\alpha }(s,t)\stackrel{def}{=}P(s,\alpha ,t).$$

The left of the equation is the direct transition which transmit from s to t in FKS which is transmitted by $\alpha$ with cost, but the right is the direct transition which transmit from s to t by act $\alpha$ in FDPC.

$P_{Adv-max}$ is a $\mid S\mid \times \mid S\mid$ fuzzy matrix which denotes the matrix of maximum transition possibility of $Adv$. For each $s,t\in S$,

$$P_{Adv-max}(s,t)\stackrel{def}{=}\underset{\alpha \in Adv\left(s\right)}{\vee }P(s,\alpha ,t).$$

$T_{Adv-max}$ is a $\mid S\mid \times \mid S\mid$ action index matrix which records the actions creating the maximum transition possibility. For each $s,t\in S$,

$$T_{Adv-max}(s,t)\stackrel{def}{=}\underset{\alpha \in Adv\left(s\right)}{argmax}P(s,\alpha ,t).$$

$P_{Adv-min}$ is a $\mid S\mid \times \mid S\mid$ fuzzy matrix which denotes the matrix of minimum transition possibility of $Adv$. For each $s,t\in S$,

$$P_{Adv-min}(s,t)\stackrel{def}{=}\underset{\alpha \in Adv\left(s\right)}{\wedge }P(s,\alpha ,t).$$

$T_{Adv-min}$ is a $\mid S\mid \times \mid S\mid$ action index matrix which records the actions creating the minimum transition possibility. For each $s,t\in S$,

$$T_{Adv-min}(s,t)\stackrel{def}{=}\underset{\alpha \in Adv\left(s\right)}{argmin}P(s,\alpha ,t).$$

We often pay attention to the maximum and minimum possibility of FDPC, but they are the special $Adv$ where $Adv\left(s\right)\equiv Act\left(s\right)$ for all $s\in S$. We use the special symbol ${\alpha }_{max},{\alpha }_{min}$ to denote the index of this $Adv$.

$P_{{\alpha }_{max}}$ is a $\mid S\mid \times \mid S\mid$ fuzzy matrix which denotes the matrix of maximum transition possibility of FDPC. For each $s,t\in S$,

$$P_{{\alpha }_{max}}(s,t)\stackrel{def}{=}\underset{\alpha \in Act\left(s\right)}{\vee }P(s,\alpha ,t).$$

$T_{{\alpha }_{max}}$ is a $\mid S\mid \times \mid S\mid$ action index matrix which records the actions creating the maximum transition possibility. For each $s,t\in S$,

$$T_{{\alpha }_{max}}(s,t)\stackrel{def}{=}\underset{\alpha \in Act\left(s\right)}{argmax}P(s,\alpha ,t).$$

$P_{{\alpha }_{min}}$ is a $\mid S\mid \times \mid S\mid$ fuzzy matrix which denotes the matrix of minimum transition possibility of FDPC. For each $s,t\in S$,

$$P_{Adv-min}(s,t)\stackrel{def}{=}\underset{\alpha \in Act\left(s\right)}{\wedge }P(s,\alpha ,t).$$

$T_{{\alpha }_{min}}$ is a $\mid S\mid \times \mid S\mid$ action index matrix which records the actions creating the minimum transition possibility. For each $s,t\in S$,

$$T_{{\alpha }_{min}}(s,t)\stackrel{def}{=}\underset{\alpha \in Act\left(s\right)}{argmin}P(s,\alpha ,t).$$

$C_{\alpha }$ is a $\mid S\mid \times 1$ matrix declaring the cost activating action $\alpha$ from state s, for each $s\in S$,

$$C_{\alpha }\stackrel{def}{=}C(s,\alpha ).$$

Example 3.

For the FDPC of Figure 4.

The action α transition possibility matrix and the cost matrix activating action α is

$$P_{\alpha }=\left(\begin{array}{ccc}\hfill 0.2& 0.8& 0.4\hfill \\ \hfill 0.1& 0.3& 0.5\hfill \\ \hfill 0.2& 0.3& 0.8\hfill \end{array}\right),C_{\alpha }=\left(\begin{array}{c}\hfill 160\\ \hfill 180\\ \hfill 100\end{array}\right).$$

The action β transition possibility matrix and the cost matrix activating action β is

$$P_{\beta }=\left(\begin{array}{ccc}\hfill 0.3& 0.7& 0.2\hfill \\ \hfill 0.2& 0.4& 0.3\hfill \\ \hfill 0.1& 0.5& 0.4\hfill \end{array}\right),C_{\beta }=\left(\begin{array}{c}\hfill 100\\ \hfill 115\\ \hfill 70\end{array}\right).$$

The action γ transition possibility matrix and the cost matrix activating action γ is

$$P_{\gamma }=\left(\begin{array}{ccc}\hfill 0.5& 0.6& 0.1\hfill \\ \hfill 0.4& 0.7& 0.2\hfill \\ \hfill 0.5& 0.6& 0.3\hfill \end{array}\right),C_{\gamma }=\left(\begin{array}{c}\hfill 68\\ \hfill 73\\ \hfill 40\end{array}\right).$$

The maximum transition possibility matrix, maximum transition possibility action index matrix, minimum transition possibility matrix and minimum transition possibility action index matrix is

$$\begin{gathered} P_{{\alpha }_{max}}=\left(\begin{array}{ccc}\hfill 0.5& 0.8& 0.4\hfill \\ \hfill 0.4& 0.7& 0.5\hfill \\ \hfill 0.5& 0.6& 0.8\hfill \end{array}\right),T_{{\alpha }_{max}}=\left(\begin{array}{ccc}\hfill \gamma & \alpha & \alpha \hfill \\ \hfill \gamma & \gamma & \alpha \hfill \\ \hfill \gamma & \gamma & \alpha \hfill \end{array}\right), \\ {P}_{{\alpha }_{min}}=\left(\begin{array}{ccc}\hfill 0.2& 0.6& 0.1\hfill \\ \hfill 0.1& 0.3& 0.2\hfill \\ \hfill 0.1& 0.3& 0.3\hfill \end{array}\right),T_{{\alpha }_{min}}=\left(\begin{array}{ccc}\hfill \alpha & \gamma & \gamma \hfill \\ \hfill \alpha & \alpha & \gamma \hfill \\ \hfill \beta & \alpha & \gamma \hfill \end{array}\right). \end{gathered}$$

Under the maximum transition possibility matrix and minimum transition possibility matrix, the FDPC of Figure 4 turns into the FKSs with cost in Figure 8 and Figure 9.

Since the cost is generated in the process of each activation action, in order to solve the cost-related problems in model checking, we determine the cost through a deterministic selection strategy for the action, and then calculate the expected cost. Because model checking pays more attention to the possibility of transition, this paper takes the maximum possibility of one-step transition as the selected strategy. First, we select the action by the above matrix. Then, we select the successor state by the maximum possibility.

Definition 8.

Let $M_f=(S,Act,P,I,AP,L,C)$ be a finite FDPC and $\pi =s_0{\alpha }_0{s}_1{\alpha }_1{s}_2\dots \in Paths\left(s\right)$ be a path of $M_f$. $cost[=k]\left(\pi \right)\stackrel{def}{=}C(s_{k-1},{\alpha }_{k-1})$ denotes the instantaneous cost of the step k.

