Counter Systems & Temporal Logics Lecture 2 Classes with - - PowerPoint PPT Presentation

Counter Systems & Temporal Logics Lecture 2 Classes with semilinear reachability sets

St´ ephane Demri demri@lsv.ens-cachan.fr

LSV, ENS Cachan, CNRS, INRIA

Universidad de Buenos Aires, 2010

Plan of the talk

• Previous lecture: counter systems, Presburger arithmetic.
• Today’s lecture:
• Counter systems with difference bounds constraints.
• Reversal-bounded counter automata.
• Affine counter systems with finite monoids.

2

Gains with semilinear reachability sets

3

Classes of counter systems with semilinear reachability sets

• REL(ϕ) = {

x ∈ Nn : (q0, x0) ∗ − → (q, x)}.

• ϕ allows to answer questions about the set of

configurations reachable from (q0, x0).

• Sometimes, we also need effective semilinearity of

reachability relations, for instance for answering more general questions of the form ∃ x, y (q0, x0) ∗ − → (q, x) ∗ − → (q′, y) and x, y | = ψ ?

• Examples of classes with semilinear reachability sets:

1 VASS with dimension ≤ 2.

[Hopcroft & Pansiot, TCS 79]

2 Communication-free Petri nets.

[Esparza, FI 97]

3 Flat relational counter systems.

[Comon & Jurski, CAV’98]

4 Flat affine counter systems with finite monoids.

[Boigelot, PhD 98; Finkel & Leroux, FST&TCS’02]

5

See also recent [Bozga & Iosif & Koneˇ cn´ y, CAV’10]

4

Decidable decision problems

• REL(ϕq) = {

x ∈ Nn : (q0, x0) ∗ − → (q, x)}.

• {

x ∈ Nn : (q0, x0) ∗ − → (q, x)} is infinite iff the formula below is satisfiable: ¬ ∃ y ∀x1, . . . , xn ϕq(x1, . . . , xn) ⇒ (x1 ≤ y ∧ · · · ∧ xn ≤ y).

• (q0,

x0) ∗ − → (q, a) iff the formula below is satisfiable: ϕq(x1, . . . , xn) ∧ x1 = a(1) ∧ · · · ∧ xn = a(n), where any constant k > 0 is encoded by

k times

• 1 + · · · + 1.

5

Presburger arithmetic is decidable

• Quantifier elimination method, see e.g. [Cooper, ML 72].
• Automata-based approach: reduce logical problems into

automata-based decision problems. [B¨ uchi, ZML 60]

• REL(ϕ) is encoded by a regular language.
• Number five can be encoded by 101 or by 101000.

(least significant bit first)

• 5

8

• can be encoded by
• 1

1 1

• 6

Automata-based approach for PrA

• Encoding map f : Nn → P(({0, 1}n)∗). Each word in

({0, 1}n)∗ corresponds to at least one n-tuple.

• ϕ ≈ A

def

⇔ L(A) = f(REL(ϕ)).

• Theorem: Given ϕ, one can effectively build a FSA Aϕ s.t.

ϕ ≈ Aϕ. See e.g. [Boudet & Comon, CAAP’96]

• Aϕ is built by structural induction using product,

complementation and projection for FSA.

• Automaton for x1 = x2 + x3:

q1 q2

@ 1 A , @ 1 1 1 A , @ 1 1 1 A @ 1 1 1 A @ 1 1 A @ 1 1 1 1 A , @ 1 1 A , @ 1 1 A

7

Recursive construction

• Formulae ϕ and ψ with free variables x1, . . . , xn.

Conjunction If ϕ ≈ A and ψ ≈ B, then ϕ ∧ ψ ≈ A ⊗ B. Negation If ϕ ≈ A, then ¬ϕ ≈ A where · peforms complementation, which may cause an exponential blow-up. Quantification If ϕ ≈ A, then ∃ xn ϕ ≈ A′ where A′ is built over the alphabet {0, 1}n−1 by forgetting the nth component.

• If ϕ and ψ do not share the same set of free variables, we

perform a simple operation that consists in adding dummy bits.

• Construction with non-elementary complexity in the

worst-case (hence non-optimal).