Under the scheduler $Adv$, we use each step to choose the maximum possibility to transmit from the current state as an example, and the step k instantaneous expected cost is defined as

$E{x}_{Adv}^s\left(cost[=k]\right)\stackrel{def}{=}$

$(\underset{0<j\le k}{\wedge }(\underset{t_j\in S}{\vee }{P}_{Adv}(t_{j-1},t_j)))·C(t_{j-1},{\alpha }_{k-1}).$

We use $cost[\le k]\left(\pi \right)\stackrel{def}{=}{\displaystyle \sum _{i=1}^k}C(s_{i-1},{\alpha }_{i-1})$ to denote the cumulative cost of the first k steps. The cumulative expected cost of the first k steps is defined as

$$E{x}_{Adv}^s\left(cost[\le k]\right)\stackrel{def}{=}\sum _{i=1}^{k}E{x}_{Adv}^s\left(cost[=i]\right).$$

The previous descriptions are all about the expected cost without limiting the states in the path. However, in the actual process, some restrictions may be added to the states in the path.

$cost[\diamond F]\left(\pi \right)=cost(\stackrel{\wedge }{\pi })\stackrel{def}{=}{\displaystyle \sum _{i=1}^n}C(s_{i-1},{\alpha }_{i-1})$ denotes the cumulative cost that the path would reach the state in F, where $F\subseteq S$, $\stackrel{\wedge }{\pi }=s_0{\alpha }_0\dots s_n$ is the prefix of $\pi$ and $s_n\in F$ but the other states in $\stackrel{\wedge }{\pi }$ is not in F. $E{x}_{Adv}^s\left(cost[=n(\diamond F)]\right)$ denotes the skep n instantaneous expected cost under the scheduler $Adv$ which is the deformation of $E{x}_{Adv}^s\left(cost[=k]\right)$, defined as below.

$$\begin{array}{c}E{x}_{Adv}^s\left(cost[=1(\diamond F)]\right)\stackrel{def}{=}(\underset{t\in F}{\vee }{P}_{Adv}(s,t))·C(s,\alpha ),\hfill \\ E{x}_{Adv}^s\left(cost[=k(\diamond F)]\right)\stackrel{def}{=}\hfill \\ (\underset{0<j<k}{\wedge }(\underset{t\in S/F}{\vee }{P}_{Adv}(t_{j-1},t_j))\wedge P_{Adv}(t_k-1,t))·C(t_{j-1},{\alpha }_{k-1}).\hfill \end{array}$$

$E{x}_{Adv}^s\left(cost[\le k(\diamond F)]\right)$ denotes the first steps k cumulative expected cost under the scheduler $Adv$ which reaches F in step k, defined as below,

$$\begin{array}{c}E{x}_{Adv}^s(cost[\le 1(\diamond F)])\stackrel{def}{=}E{x}_{Adv}^s(cost[=1(\diamond F)]),\hfill \\ E{x}_{Adv}^s(cost[\le k(\diamond F)])\stackrel{def}{=}\hfill \\ ({\displaystyle \sum _{i=1}^{k-1}}((\underset{t\in F}{\vee }(\underset{0<j<k}{\wedge }(\underset{s\in S/F}{\vee }{P}_{Adv}(t_{j-1},t_j))))·\hfill \\ C(s_{j-1},{\alpha }_{j-1}))+((\underset{t\in F}{\vee }(\underset{0<j<k}{\wedge }(\underset{s\in S/F}{\vee }{P}_{Adv}(t_{j-1},t_j)\wedge P_{Adv}(s_{k-1},t))))·C(s_{k-1},{\alpha }_{k-1}))).\hfill \end{array}$$

$E{x}_{Adv}^s\left(cost[\diamond F]\right)$ is the cumulative expected cost from s to the state in F, defined as below,

$$E{x}_{Adv}^s\left(cost[\diamond F]\right)\stackrel{def}{=}\underset{1\le k\le n}{sup}E{x}_{Adv}^s\left(cost[\le k(\diamond F)]\right).$$

Where n is the max step of all paths that can reach F under the restrictive condition ‘No or one ring’. Why do we have the restrictive condition ‘No or one ring’? Because it has no contribution for transition possibility changing. Without the amount of rings, all states of the path which can reach F are less than or equal $\mid S/F\mid +1$, thus we can get that the max skep $n\le \mid S/F\mid$.

4. FCTL with Cost Operator

We present the FCTL with cost operators in this section, i.e., expand FCTL for our FDPC with cost operator. We expand FCTL [19] with the cost operator. The syntax and semantics are as below.

Definition 9

(FCTL syntax). The FCTL state formula is defined inductively as follows,

$\Phi ::=true\mid a\mid {\Phi }_1\wedge {\Phi }_2\mid \neg \Phi \mid \exists \phi \mid \forall \phi \mid \mathbb{E}(=k)\mid \mathbb{E}(\le k)\mid \mathbb{E}\left(\Phi \right),$

where φ is a path formula, $a\in AP$.

Furthermore, the FCTL path formula is,

$\phi ::=◯\Phi \mid {\Phi }_1\bigsqcup {\Phi }_2$,

where Φ, ${\Phi }_1$ and ${\Phi }_2$ are state formulas.

Definition 10

(FCTL semantics). Let $M_f=(S,Act,P,I,AP,L,C)$ be an finite FDPC, $\mid \mid \Phi \mid \mid :S⟶[0,1]$ be a function. For FCTL with cost, the semantic of state formula Φ is defined as follows.

$$\begin{array}{cc}\hfill \mid \mid true\mid \mid \left(s\right)& =1,\hfill \\ \hfill \mid \mid a\mid \mid \left(s\right)& =L(s,a),\hfill \\ \hfill \mid \mid {\Phi }_1\wedge {\Phi }_2\mid \mid \left(s\right)& =\mid \mid {\Phi }_1\mid \mid \left(s\right)\wedge \mid \mid {\Phi }_2\mid \mid \left(s\right),\hfill \\ \hfill \mid \mid \neg \Phi \mid \mid \left(s\right)& =1-\mid \mid \Phi \mid \mid \left(s\right),\hfill \\ \hfill \mid \mid \exists \phi \mid {\mid }_{Adv}\left(s\right)& =\underset{\pi \in Path{s}_{Adv}\left(s\right)}{\vee }\mid \mid \phi \mid \mid \left(\pi \right),\hfill \\ \hfill \mid \mid \forall \phi \mid {\mid }_{Adv}\left(s\right)& =\underset{\pi \in Path{s}_{Adv}\left(s\right)}{\wedge }\mid \mid \phi \mid \mid \left(\pi \right),\hfill \\ \hfill \mid \mid \mathbb{E}(=k)\mid {\mid }_{Adv}\left(s\right)& =E{x}_{Adv}^s\left(cost[=k]\right),\hfill \\ \hfill \mid \mid \mathbb{E}(\le k)\mid {\mid }_{Adv}\left(s\right)& =E{x}_{Adv}^s\left(cost[\le k]\right),\hfill \\ \hfill \mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{Adv}\left(s\right)& =E{x}_{Adv}^s\left(cost[\diamond Sat\left(\Phi \right)]\right)\hfill \end{array}$$

where$Sat\left(\Phi \right)=\{s\in S\mid$$\mid \mid \Phi \mid \mid \left(s\right)>0\}$.

For the given scheduler $Adv$ and $\pi \in Path{s}_{Adv}\left(s\right)$, the semantic of path formula φ is defined as below.

$\mid \mid ◯\Phi \mid {\mid }_{Adv}=P_{Adv}(s_0,s_1)\wedge \mid \mid \Phi \mid \mid \left(s_1\right)$,

$\mid \mid {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{Adv}\left(\pi \right)$

$=\mid \mid {\Phi }_2\mid \mid \left(s\right)\vee \underset{j>0}{\vee }(\mid \mid {\Phi }_1\mid \mid \left(s_0\right)\wedge \underset{k<j}{\wedge }\left(P_{Adv}(s_{k-1},s_k)\right)\wedge \mid \mid {\Phi }_1\mid \mid \left(s_k\right)\wedge \left(P_{Adv}(s_{j-1},s_j)\right)\wedge \mid \mid {\Phi }_2\mid \mid \left(s_j\right).)$

5. Model Checking Fuzzy Computation Tree Logic Based on Fuzzy Decision Processes with Cost

The FCTL model checking problem on FDPC is defined as the following. Given a FDPC $M_f$, a state s of $M_f$, a FCTL state formula $\Phi$ and a step k, then calculate the true value of state s satisfying the state formula or the expect cost. We often consider the maximum and minimum possibilitic truth values. We give the computing method of $\mid \mid \exists ◯\Phi \mid {\mid }_{max}\left(s\right)$, $\mid \mid \exists ◯\Phi \mid {\mid }_{min}\left(s\right)$, $\mid \mid \forall ◯\Phi \mid {\mid }_{max}\left(s\right)$, $\mid \mid \forall ◯\Phi \mid {\mid }_{min}\left(s\right)$, $\mid \mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{max}\left(s\right)$, $\mid \mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{min}\left(s\right)$, $\mid \mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{max}\left(s\right)$, $\mid \mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{min}\left(s\right)$, $\mid \mid \mathbb{E}(=k)\mid {\mid }_{max}\left(s\right)$, $\mid \mid \mathbb{E}(=k)\mid {\mid }_{min}\left(s\right)$, $\mid \mid \mathbb{E}(\le k)\mid {\mid }_{max}\left(s\right)$, $\mid \mid \mathbb{E}(\le k)\mid {\mid }_{min}\left(s\right)$, $\mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{max}\left(s\right)$ and $\mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{min}\left(s\right)$ as below. There are some useful matrixes and operations given.

Let $M_f=(S,Act,P,I,AP,L,C)$ be a finite FDPC, $D_{\Phi }$ be a $\mid S\mid \times \mid S\mid$ fuzzy diagonal matrix for state formula $\Phi$. For each $s,t\in S$,

$$D_{\Phi }(s,t)\stackrel{def}{=}\left\{\begin{array}{ccc}& \mid \mid \Phi \mid \mid \left(s\right)& s=t\hfill \\ & 0& Otherwise\hfill \end{array}\right.$$

$P_{\Phi }$ is a $\mid S\mid \times 1$ fuzzy matrix. For each $s\in S$,

$$P_{\Phi }\left(s\right)\stackrel{def}{=}\mid \mid \Phi \mid \mid \left(s\right).$$

We use $P_{\alpha \mid max\mid }$ to realize the transition of only choosing the maximum truth value transition using action $\alpha$. $P_{\alpha \mid max\mid }$ is a $\mid S\mid \times \mid S\mid$ fuzzy matrix and defined as that for each $s,t\in S$,

$$P_{\alpha \mid max\mid }(s,t)\stackrel{def}{=}\left\{\begin{array}{ccc}& P(s,\alpha ,t)& t=\underset{t\in S}{argmax}f(P(s,\alpha ,t),cost(s,\alpha ))\hfill \\ & 0& Otherwise\hfill \end{array}\right.$$

where f is a function mapping $P\times C$ to [0,1]. f is decided by the need in usual. In this paper, we set $f\left(P\right(s,\alpha ,t),cost(s,\alpha \left)\right)=P(s,\alpha ,t)$ if there is only one maximum transition from s to t. When it is multiple, we select the first maximum transition by elements in the matrix.

Through those matrixes, we can reduce the state transition matrix in FKS to a sparse matrix containing only one-step maximum possibility.

E is a $\mid S\mid \times 1$ fuzzy matrix with all elements equal to 1. We use it to turn the matrix into a vector.

We also use an auxiliary matrix identified as $D_F$, for the restricted set F. $D_F$ is defined below.

$$D_F=\left(\begin{array}{ccc}\hfill D[0,0]& \cdots & D[0,n]\hfill \\ \hfill \cdots & ⋮& \cdots \hfill \\ \hfill D[n,0]& \cdots & D[n,n]\hfill \end{array}\right),$$

where $D[i,j]=\left\{\begin{array}{ccc}\hfill 1& & s_j\in F\hfill \\ \hfill 0& & s_j\notin F\hfill \end{array}\right.$

$P_{\alpha \mid F}\stackrel{def}{=}{D}_F\cap P_{\alpha }$ is the restricted transition matrix under the act $\alpha$ which restrict only transition to F. $P_{\alpha \mid F}^{\prime }\stackrel{def}{=}(D_S-D_F)\cap P_{\alpha }$ is the restricted transition matrix under the act $\alpha$ which cannot transmit to F. Using matrixes, we can describe the constraints.

Using our matrixes, we can re-represent the cost in Definition 8.

The first k steps cumulative expected cost

$$\begin{array}{c}E{x}_{Adv}^s(cost[\le k])\hfill \\ ={\displaystyle \sum _{i=1}^k}E{x}_{Adv}^s(cost[=i])\hfill \\ ={\displaystyle \sum _{i=1}^k}((\underset{0<j\le i}{\wedge }(\underset{t_j\in S}{\vee }{P}_{Adv}(t_{j-1},t_j)))·C(t_{i-1},{\alpha }_{i-1}))\hfill \\ ={\displaystyle \sum _{i=1}^k}((\underset{0<j\le i}{\wedge }(\underset{t_j\in S}{\vee }\underset{{\alpha }_{j-1}\in Adv(t_{j-1})}{\vee }{P}_{Adv}(t_{j-1},{\alpha }_{j-1},t_j)))·C(t_{i-1},{\alpha }_{i-1}))\hfill \\ ={\displaystyle \sum _{i=1}^k}((\underset{0<j\le i}{\wedge }(\underset{t_j\in S}{\vee }{P}_{Adv-max}(t_{j-1},t_j)))·C(t_{i-1},{\alpha }_{i-1}))\hfill \\ ={\displaystyle \sum _{i=1}^k}((P_{Adv-max\mid max\mid }\circ P_{Adv-max\mid max\mid }\circ \cdots \circ P_{Adv-max\mid max\mid }\circ E)(s)·C_{{\alpha }_{i-1}}(t_{i-1}))\hfill \\ ={\displaystyle \sum _{i=1}^k}((P_{Adv-max\mid max\mid }^i\circ E)(s)·C_{{\alpha }_{i-1}}(t_{i-1})).\hfill \end{array}$$