8

Tools for deciding Presburger arithmetic

• Automata-theoretic techniques for the first-order theory of

(Z, +, <) with LIRA. [Becker et al., CAV’07]

• Automata-based decision procedure for weak monadic

second-order logic WS1S with MONA. [Biehl et al., FTRTFT’96]

• Automata library that provides the implementation of

standard constructions on automata as well as constructions for linear inequations with LASH. [Boigelot & Jodogne & Wolper, IJCAR’01]

• TAPAS: suite of libraries dedicated to first-order logics of

linear arithmetic. [Leroux & Point, TACAS’09]

• SMT solvers including integer linear arithmetic (CVC3, Z3

etc.). [Barrett & Tinelli, CAV’07; de Moura & Bjorner, TACAS’08]

9

Systems with Difference Bounds Constraints

10

Update functions

• Counter system S = (Q, n, δ) such that for every

q

ϕ

− → q′ ∈ δ, ϕ is a conjunction of atomic formulae of the form

1 either x ∼ y + c or x ∼ c, 2 x, y ∈ {x1, . . . , xn, x′

1, . . . , x′ n},

3 c ∈ Z, 4 ∼∈ {≥, ≤, =, >, <}.

• Example (n = 2): ϕ = (x1 + 1 < x′

1) ∧ (x2 − 3 = x′ 2).

11

Phone controller is back !

q1 q2 q3 q4 q6 q5 x1 = x2 = 0 x1 > 0 x2 ≤ x1 x1 = x2, x′

1 = x′ 2 = 0

x1 + + x1 + + x2 < x1,x2 + + x′

2 ≤ x1,x2 + +

12

Closure by composition [Comon & Jurski, CAV 98]

• q

x′

1=x1+1

− − − − → q′ followed by q′ x′

1>x1

− − − → q′′ is equivalent to q

x′

1≥x1+2

− − − − → q′′

• q

x′

1=x′ 2=x1

− − − − − → q′ followed by q′ x′

1>x1∧x′ 2>x2

− − − − − − − → q′′ is equivalent to q

x′

1>x1∧x′ 2>x1

− − − − − − − → q′′

• Generalization can be done as stated below.
• Lemma: Given t1 = q

ϕ1

− → q′ and t2 = q′ ϕ2 − → q′′, there is ϕ such that for all x, x′ and x′′ in Nn, we have (q, x)

t1

− → (q′, x′)

t2

− → (q′′, x′′) iff (q, x) t − → (q′′, x′′) with t = q

ϕ

− → q′′.

13

Closure by iteration in PrA

• With unique transition t = q

x′

1=x1+1

− − − − → q, we have (q, K) ∗ − → (q, K ′) iff K ′ ≥ K.

• Finite iteration of t is q

x′

1≥x1+1

− − − − → q.

• With transition t = q

x′

1=x1+2

− − − − → q, we have (q, K) ∗ − → (q, K ′) iff there is k ∈ N such that K ′ = K + 2k.

• (q, K) ∗

− → (q, K ′) iff vK,K ′ | = ∃ y x′

1 = x1 + 2 × y.

• Theorem: Let q

ϕ

− → q be a self-loop with the conjunction of difference bounds constraints ϕ. One can effectively compute a Presburger formula ϕ′ with free variables x1, . . . , xn, x′

1, . . . , x′ n s.t.

for all x, x′ in Nn, (q, x) ∗ − → (q, x′) iff v

x, x′ |

= ϕ′.

14

Flatness

A relational counter system is flat if every control state belongs to at most one simple cycle. Moreover, there is at most one transition between two control states.

15

Reachability relation is Presburger-definable [Comon & Jurski, CAV 98]

• Theorem Let S be a flat relational counter system and

q, q′ ∈ Q. One can effectively compute a Presburger formula ϕ s.t. for every v, we have v | = ϕ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(x′

1), . . . , v(x′ n))).

• The reachability problem for flat relational counter systems

is decidable.

• Consider instance S, (q,

y) and (q′, y′).

• Compute the Presburger formula ϕ as above.
• Check satisfiability of the formula below:

(

i=n

• i=1

(xi = y(i) ∧ x′

i =

y′(i))) ∧ ϕ assuming free variables in ϕ are x1, . . . , xn, x′

1, . . . , x′ n.

16

Proof sketch for the theorem

• For each cycle q1

ϕ1

− → q2

ϕ2

− → . . .

ϕN

− → qN (q1 = qN) compute the equivalent transition (q1, ϕ, q1).

• For q, q′, enumerate the run schemata between q and q′

q q′

• Compute the formula for reachability relation by

composition.

17

Is { x ∈ N2 : (q1, 0)

∗

− → (qi, x), i ∈ [1, 6]} semilinear?

q1 q2 q3 q4 q6 q5 x1 = x2 = 0 x1 > 0 x2 ≤ x1 x1 = x2, x′

1 = x′ 2 = 0

x1 + + x1 + + x2 < x1,x2 + + x′

2 ≤ x1,x2 + +

18

Extension to octagon constraints

• Octagon constraint has one of the forms below:

±xi ± xj ≤ c 2xi ≤ d − 2xi ≤ e with c, d, e ∈ Z.