The restricted set $F\subseteq S$ step k instantaneous expected cost

$$\begin{array}{ll}E{x}_{Adv}^s& (cost[=1(\diamond F)])\\ & =(\underset{t\in F}{\vee }{P}_{Adv}(s,t))·C(s,\alpha )\hfill \\ & =(\underset{t\in F}{\vee }\underset{\alpha \in Adv(s)}{\vee }P(s,\alpha ,t))·C(s,\alpha )\hfill \\ & =((P_{Adv-max\mid F\mid max\mid }\circ E)(s)·C_{\alpha }(s)\hfill \\ & {Ex}_{Adv}^s(cost[=k(\diamond F)])\hfill \\ & =(\underset{t\in F}{\vee }(\underset{0<j<k}{\wedge }(\underset{s\in S\setminus F}{\vee }{P}_{Adv}(s_{j-1},s_j))\wedge P_{Adv}(s_{k-1},t)))·C(s_{k-1},{\alpha }_{k-1})\hfill \\ & =(\underset{t\in F}{\vee }(\underset{0<j<k}{\wedge }(\underset{s\in S\setminus F}{\vee }\underset{{\alpha }_{j-1}\in Adv(s_{j-1})}{\vee }P(s_{j-1},{\alpha }_{j-1},s_j))\wedge \underset{{\alpha }_{k-1}\in Adv(s_{k-1})}{\vee }P(s_{k-1},{\alpha }_{k-1},t)))·C(s_{k-1},{\alpha }_{k-1})\hfill \\ & =((P_{Adv-max\mid F\mid max\mid }^{\prime }\circ \cdots \circ P_{Adv-max\mid F\mid max\mid }^{\prime }\circ P_{Adv-max\mid F\mid max\mid }^{}\circ E)(s)·C_{{\alpha }_{k-1}}(s_{k-1}))\hfill \\ & =((P_{Adv-max\mid F\mid max\mid }^{{}^{\prime }k-1}\circ P_{Adv-max\mid F\mid max\mid }\circ E)(s)·C_{{\alpha }_{k-1}}(s_{k-1}))\hfill \end{array}$$

The restricted set $F\subseteq S$ first k steps cumulative expected cost

$E{x}_{Adv}^s\left(cost[\le 1(\diamond F)]\right)$

$=E{x}_{Adv}^s\left(cost[=1(\diamond F)]\right)$

$=(P_{Adv-max\mid F\mid max\mid }^{}\circ E)\left(s\right)·C_{{\alpha }_{k-1}}\left(s\right)$

$E{x}_{Adv}^s\left(cost[\le k(\diamond F)]\right)$

$={\displaystyle \sum _{i=1}^{k-1}}((\underset{0<j\le i}{\wedge }(\underset{s\in S\setminus F}{\vee }{P}_{Adv}(s_{j-1},s_j)))·C(s_{j-1},{\alpha }_{j-1}))+(\underset{t\in F}{\vee }(\underset{0<j<k}{\wedge }(\underset{s\in S\setminus F}{\vee }{P}_{Adv}(s_{j-1},s_j))\wedge P_{Adv}(s_{k-1},t)))·C(s_{k-1},{\alpha }_{k-1})$

$={\displaystyle \sum _{i=1}^{k-1}}((P_{Adv-max\mid F\mid max\mid }^{{}^{\prime }i}\circ E)(s)·C_{{\alpha }_{i-1}}(s_{i-1}))+((P_{Adv-max\mid F\mid max\mid }^{{}^{\prime }k-1}\circ P_{Adv-max\mid F\mid max\mid }^{}\circ E)(s)·C_{{\alpha }_{k-1}}(s_{k-1}))$ where $P_{\alpha \mid F\mid max\mid }$ is the operation that to $P_{\alpha }$ first count $P_{\alpha \mid F}$ and second count $P_{\alpha \mid max\mid }$ for $P_{\alpha \mid F}$. $P_{\alpha \mid F\mid max\mid }^{\prime }$ is the operation that to $P_{\alpha }$ first count $P_{\alpha \mid F}^{\prime }$ and second count $P_{\alpha \mid max\mid }$ for $P_{\alpha \mid F}^{\prime }$.

$\mid \mid \exists ◯\Phi \mid {\mid }_{max}\left(s\right)$ is the maximum truth value of that there exists a path that starts from state s and satisfies $◯\Phi$.

$$\begin{array}{c}\hfill \mid \mid \exists ◯\Phi \mid {\mid }_{max}\left(s\right)=(P_{{\alpha }_{max}}\circ P_{\Phi })\left(s\right).\end{array}$$

(1)

The proof is placed in Appendix A.

$\mid \mid \exists ◯\Phi \mid {\mid }_{min}\left(s\right)$ is the minimum truth value of that there exists a path that starts from state s and satisfies $◯\Phi$.

$$\begin{array}{c}\hfill \mid \mid \exists ◯\Phi \mid {\mid }_{min}\left(s\right)=(P_{{\alpha }_{min}}\circ P_{\Phi })\left(s\right).\end{array}$$

(2)

The proof is placed in Appendix A.

$\mid \mid \forall ◯\Phi \mid {\mid }_{max}\left(s\right)$ is the maximum truth value of that all of the paths which start from state s satisfy $◯\Phi$.

$$\begin{array}{c}\hfill \mid \mid \forall ◯\Phi \mid \mid {}_{max}\left(s\right)={({(P_{{\alpha }_{max}}\circ D_{\Phi })}^c\circ E)}^c\left(s\right)\end{array}$$

(3)

The proof is placed in Appendix A.

$\mid \mid \forall ◯\Phi \mid {\mid }_{min}\left(s\right)$ is the minimum truth value of that all of the paths which start from state s satisfy $◯\Phi$.

$$\begin{array}{c}\hfill \mid \mid \forall ◯\Phi \mid \mid {}_{min}\left(s\right)={({(P_{{\alpha }_{min}}\circ D_{\Phi })}^c\circ E)}^c\left(s\right)\end{array}$$

(4)

The proof is placed in Appendix A.

$\mid \mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{max}\left(s\right)$ is the maximum truth value of that there exists a path that starts from state s satisfies ${\Phi }_1\bigsqcup {\Phi }_2$.

$$\begin{array}{c}\hfill \mid \mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{max}\left(s\right)=({(D_{{\Phi }_1}\circ P_{{\alpha }_{max}})}^{*}\circ P_{{\Phi }_2})\left(s\right)\end{array}$$

(5)

The proof is placed in Appendix A.

$\mid \mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{min}\left(s\right)$ is the minimum truth value of that there exists a path that starts from state s satisfies ${\Phi }_1\bigsqcup {\Phi }_2$.

$$\begin{array}{c}\hfill \mid \mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{min}\left(s\right)=({(D_{{\Phi }_1}\circ P_{{\alpha }_{min}})}^{*}\circ P_{{\Phi }_2})\left(s\right)\end{array}$$

(6)

The proof is placed in Appendix A.

$\mid \mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{max}\left(s\right)$ is the maximum truth value of that all of the paths which start from state s satisfy ${\Phi }_1\bigsqcup {\Phi }_2$.

$$\begin{array}{cc}\hfill & \mid \mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{max}\left(s\right)\hfill \\ \hfill & =(P_{{\Phi }_2}\cup ([{({(D_{{\Phi }_1}\circ P_{{\alpha }_{max}})}^c\circ D_S)}^c\circ {\left({(D_S\circ {(D_{{\Phi }_1}\circ P_{{\alpha }_{max}})}^c)}^c\right)}^{*}\circ D_{{\Phi }_2}{]}^c\hfill \\ \hfill & {\circ E)}^c)\left(s\right)\hfill \end{array}$$

(7)

The proof is placed in Appendix A.

$\mid \mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{min}\left(s\right)$ is minimum the truth values of that all of the paths that start from state s satisfy ${\Phi }_1\bigsqcup {\Phi }_2$.

$$\begin{array}{cc}\hfill & \mid \mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid {\mid }_{min}\left(s\right)\hfill \\ \hfill & =(P_{{\Phi }_2}\cup ([{({(D_{{\Phi }_1}\circ P_{{\alpha }_{min}})}^c\circ D_S)}^c\circ {\left({(D_S\circ {(D_{{\Phi }_1}\circ P_{{\alpha }_{min}})}^c)}^c\right)}^{*}\circ D_{{\Phi }_2}{]}^c\hfill \\ \hfill & {\circ E)}^c)\left(s\right)\hfill \end{array}$$

(8)

The proof is placed in Appendix A.

$\mid \mid \mathbb{E}(=k)\mid {\mid }_{max}\left(s\right)$ is the skep k instantaneous expected cost of the path that starts from state s under the maximum scheduler.

$$\begin{array}{cc}\hfill & \mid \mid \mathbb{E}(=0)\mid {\mid }_{max}\left(s\right)=0,\hfill \\ \hfill & \mid \mid \mathbb{E}(=k)\mid {\mid }_{max}\left(s\right)=(P_{{\alpha }_{max}\mid max\mid }^k\circ E)(s)·C_{T_{{\alpha }_{max}}(t_{k-1},t_k)}(t_{k-1})\hfill \end{array}$$

(9)

where $t_m=\underset{t_m\in S}{argmax}(P_{{\alpha }_{max}\mid max\mid }^m(s,t_m)).$

The proof is placed in Appendix A.

$\mid \mid \mathbb{E}(=k)\mid {\mid }_{min}\left(s\right)$ is the skep k instantaneous expected cost of the path that starts from state s under the minimum scheduler.

$$\begin{array}{cc}\hfill & \mid \mid \mathbb{E}(=0)\mid {\mid }_{min}\left(s\right)=0,\hfill \\ \hfill & \mid \mid \mathbb{E}(=k)\mid {\mid }_{min}\left(s\right)=(P_{{\alpha }_{min}\mid max\mid }^k\circ E)\left(s\right)·C_{T_{{\alpha }_{min}}(t_{k-1},t_k)}\left(t_{k-1}\right)\hfill \end{array}$$

(10)

where $t_m=\underset{t_m\in S}{argmax}(P_{{\alpha }_{min}\mid max\mid }^m(s,t_m)).$

The proof is placed in Appendix A.

$\mid \mid \mathbb{E}(\le k)\mid {\mid }_{max}\left(s\right)$ is the first k steps cumulative expected cost of the path that starts from state s under the maximum scheduler.  

$$\begin{array}{cc}\hfill & \mid \mid \mathbb{E}(\le 0)\mid {\mid }_{max}(s)=E{x}_{max}^s(cost[=0])=0\hfill \\ \hfill & \mid \mid \mathbb{E}(\le k)\mid {\mid }_{max}(s)\hfill \\ \hfill & =E{x}_{max}^s(cost[\le k])\hfill \\ \hfill & =\sum _{i=1}^k((P_{{\alpha }_{max}\mid max\mid }^i\circ E)(s)·C_{{\alpha }_{i-1}}(t_{i-1}))\hfill \\ \hfill & =\sum _{i=1}^k((P_{{\alpha }_{max}\mid max\mid }^i\circ E)(s)·C_{T_{{\alpha }_{max}}(t_{i-1},t_i)}(t_{i-1})\hfill \\ \hfill & \mid \mid \mathbb{E}(\le k)\mid {\mid }_{max}(s)=\sum _{i=1}^k((P_{{\alpha }_{max}\mid max\mid }^i\circ E)(s)·C_{T_{{\alpha }_{max}}(t_{i-1},t_i)}(t_{i-1})\hfill \end{array}$$

(11)

where $t_m=\underset{t_m\in S}{argmax}(P_{{\alpha }_{max}\mid max\mid }^m(s,t_m)).$

$\mid \mid \mathbb{E}(\le k)\mid {\mid }_{min}(s)$ is the first k steps cumulative expected cost of the path that starts from state s under the minimum scheduler.

$$\begin{array}{cc}\hfill & \mid \mid \mathbb{E}(\le 0)\mid {\mid }_{min}(s)=E{x}_{min}^s(cost[=0])=0\hfill \\ \hfill & \mid \mid \mathbb{E}(\le k)\mid {\mid }_{min}(s)\hfill \\ \hfill & =E{x}_{min}^s(cost[\le k])\hfill \\ \hfill & =\sum _{i=1}^k((P_{{\alpha }_{min}\mid max\mid }^i\circ E)(s)·C_{{\alpha }_{i-1}}(t_{i-1}))\hfill \\ \hfill & =\sum _{i=1}^k((P_{{\alpha }_{min}\mid max\mid }^i\circ E)(s)·C_{T_{{\alpha }_{min}}(t_{i-1},t_i)}(t_{i-1})\hfill \\ \hfill & \mid \mid \mathbb{E}(\le k)\mid {\mid }_{min}(s)=\sum _{i=1}^k((P_{{\alpha }_{min}\mid max\mid }^i\circ E)(s)·C_{T_{{\alpha }_{min}}(t_{i-1},t_i)}(t_{i-1})\hfill \end{array}$$

(12)

where $t_m=\underset{t_m\in S}{argmax}(P_{{\alpha }_{min}\mid max\mid }^m(s,t_m)).$

$\mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{max}\left(s\right)$ is the cumulative expected cost of the path that starts from state s and can reach a state in F under the maximum scheduler.

$$\begin{array}{cc}\hfill & \mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{max}\left(s\right)\hfill \\ \hfill & =E{x}_{max}^s\left(cost[\diamond Sat\left(\Phi \right)]\right)\hfill \\ \hfill & =\underset{1\le k\le \mid S\mid -\mid Sat\left(\Phi \right)\mid }{sup}E{x}_{max}^s\left(cost[\le k(\diamond Sat\left(\Phi \right))]\right)\hfill \\ \hfill & =\underset{2\le k\le \mid S\mid -\mid Sat\left(\Phi \right)\mid }{sup}\{E{x}_{max}^s\left(cost[\le 1(\diamond Sat\left(\Phi \right))]\right),E{x}_{max}^s\left(cost[\le k(\diamond Sat\left(\Phi \right))]\right)\}\hfill \\ \hfill & =\underset{2\le k\le \mid S\mid -\mid Sat\left(\Phi \right)\mid }{sup}\{(P_{{\alpha }_{max}\mid Sat\left(\Phi \right)\mid max\mid }^{}\circ E)\left(s\right)·C_{T_{{\alpha }_{max}}(s,t)}\left(s\right),\hfill \\ \hfill & \sum _{i=1}^{k-1}((P_{{\alpha }_{max}\mid Sat(\Phi )\mid max\mid }^{{}^{\prime }i}\circ E)\left(s\right)·C_{T_{{\alpha }_{max}}(t_{i-1},t_i)}\left(s\right))+\hfill \\ \hfill & ((P_{{\alpha }_{max}\mid Sat(\Phi )\mid max\mid }^{{}^{\prime }k-1}\circ P_{{\alpha }_{max}\mid Sat(\Phi )\mid max\mid }^{}\circ E)(s)·C_{T_{{\alpha }_{max}}(t_{k-1},t_k)}(t_{k-1}))\}\hfill \end{array}$$