• Theorem Let S be a flat counter system with octagon

constraints and q, q′ ∈ Q. One can effectively compute a Presburger formula ϕ s.t. for every v, we have v | = ϕ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(x′

1), . . . , v(x′ n))).

[Bozga & Gˆ ırlea & Iosif, TACAS’09] [Bozga & Iosif & Koneˇ cn´ y, CAV’10]

19

Reversal-Bounded Counter Automata

20

Reversals

• 6 phases, 3 biphases, and 5 reversals.
• Initialized CA (S, (q,

x)) is r-reversal-bounded

def

⇔ every run from (q, x) has strictly less than r + 1 reversals. [Ibarra, JACM 78]

• S is uniformly reversal-bounded

def

⇔ there is r such that every initialized CA defined from S is r-reversal-bounded.

21

q1 q2 q3 q4 q5 q6 q7 q8 q9 q10 q11 inc(1) inc(2) inc(2) inc(1) zero(1) zero(2) inc(1) inc(2) inc(1) inc(2) dec(1) inc(1) zero(2) zero(1) inc(1) inc(2) dec(1) dec(2) inc(2) inc(1) Is (S, (q1, 0)) reversal-bounded? For which q, every (S, (q, x)) is reversal-bounded? Show that for every q, { x ∈ N2 : (S, (q, x)) is RB} is semilinear.

22

Reversal-boundedness detection problem

• Reversal-bounded counter automata are not defined

syntactically.

• REVERSAL-BOUNDEDNESS DETECTION PROBLEM

Input: Initialized CA (S, (q, x)). Question: Is (S, (q, x)) reversal-bounded?

• Reversal-boundedness detection problem is undecidable.

[Ibarra, JACM 78]

• Checking whether an initialized CA is r-reversal-bounded

is undecidable too.

• Restriction to VASS is decidable (and for variants too).

[Finkel & Sangnier, MFCS’08]

23

Simple undecidability proof

• Minsky machine S with halting instruction qh: halt.
• Either S has a unique infinite run (and never visits qh) or S

has a finite run (and halts at qh).

• Counter automaton S′ (dim. 3): replace t = qi

ϕ

− → qj by qi

inc(3)

− − → qnew

1,t dec(3)

− − → qnew

2,t ϕ

− → qj

• We have the following equivalences:
• S halts.
• For S′, qh can be reached from (q,

0).

• Unique run of S′ starting by (q,

0) is finite.

• S′ is reversal-bounded from (q,

0).

24

Semilinearity

• Theorem: [Ibarra, JACM 78] Let (S, (q0,

x0)) be r-reversal-bounded. For each q ∈ Q, the set { x ∈ Nn : (q0, x0) ∗ − → (q, x)} is effectively semilinear.

• REACHABILITY PROBLEM WITH BOUNDED NUMBER OF

REVERSALS

Input: CA S, (q, x), (q′, x′) and r ≥ 0. Question: Is there a run (q, x) ∗ − → (q′, x′) s.t. each counter performs during the run a number of reversals bounded by r?

• Corollary: The reachability problem with bounded number

reversals is decidable.

25

Let’s prove the corollary from the theorem !

• Instance: S, (q,

x), (q′, x′), r ≥ 0.

• Let us build S′ = (Q′, n, δ′), uniformly r-reversal bounded

by construction.

• Q′ def

= Q × {DEC, INC}n × [0, r]n.

• (q,
• mode, ♯

alt)

ϕ

− → (q′,

• mode

′, ♯

alt

′) ∈ δ′

def

⇔ q

ϕ

− → q′ ∈ δ and for each i ∈ [1, n]: ϕ

• mode(i)
• mode

′(i)

♯ alt

′(i)

dec(i) DEC DEC ♯ alt(i) dec(i) INC DEC ♯ alt(i) + 1 and ♯ alt(i) < r inc(i) INC INC ♯ alt(i) inc(i) DEC INC ♯ alt(i) + 1 and ♯ alt(i) < r zero(i) DEC DEC ♯ alt(i) zero(i) INC INC ♯ alt(i)

26

Main equivalence

• By construction, S′ is uniformly r-reversal-bounded.
• Equivalence:

1 In S, there is a run (q,

x)

∗

− → (q′, x′) such that each counter has at most r reversals,

2 In S′, (q,

INC, 0, x)

∗

− → (q′,

• mode, ♯

alt, x′) for some

• mode,

♯ alt.