(13)

where $t=\underset{t\in Sat\left(\Phi \right)}{argmax}\left(P_{{\alpha }_{max}\mid Sat\left(\Phi \right)\mid max\mid }(s,t)\right)$,

$t_m=\underset{t_m\in S/Sat(\Phi )}{argmax}({(P_{{\alpha }_{max}\mid Sat\left(\Phi \right)\mid max\mid }^{\prime })}^m(s,t_m)),$ if $1\le m\le k-1,$

$t_m=\underset{t_m\in Sat\left(\Phi \right)}{argmax}\left(\right({(P_{{\alpha }_{max}\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{\prime })}^m\circ P_{{\alpha }_{max}\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{}\left)(s,t_m)\right)$ if $m=k.$

$\mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{min}\left(s\right)$ is the cumulative expected cost of the path that starts from state s and can reach a state in F under the minimum scheduler.

$$\begin{array}{cc}\hfill & \mid \mid \mathbb{E}\left(\Phi \right)\mid {\mid }_{min}\left(s\right)\hfill \\ \hfill & =E{x}_{min}^s\left(cost[\diamond Sat\left(\Phi \right)]\right)\hfill \\ \hfill & =\underset{1\le k\le \mid S\mid -\mid Sat\left(\Phi \right)\mid }{sup}E{x}_{min}^s\left(cost[\le k(\diamond Sat\left(\Phi \right))]\right)\hfill \\ \hfill & =\underset{2\le k\le \mid S\mid -\mid Sat\left(\Phi \right)\mid }{sup}\{E{x}_{min}^s\left(cost[\le 1(\diamond Sat\left(\Phi \right))]\right),\hfill \\ \hfill & E{x}_{min}^s\left(cost[\le k(\diamond Sat\left(\Phi \right))]\right)\}\hfill \\ \hfill & =\underset{2\le k\le \mid S\mid -\mid Sat\left(\Phi \right)\mid }{sup}\{(P_{{\alpha }_{min}\mid Sat\left(\Phi \right)\mid max\mid }^{}\circ E)\left(s\right)·C_{T_{{\alpha }_{min}}(s,t)}\left(s\right),\hfill \\ \hfill & \sum _{i=1}^{k-1}((P_{{\alpha }_{min}\mid Sat\left(\Phi \right)\mid max\mid }^{{}^{\prime }i}\circ E)\left(s\right)·C_{T_{{\alpha }_{min}}(t_{i-1},t_i)}(s))+\hfill \\ \hfill & ((P_{{\alpha }_{min}\mid Sat\left(\Phi \right)\mid max\mid }^{{}^{\prime }k-1}\circ P_{{\alpha }_{min}\mid Sat\left(\Phi \right)\mid max\mid }^{}\circ E)\left(s\right)·C_{T_{{\alpha }_{min}}(t_{k-1},t_k)}\left(t_{k-1}\right))\}\hfill \end{array}$$

(14)

where $t=\underset{t\in Sat\left(\Phi \right)}{argmax}\left(P_{{\alpha }_{min}\mid Sat\left(\Phi \right)\mid max\mid }(s,t)\right)$,

$t_m=\underset{t_m\in S/Sat(\Phi )}{argmax}({(P_{{\alpha }_{min}\mid Sat(\Phi )\mid max\mid }^{\prime })}^m(s,t_m)),$ if $1\le m\le k-1,$

$t_m=\underset{t_m\in Sat(\Phi )}{argmax}(({(P_{{\alpha }_{min}\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{\prime })}^m\circ P_{{\alpha }_{min}\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{}\left)(s,t_m)\right)$ if $m=k.$

According to (1)–(14), we provide three algorithms to solve the problem of FCTL model checking with cost. Algorithm 1 is used to catch some values of some parameters which would be used to calculate the cost operators. Algorithm 2 is used to calculate the truth values of the formal FCTL state formulas. Algorithm 3 is used to calculate the cost operators.

Algorithm 1 Catch the action

Require: a state s, the first $k-1$ step transition matrix $P_{\alpha }$, the step k transition matrix $P_{\beta }$, action index matrix $T_{\alpha }$. Ensure: the state $t_{k-1}$ after $k-1$ steps transition, the state $t_k$ after k steps transition, the action of step k $T_{\alpha }(t_{k-1},t_k)$. 1: for$t\in S$do 2:     if $P_{\alpha }^{k-1}(s,t)>0$ then 3:         $t_{k-1}\Leftarrow t$ 4:     end if 5:     if $(P_{\alpha }^{k-1}\circ P_{\beta })(s,t)>0$ then 6:         $t_k\Leftarrow t$ 7:     end if 8: end for 9: return$t_{k-1},t_k,T_{\alpha }(t_{k-1},t_k)$

Algorithm 1 is proposed to get the action $\alpha$ and states $s_{k-1}$ and $s_k$ in transition $s_{k-1}\stackrel{\alpha }{⟶}{s}_k$ which are used in the computing of cost operators. By the definition of $P_{\alpha \mid max\mid }$, we can use the $P_{\alpha }^{k-1}(s,t)>0$ to be the determined condition of which is the successor state.

Algorithm 2 Calculating the formal FCTL state formula

Require: a FDPC $M_f$, a FCTL state formula $\Phi$. Ensure: the truth value of $\mid \mid \Phi \mid \mid \left(s\right)$. 1: if$\Phi =true$then 2:     return ${\left(1\right)}_{s\in S}$ 3: end if 4: if$\Phi =a\in AP$then 5:     return ${(\mid \mid a\mid \mid \left(s\right))}_{s\in S}$ 6: end if 7: if$\Phi =\neg \Phi$then 8:     return ${(1-\mid \mid \Phi \mid \mid \left(s\right))}_{s\in S}$ 9: end if 10: if$\Phi ={\Phi }_1\wedge {\Phi }_2$then 11:     return ${(\mid \mid {\Phi }_1\mid \mid \left(s\right)\wedge \mid \mid {\Phi }_2\mid \mid \left(s\right))}_{s\in S}$ 12: end if 13: if$\Phi =\exists ◯\Phi$then 14:     return $P_{Adv}\circ P_{\Phi }$ 15: end if 16: if$\Phi =\forall ◯\Phi$then 17:     return ${({(P_{Adv}\circ D_{\Phi })}^c\circ E)}^c$ 18: end if 19: if$\Phi =\exists {\Phi }_1\bigsqcup {\Phi }_2$then 20:     return ${(D_{{\Phi }_1}\circ P_{Adv})}^{*}\circ P_{{\Phi }_2}$ 21: end if 22: if$\Phi =\forall {\Phi }_1\bigsqcup {\Phi }_2$then 23:     return $P_{{\Phi }_2}\cup ([{({(D_{{\Phi }_1}\circ P_{Adv})}^c\circ D_S)}^c\circ {\left({(D_S\circ {(D_{{\Phi }_1}\circ P_{Adv})}^c)}^c\right)}^{*}$ $\circ D_{{\Phi }_2}{]}^c{\circ E)}^c$ 24: end if

Algorithm 2 is proposed to calculate the quantitative possibility of state formula by matrix operations based on (1)–(8).

Algorithm 3 is proposed to calculate the cost operators by matrix operations based on (9)–(14).

Now let us analyze the time complexities of our algorithm. We would see the three algorithms as one algorithm and analyze it.

Under the scheduler $Adv$, we can recursively calculate the truth value of $\mid \mid \Phi \mid \mid \left(s\right)$ in step $\mid \Phi \mid$, which is the number of the sub-formula of which is recursively defined as below. If $\Phi \in AP\cup \left\{true\right\}$, then $\mid \Phi \mid =1$, $\mid {\Phi }_1\wedge {\Phi }_2\mid =\mid {\Phi }_1\mid +\mid {\Phi }_2\mid +1$, $\mid \neg \Phi \mid =\mid \Phi \mid +1$, $\mid \exists ◯\Phi \mid =\mid \Phi \mid =1$, $\mid \forall ◯\Phi \mid =\mid \Phi \mid +1$, $\mid \exists {\Phi }_1\bigsqcup {\Phi }_2\mid =\mid {\Phi }_1\mid +\mid {\Phi }_2\mid +1$, $\mid \forall {\Phi }_1\bigsqcup {\Phi }_2\mid =\mid {\Phi }_1\mid +\mid {\Phi }_2\mid +1$, $\mid \mathbb{E}(=k)\mid =1$, $\mid \mathbb{E}(\le k)\mid =k$ and $\mid \mathbb{E}\left(\Phi \right)\mid =k\times (\mid \Phi \mid +1)$.

The time complexity of calculating the formula $\Phi =a\mid {\Phi }_1\wedge {\Phi }_2\mid \neg \Phi$ is only contacted with the size of FDPC $M_f$ and $\Phi$, and is $O(\mid S\mid )$. The time of calculating the formula $\Phi =\mathbb{E}(=k)\mid \mathbb{E}(\le k)$ is only contacted with the size of FDPC $M_f$ and $\Phi$ and k, and is $O(\mid S\mid \times k)$. The time of calculating the formula $\Phi =\exists \phi \mid \forall \phi$ is mainly contacted with the time of calculating the transitive closure of $P_{Adv}$, e.g., $P_{Adv}^{*}$. We use the method of literature [30], and the time complexities is $O(\mid S{\mid }^2\times log\mid S\mid )$. The time of calculating the formula $\Phi =\mathbb{E}\left(\Phi \right)$ is contacted with the time of catch and the time of matrix multiplication, and is $O(\mid S{\mid }^4)$. Above all, we give the time complexities of our algorithm.

Algorithm 3 Calculating the cost operators of FCTL

Require: a FDPC $M_f$, step k, a FCTL state formula $\Phi$. Ensure: the value of $\mathbb{E}$. 1: if$\Phi =\mathbb{E}(=k)$then 2:     Call algorithm 1, put $s,k,P_{Adv\mid max\mid },P_{Adv\mid max\mid },T_{Adv}$, get $t_{k-1},t_k,T_{Adv}(t_{k-1},t_k)$ 3:     return $(P_{Adv\mid max\mid }^k\circ E)\left(s\right)·C_{T_{Adv}(t_{k-1},t_k)}\left(t_{k-1}\right)$ 4: end if 5: if$\Phi =\mathbb{E}(\le k)$then 6:     for $i\Leftarrow 1$ to k do 7:         Call algorithm 1, put $s,i,P_{Adv\mid max\mid },P_{Adv\mid max\mid },T_{Adv}$, get $t_{i-1},t_i,T_{Adv}(t_{i-1},t_i)$ 8:         $sum\Leftarrow sum+(P_{Adv\mid max\mid }^i\circ E)\left(s\right)·C_{T_{Adv}(t_{i-1},t_i)}\left(t_{i-1}\right)$ 9:     end for 10:     return $sum$ 11: end if 12: if$\Phi =\mathbb{E}\left(\Phi \right)$then 13:     Call algorithm 1,put $s,1,P_{Adv\mid Sat\left(\Phi \right)\mid max\mid }^{},P_{Adv\mid Sat\left(\Phi \right)\mid max\mid }^{},T_{Adv}$, get $s_0,s_1,T_{Adv}(s_0,s_1)$ 14:     $sum\left(0\right)\Leftarrow (P_{Adv\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{}\circ E)\left(s\right)·C_{T_{Adv}(s_0,s_1)}\left(s\right)$ 15:     for $i\Leftarrow 2$ to $\mid S\mid -\mid Sat(\Phi )\mid$ do 16:         for $m\Leftarrow 1$ to $i-1$ do 17:            Call algorithm 1,put $s,m,P_{Adv\mid Sat\left(\Phi \right)\mid max\mid }^{\prime },P_{Adv\mid Sat\left(\Phi \right)\mid max\mid }^{\prime },T_{Adv}$, get $s_{m-1},s_m,T_{Adv}(s_{m-1},s_m)$ 18:            $sum\left(i\right)\Leftarrow sum\left(i\right)+({(P_{Adv\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{\prime })}^m\circ E)\left(s\right)·C_{T_{Adv}(s_{m-1},s_m)}\left(s_{m-1}\right)$ 19:         end for 20:         Call algorithm 1, put $s,i,P_{Adv\mid Sat\left(\Phi \right)\mid max\mid }^{\prime },P_{Adv\mid Sat\left(\Phi \right)\mid max\mid },T_{Adv}$, get $s_{i-1},s_i,T_{Adv}(s_{i-1},s_i)$ 21:         sum$\left(i\right)\Leftarrow$ sum$\left(i\right)+({(P_{Adv\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }^{\prime })}^{i-1}\circ P_{Adv\mid \mathrm{Sat}\left(\Phi \right)\mid max\mid }\circ E)\left(s\right)·C_{T_{Adv}(s_{i-1},s_i)}\left(s_{i-1}\right)$ 22:         if $sum\left(i\right)\ge sum\left(0\right)$ then 23:            $sum\left(0\right)\Leftarrow sum\left(i\right)$ 24:         end if 25:     end for 26:     return $sum\left(0\right)$ 27: end if

Theorem 1.

Let $M_f=(S,Act,P,I,AP,L,C)$ be a finite FDPC, Φ be a FCTL formula and k be a natural number. Then, the time complexities of calculating the truth values or expected cost is $O(size\left(M_f\right)\times poly\left(S\right)\times \mid \Phi \mid \times k)$, where $size\left(M_f\right)$ is the size of FDPC $M_f$, $poly\left(S\right)$ is a polynomials of $\mid S\mid$, $\mid \Phi \mid$ is the number of the sub-formula of $\mid \Phi \mid$, and k is the given natural number.