• The values
• mode, ♯

alt belong to finite sets.

27

Completing the proof

• By the above theorem,

X(

• mode,♯

alt) = {

y ∈ Nn : (q, INC, 0, x) ∗ − → (q′,

• mode, ♯

alt, y)} is effectively semilinear.

• REL(ϕ(
• mode,♯

alt)) = X(

• mode,♯

alt) for some ϕ(

• mode,♯

alt).

x ∈ X(

• mode,♯

alt) is equivalent to satisfaction of

(

i=n

• i=1

xi = x(i)) ∧ ϕ(

• mode,♯

alt).

• Since the satisfiability problem for Presburger arithmetic is

decidable, we get an algorithm to solve the reachability problem with bounded number of reversals. (disjunctions of at most 2n(1 + r)n disjuncts).

28

Encodings of reversal-bounded counter automata

1 r-reversal-bounded initialized CA, reversal-boundedness

being established in some unspecified way.

2 r-reversal-bounded initialized VASS

(reversal-boundedness detection problem is decidable).

3 Initialized CA S with a bound r ≥ 0 and we assume that

this encodes the restriction of S with at most r reversals.

29

Main Proof for Effective Semilinearity

30

Three main parts

• Reduction to semilinearity for 1-reversal-bounded CA.
• Using finite-state automata to overapproximate reachability

sets for 1-reversal-bounded CA. (q0, x0)

a1

− → (q1, x1)

a2

− → (q2, x2) · · ·

ak

− → (qk, xk) u = a1 · · · ak ∈ Σ∗ with Σ = {zero(i), inc(i), dec(i) : i ∈ [1, n]}

• For i ∈ [1, n],

xk(i) = x0 + Π(u)(inc(i)) − Π(u)(dec(i)).

• Parikh image of u uniquely defines

xk.

• Exact values regained since Parikh images of context-free

languages are effectively semilinear (see details later).

31

Parikh image

• Σ = {a1, . . . , ak} with ordering a1 < · · · < ak.
• Parikh image of u ∈ Σ∗: Π(u)

def

=      n1 n2 . . . nk      ∈ Nk where each nj is the number of occurrences of aj in u.

• Parikh image of a b a a b is

3 2

• .
• Definition for Parikh image extends to languages.
• The Parikh image of any context-free language is

semilinear. [Parikh, JACM 66]

• Effective computation from pushdown automata.

32

Two simple properties

• Control graph of S allows to perform the sequence of

instructions u from q0 to qk.

• By 1-reversal-boundedness, the projection of u on

Σi = {inc(i), dec(i), zero(i)} belongs to Li = zero(i)∗ · inc(i)∗ · dec(i)∗ · zero(i)∗

• Finite-state automaton A = A1 ⊗ A2:
• A1 built from S with symbolic alphabet Σ.
• A2 guarantees that projection on Σi is in Li.
• By Parikh’s Theorem, the set below is effectively

semilinear: { x0 + (Π(u)(inc(1)), . . . , Π(u)(inc(n)))− (Π(u)(dec(1)), . . . , Π(u)(dec(n))) : u ∈ L(A)}

33

Three more properties

• Counter values are non-negative:
• For every prefix v of uΣi,
• x0(i) + Π(v)(inc(i)) − Π(v)(dec(i)) ≥ 0.
• It sufficient to check

x0(i) + Π(u)(inc(i)) − Π(u)(dec(i)) ≥ 0.

x0(i) = 0 implies the first letter of uΣi is different from zero(i).

• Last letter of uΣi equal to zero(i) implies
• x0(i) + Π(u)(inc(i)) − Π(u)(dec(i)) = 0.

Initial states of A and effective semilinearity of L(A) allow to encode these properties.

34

Reduction to 1-reversal-boundedness

• Principle as for reversal-bounded multistack systems.

[Baker & Book, JCSS 74]

counter 1 counter 2 counter 3 counter 1

Run in S Run in S′

35

From S to S′

• From Q to a superset of Q × ({INC, DEC} × [0, r

2])n.

• From

w ∈ ({INC, DEC} × [0, r

2])n ∋

w and i ∈ [1, n], we define S′[ w, i] ∈ [1, n × (1 + r

2)].