6. Illustrative Examples

A medical expert system is an intelligent computer system that collects, sorts and analyzes a large number of cases by computer, concentrates on the diagnosis results of medical experts, and diagnoses and treats patients. Because of the different judgment standards of each expert for the degree of the patient’s conditions and the effect of the treatment plan, using a fuzzy system can reflect the operation process of the system closer to the real world. Figure 10, Figure 11, Figure 12 and Figure 13 is a simple medical expert system, in which there are three experts. Each expert gives different treatment plans, which are represented by $\alpha$, $\beta$, $\gamma$. The model has four states of the patients, respectively, represented by $s_0$, $s_1$, $s_2$, $s_3$. The variables in the state indicate the patient’s health states, which can be divided into B(bad), G(general), N(normal) and E(enough). Different experts have a different understanding of these four health conditions. Therefore, we give fuzzy values to the four to show the health of patients. When treatment scheme ${\alpha }_i$ is used in state $s_i$, cost $C(s_i,{\alpha }_i)$ will be generated, indicating the treatment cost of the scheme. When using a single treatment scheme, the state transition of patients is shown in Figure 10, Figure 11 and Figure 12. When three experts consult, a complex system is synthesized, as shown in Figure 13. The connecting line with the arrow in the figure indicates transition. The transition possibility is given by the number on the connecting line, and the cost is indicated by the underlined number in the figure. For example, $s_0\stackrel{\alpha ,0.8,\underline{160}}{\to }{s}_1$ indicates that the patient is in state $s_0$, using treatment scheme $\alpha$, then the possibility of transition to state $s_1$ is 0.8, and the treatment cost is 160.

(1) $\mid \mid \exists ◯N\mid {\mid }_{max}\left(s_2\right)=0.8$, $\mid \mid \exists ◯N\mid {\mid }_{min}\left(s_2\right)=0.3$. $\mid \mid \exists ◯N\mid {\mid }_{max}\left(s_2\right)=0.8$ is the maximum truth value of that there exists one plan where the patient starts from state $s_2$ and becomes normal after one treatment. $\mid \mid \exists ◯N\mid {\mid }_{min}\left(s_2\right)=0.3$ is the minimum truth value of that there exists one plan where the patient starts from state $s_2$ and becomes normal after one treatment.

(2) $\mid \mid \forall ◯G\mid {\mid }_{max}\left(s_2\right)=0.4$, $\mid \mid \forall ◯G\mid {\mid }_{min}\left(s_2\right)=0.1$. $\mid \mid \forall ◯G\mid {\mid }_{max}\left(s_2\right)=0.4$ is the maximum truth value of all of the plans to satisfy that the patient starts from state $s_2$ and becomes general after one treatment. $\mid \mid \forall ◯G\mid {\mid }_{inx}\left(s_2\right)=0.1$ is the minimum truth value of all of the plans to satisfy that the patient starts from state $s_2$ and becomes general after one treatment.

(3) $\mid \mid \exists G\bigsqcup E\mid {\mid }_{max}\left(s_1\right)=0.5$, $\mid \mid \exists G\bigsqcup E\mid {\mid }_{min}\left(s_1\right)=0.4$. $\mid \mid \exists G\bigsqcup E\mid {\mid }_{max}\left(s_1\right)=0.5$ is the maximum truth value that there exists one plan that the patient starts from state $s_1$, keeps general in treatments and becomes enough finally. $\mid \mid \exists G\bigsqcup E\mid {\mid }_{min}\left(s_1\right)=0.4$ is the minimum truth value that there exists one plan that the patient starts from state $s_1$, keeps general in treatments and becomes enough finally.

(4) $\mid \mid \forall G\bigsqcup N\mid {\mid }_{max}\left(s_1\right)=0.4$, $\mid \mid \forall G\bigsqcup N\mid {\mid }_{min}\left(s_1\right)=0.1$. $\mid \mid \forall G\bigsqcup N\mid {\mid }_{max}\left(s_1\right)=0.4$ is the maximum truth value that all of the plans to satisfy that the patient starts from state $s_1$, keeps general in treatments and becomes enough finally. $\mid \mid \forall G\bigsqcup N\mid {\mid }_{min}\left(s_1\right)=0.1$ is the minimum truth value that all of the plans to satisfy that the patient starts from state $s_1$, keeps general in treatments and becomes enough finally.

(5) $\mid \mid \mathbb{E}(=6)\mid {\mid }_{max}\left(s_0\right)=51.1$, $\mid \mid \mathbb{E}(=6)\mid {\mid }_{min}\left(s_0\right)=22$. $\mid \mid \mathbb{E}(=6)\mid {\mid }_{max}\left(s_0\right)=51.1$ is the maximum skep 6 instantaneous expected cost of that the patient starts from state $s_0$. $\mid \mid \mathbb{E}(=6)\mid {\mid }_{min}\left(s_0\right)=22$ is the minimum skep 6 instantaneous expected cost of that the patient starts from state $s_0$.

(6) $\mid \mid \mathbb{E}(\le 6)\mid {\mid }_{max}\left(s_0\right)=383.5$, $\mid \mid \mathbb{E}(\le 6)\mid {\mid }_{min}\left(s_0\right)=158$. $\mid \mid \mathbb{E}(\le 6)\mid {\mid }_{max}\left(s_0\right)=383.5$ is the maximum first 6 steps cumulative expected cost of that the patient starts from state $s_0$. $\mid \mid \mathbb{E}(\le 6)\mid {\mid }_{min}\left(s_0\right)=158$ is the minimum first 6 steps cumulative expected cost of that the patient starts from state $s_0$.

(7) $\mid \mid \mathbb{E}\left(E\right)\mid {\mid }_{max}\left(s_0\right)=254$, $\mid \mid \mathbb{E}\left(E\right)\mid {\mid }_{min}\left(s_0\right)=70$. $\mid \mid \mathbb{E}\left(E\right)\mid {\mid }_{max}\left(s_0\right)=254$ is the maximum cumulative expected cost of that the patient starts from state $s_0$ and becomes enough finally. $\mid \mid \mathbb{E}\left(E\right)\mid {\mid }_{min}\left(s_0\right)=70$ is the minimum cumulative expected cost of that the patient starts from state $s_0$ and becomes enough finally.

7. Conclusions

This paper provides a polynomial model checking algorithm for the verification of some quantitative properties in fuzzy systems in which in any state a nondeterministic choice and cost between fuzzy sets exist. First, we define a fuzzy decision process model with a cost function. This model can describe the cost consumption and other attributes of a fuzzy system. By introducing the definition of the scheduler, we transmit FDPC into a fuzzy Kripke structure. Next, we give the syntax and semantics of fuzzy computation tree logic with a cost operator to describe the properties. Then, using fuzzy matrix and matrix operations, the quantitative calculation of the computation tree logic model checking on the fuzzy decision process model with the cost is introduced, and the corresponding polynomial time algorithm is proposed.

There are several problems that are worth further study. First, it is interesting to consider the linear temporal logic model checking in FDPC. Second, we would like to extend this method used in this paper to multi-objectives model checking. Finally, we will give some case studies on the methods proposed in this paper.