(“active” counter in S′ corresponding to counter i in S)

• q

inc(i)

− − → q′ ∈ δ, w ∈ ({INC, DEC} × [0, r

2])n,

w(i) = (DEC, l). q, w q′, w′ zero(Iold) zero(Iold) inc(Inew) dec(Iold) inc(Inew) dec(Iold) inc(Inew) Iold = S′[ w, i], Inew = S′[ w′, i]

• w′(j) =

w(j) for j = i, w′(i) = (INC, l + 1)

36

Semilinearity (I)

• If for (q,

w) ∈ Q × ({INC, DEC} × [0, r

2])n, the set

{ x : ((q0,

• (INC, 0)),

x′

0) ∗

− → ((q, w), x) in S′} is effectively semilinear, then { x ∈ Nn : (q0, x0) ∗ − → (q, x) in S} is effectively semilinear too, for every control state q.

• Formula for configurations with control state (q,

w) reachable from ((q0,

• (INC, 0)),

x′

0):

ϕ(q,

w)(x1, . . . , xn′)

• Formula for configurations with control state q reachable

from (q0, x0):

• w∈[0, r

2]n

(∃ y1 · · · yn′ ϕ(q,

w)(y1, . . . , yn′) ∧ (

• i∈[1,n]

xi = yS′[

w,i])).

37

Semilinearity (II)

• If S is uniformly r-reversal-bounded and the reachability

relation for S′ is Presburger definable, then the reachability relation for S is Presburger definable too.

• Formula ϕq,q′(z1, . . . , zn′, z′

1, . . . , z′ n′).

• From q to q′:
• w,

w′∈[0, r

2]n

(∃ x1 · · · xn′, y1 · · · yn′ ϕ(q,

w),(q′, w′)

∧(

• i∈[1,n]

z′

i = yS′[ w,i])∧(

• i∈[1,n]

zi = xS′[

• (INC,0),i])∧(
• j∈NA

xj = 0)). where NA = ([1, n′] \ {S′[

• (INC, 0), i] : i ∈ [1, n]}) (set of

initial “nonactive” counters).

38

Completing the part about 1-reversal-bounded CA

• Finite-state automaton A = A1 ⊗ A2 over Σ.
• By Parikh Theorem, for (q,

v) ∈ Q′, one can compute ϕ(q0,

v0) (q, v) (x1 inc, x1 dec, x1 zero, . . . , xn inc, xn dec, xn zero)

s.t. for every v, we have v | = ϕ(q0,

v0) (q, v)

iff there is an accepted u s.t. Π(u) = (v(x1

inc), . . . , v(xn zero)).

• For q ∈ Q,
• v∈S

v0

∃x1

inc, · · · , xn zero (ϕ(q0, v0) (q, v) (x1 inc, . . . , xn zero)

∧(

• i∈[1,n] s.t.

v(i)∈{

− →1, − →2} yi = 0))∧(

• i∈[1,n]

yi = xi

inc+

x0(i)−xi

dec)

39

Uniform reversal-boundedness

Let S be a uniformly 1-reversal-bounded CA. For q, q′ ∈ Q, one can effectively compute ϕq,q′(x1, . . . , xn, y1, . . . , yn) such that for v, we have v | = ϕq,q′ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(y1), . . . , v(yn))).

40

Parikh image of regular languages

• Directed graph G = (V, E) and f : E → N.
• f corresponds to a path iff

1 the subgraph induced by f is connected. 2 The number of edges entering in a node is equal to the

number of edges going out of the node, except possibly for two extremity nodes.

3 If the initial node is different from final node, the number of

edges entering in the the initial node is one less than the number of edges outgoing out the the initial node.

4 Similar condition for the terminal node, if any.

• These conditions can be expressed as a finite disjunction
• f equations in Presburger arithmetic.

41

Building the Presburger formula

• Finite-state automaton A = (Σ, Q, Q0, δ, F).
• Variables xa for a ∈ Σ and xt′ for t ∈ δ.
• Presburger formula of the form:

∃xt1 · · · xtk′ (

k

• i=1

xai =

• Σ(t)=ai

xt)∧ (

• q0∈Q0,qf ∈F
• connected (Q′,δ′), q0,qf ∈Q′

ϕ(Q′,q0,qf ,δ′) ∧ (

• t∈δ′

xt > 0) ∧ (

• t∈(δ\δ′)

xt = 0))

• For instance, if q0 = qf, then

ϕ(Q′,q0,qf ,δ′)

def

=

• q′′∈Q′

(

• t∈δ′ s.t. end(t)=q′′

xt −

• t∈δ′ s.t. beg(t)=q′′

xt = 0.)

42

Recapitulation

• Reduction to semilinearity for 1-reversal-bounded CA.
• Approximation of reachability sets for 1-reversal-bounded

CA by using FSA.

• Exact values regained since Parikh images of regular

languages are effectively semilinear.

43

Variants

44

Reversal-boundedness with one free counter

Same results for effective semilinearity apply.

• S → S′ that is 1-reversal-bounded with at most one free

counter.

• A = A1 ⊗ A2 with one-counter automaton A1.
• A1 is a pushdown system and Parikh’s Theorem applies to

context-free languages.

• So, the proof works smoothly by adding one free counter.

(and by using Parikh’s Theorem)

45

Weak reversal-boundedness [Finkel & Sangnier, MFCS’08]

• Reversals are recorded only above a bound B:

. . . . . .

B

• Same results for effective semilinearity apply.
• Whenever a counter value is below B, this can be encoded

in the control states.

46

Decidable reachability problems

• Control state repeated reachability problem restricted to

reversal-bounded initialized counter automata is decidable. [Dang & Ibarra & San Pietro, FSTTCS’01]

• ∃-PRESBURGER INFINITELY OFTEN PROBLEM

Input: Initialized CA (S, (q, x)) of dimension n that is r-reversal-bounded and a temporal formula of the form ψ = GFϕ(x1, . . . , xn) where ϕ is a Presburger formula on counters. Question: Is there an infinite run from (q, x) satisfying ψ?

• ∃-Presburger infinitely often problem is decidable.

[Dang & San Pietro & Kemmerer, TCS 03]

47

Undecidable Model-Checking Problems

48

Universal problem for one-counter automaton

• One-counter automaton with alphabet: FSA + 1 counter.
• The universal problem for 1-reversal-bounded one-counter

automata with alphabet is undecidable [Ibarra, MST 79].

• One-counter automata with alphabet defines context-free

languages.

49

A simple undecidable temporal fragment

• The ∃-PRESBURGER-ALWAYS PROBLEM:

Input: Initialized CA (S, (q, x)) that is r-reversal-bounded and a formula ψ = Gϕ(x1, . . . , xn) where ϕ is a Presburger formula on counters. Question: Is there an infinite run from (q, x) satisfying ψ?

• The ∃-Presburger-always problem for reversal-bounded

counter automata is undecidable. [Dang & San Pietro & Kemmerer, TCS 03]

• By reduction from halting problem for Minsky machines:
• ne counter is encoded by two increasing counters,

counting the number of increments and decrements, respectively.

50

Reduction from the halting problem

• Proof analogous to the undecidability of the reachability

problem for reversal-bounded CA augmented with guards xi = xi′ and xi = xi′. [Ibarra et al., TCS 02]

• Given a Minsky machine S with halting state qh, we build a

0-reversal-bounded counter automaton S′ such that

• counter i in S′ records the increments of counter i in S,
• counter i + 2 in S′ records the decrements of counter i in S.
• zero-test on counter i in S is simulated by formula xi = xi+2.
• W.l.o.g., we can assume that
• S = (Q, 2, δ) is a deterministic CA,
• Halting control states in Qh ⊆ Q,
• Q1, Q2 ⊆ Q contains exactly the control states that are

reached after zero-tests.

51

Building S′ by erasing zero-tests

• 0-reversal-bounded CA S′ = (Q, 5, δ′):
• q

inc(i)

− − → q′ ∈ δ implies q

inc(i)

− − → q′ ∈ δ′.

• q

dec(i)

− − → q′ ∈ δ implies q

inc(i+2)

− − − − → q′ ∈ δ′.

• q

zero(i)

− − → q′ ∈ δ implies q

inc(5)

− − → q′ ∈ δ′.

• No halting control state is reached from (q,

0) in S iff there is an infinite run from (q, 0) in S′ satisfying G(

simulation of zero−tests

• i∈{1,2}
• q∈Qi

(q ⇒ xi = xi+2))∧G(

no negative counter values

• i∈{1,2}

xi ≥ xi+2 )∧G(

no halting state reached

• q∈Qh

¬q )

• Control states can be eliminated by adding increasing

counters whose differences encode control states.

52

Final remarks

• Reversal-bounded counter automata has effective

semilinear reachability sets.

• Decidability results can be extended to variants: one free

counter, lower bound to count the reversals, addition of parameters (not presented here), etc..

• Open problem: Characterizing the computational

complexity of the reachability problem with bounded number of reversals when integers are encoded in binary.

• NEXPTIME upper bound from [Gurari & Ibarra, ICALP’81].

53

Admissible Counter Systems

54

Overview

• Introduction to the class of admissible counter systems.
• Reachability relation is effectively semilinear.

55

Affine functions

• Binary relation of dimension n: relation R ⊆ N2n.
• R is Presburger definable

def

⇔ there is a Presburger formula ϕ(x1, . . . , xn, x′

1, . . . , x′ n) such that R = REL(ϕ).

(REL(ϕ(x1, . . . , xk))

def

= {(v(x1), . . . , v(xk)) ∈ Nk : v | = ϕ})

• Partial function f : Nn → Nn is affine

def

⇔ there exist a matrix A ∈ Zn×n and b ∈ Zn such that for every a ∈ dom(f), f( a) = A a + b

• f is Presburger definable

def

⇔ the graph of f is a Presburger definable relation.

56

Affine counter systems

• Affine counter system S = (Q, n, δ): for every transition

q

ϕ

− → q′ ∈ δ, REL(ϕ) is affine.

• ϕ can be encoded by a triple (A,

b, ψ) such that

1 A ∈ Zn×n, 2

b ∈ Zn,

3 ψ has free variables x1, . . . , xn, 4 REL(ϕ) = {(

x, x′) ∈ N2n : x′ = A x + b and x ∈ REL(ψ)}.

• Guard ψ and deterministic update function (A,

b).

• Succinct counter automata are affine counter systems in

which the matrices are equal to identity.

57

Composing two affine updates

• Let (A1,

b1, ψ1) and (A2, b2, ψ2) be two affine updates. There is (A, b, ψ) such that REL((A, b, ψ)) = {( x, x′) ∈ N2n : ∃ y ∈ Nn ( x, y) ∈ REL((A1, b1, ψ1)) and ( y, x′) ∈ REL((A2, b2, ψ2))}

• A = A2A1.

b = A2 b1 + b2.

• ψ = ∃

y ψ1( x) ∧ y = A1 x + b1 ∧ ψ2( y).

58

Loop effect

q (A, b, ψ)

• How to represent symbolically

X = {( x, x′) ∈ N2n : (q, x) ∗ − → (q, x′)}?

• Is X definable in Presburger arithmetic?
• Reflexive and transitive closure R∗ ⊆ N2n of R ⊆ N2n:

( y, y′) ∈ R∗ iff there are x1, . . . xk ∈ Nn such that

x1 = y,

xk = y′,

• for i ∈ [1, k − 1], we have (

xi, xi+1) ∈ R.

59

Loop effect (II)

• If R is Presburger definable, this does not imply that R∗ is

Presburger definable too.

• R = {(α, 2α) ∈ N2 : α ∈ N}.
• R∗ = {(α, 2βα) ∈ N2 : α, β ∈ N}.
• If R∗ is Presburger definable, then so is {2β ∈ N : β ∈ N}.
• Semilinear subset of N are ultimately periodic.
• → R∗ is not Presburger definable.
• If S = {(α, α + 1) ∈ N2 : α ∈ N} then

S∗ = {(α, β) ∈ N2 : α < β, α, β ∈ N} is Presburger definable.

60

Presburger counting iteration

• The counting iteration of R ⊆ N2n is RCI ⊆ Nn × N × Nn

such that ( a, i, b) ∈ RCI iff ( a, b) ∈ Ri.

• R has a Presburger counting iteration if its counting

iteration is Presburger definable.

• {(α, α + 1) ∈ N2 : α ∈ N} has a Presburger counter

iteration.

• For A ∈ Zn×n, A∗ denotes the monoid generated from A

with A∗ = {Ai : i ∈ N}.

• The identity element is A0 = I.
• Given A ∈ Zn×n, checking whether the monoid generated

by A is finite, is decidable [Mandel & Simon, TCS 77].

61

Main result

• Let R = {(

x, x′) ∈ N2n : x′ = A x + b and x ∈ REL(ψ)}.

• Theorem: If A∗ is finite, then R has a Presburger counting

iteration. [Boigelot, PhD 98; Finkel & Leroux, FSTTCS’02]

• In CA, A is the identity and therefore A∗ is finite.
• General thema in the literature to determine when

Presburger definable relations admit Presburger definable reflexive and transitive closure.

62

Proof – Preliminaries

• Let R ⊆ N2n be defined by (A,

b, ψ).

• g: affine update function obtained by ignoring the guard ψ.

g( a) = A a + b

• Since A∗ is finite, there are α, β ∈ N such that Aα+β = Aα.
• α and β can be effectively computed from A.

[Mandel & Simon, TCS 77]

• Simple equalities (k ≥ 1):
• gk(

a) = Ak a + Ak−1 b + · · · + b.

• gk(

0) = Ak−1 b + · · · + b.

63

Proof – Vectors of terms

• Terms in Presburger Arithmetic:

t ::= 0 | 1 | x | t + t

• Given an n-tuple

t of terms, gk( t) denotes the n-tuple Ak t + Ak−1 b + · · · + b

• ψ(

t) is a shortcut for the Presburger formula ∃x1, . . . , xn ψ(x1, . . . , xn) ∧ (

• i∈[1,n]

xi = t(i))

• t =
• 2

−2 −3 7 x y

• +
• 1

−2

• =
• 2x − 2y + 1

−3x + 7y − 2

• ψ(

t)

def

= ∃x1, . . . , xn ψ(x1, . . . , xn)∧x1+2y = 2x+1∧x1+3x+2 = 7y

64

Proof – Quantifying over number of compositions

• (

x, x′) ∈ R∗ iff there is i ≥ 0 such that

1

• x′ = gi(

x),

2 for 0 ≤ j < i, gj(

x) | = ψ.

• Presburger formula defining R∗ may look like

∃ i x′ = gi( x) ∧

• j<i

ψ(gj( x)).

• But,

1 gi(

x) is a shortcut for Ai x + Ai−1 b + · · · + b,

2 generalized conjunction has exactly i conjuncts.

x′ = gi( x) ∧

j<i ψ(gj(

x)) defines a family of formulae rather than a single formula.

65

Proof – Transforming an exponent into a factor

• Use Aα+β = Aα to replace i applications of g by

expressions in which i appears as a variable.

• For q ≥ 1, we shall show gα+qβ(

a) = gα( a) + qAαgβ( 0).

• q becomes a factor and Aαgβ(

0) is constant tuple.

• Hence, for i − α = r + qβ with r < β and i ≥ α,

gi( a) = gr(gα( a) + qAαgβ( 0)).

66

(Proof – gα+qβ( a) = gα( a) + qAαgβ( 0))

• Preliminary identities:

gα+β( a) = Aα+β a + Aα+β−1 b + · · · + b. = Aα+β a + Aα(Aβ−1 b + · · ·+ b) + (Aα−1 b + · · ·+ b) = Aα a + Aαgβ( 0) + (Aα−1 b + · · · + b) = gα( a) + Aαgβ( 0).

• Case q = 1 is above.
• gα+(q+1)β(

a) = gα+qβ(gβ( a)) = gα(gβ( a)) + qAαgβ( 0).

• gα+(q+1)β(

a) = gα( a) + Aαgβ( 0) + qAαgβ( 0).

• gα+(q+1)β(

a) = gα( a) + (q + 1)Aαgβ( 0).

67

Proof – Towards the final formula

• For fixed i ≥ 0, let R[i] be such that

REL(R[i]) = {( y, y′) ∈ N2n : yRi y′}

• R[0] is equal to

j∈[1,n] xj = x′ j.

• R[i + 1] is equal to ∃

y ψ( y) ∧ R[i]( x, y) ∧ x′ = A y + b.

• To show that R has a Presburger counting iteration, we

define χ( x, z, x′) such that RCI = REL(χ( x, z, x′)).

• χ(

x, z, x′) is equal to: ((z = 0 ∧ R[0]) ∨ · · · ∨ (z = α − 1 ∧ R[α − 1]))∨ (z ≥ α ∧ ∃q (χq,0 ∨ · · · ∨ χq,β−1))

68

Proof – Defining the last chunks

• χq,r is equal to (z − α = r + β × q)∧

(∃ y′ y′ = Aα x + qAα(Aβ−1 b + · · · + b)

• gα+qβ(

x)

∧ x′ = gr( y′))∧χguard(z, x)

• This encodes gα+r+qβ(

a) = gr(gα( a) + qAαgβ( 0)).

• χguard(z,

x) checks that the guard is satisfied for all the intermediate configurations. χguard(z, x)

def

= (

• i∈[1,α]

∃ y R[i]( x, y)) ∧ ∀ z′ α ≤ z′ < z ⇒

• r ′∈[1,β−1]

∃ q′ (z′−α = r′+q′β∧(∃ y′ y′ =

gα+q′β( x)

• Aα

x + q′Aα(Aβ−1 b + · · · + b) ∧ψ(gr ′( y′)))))

69

Admissible counter systems

• A loop in an affine counter system has the finite monoid

property

def

⇔ A∗ is finite for its corresponding affine update (A, b, ψ).

• Admissible counter system S:

1 S is an affine counter system, 2 there is at most one transition between two control states, 3 its control graph is flat, 4 each loop has the finite monoid property.

• Consequently, the effect of each loop can be defined in

Presburger Arithmetic.

70

Flatness

A CS is flat if every control state belongs to at most one simple

• cycle. Moreover, there is at most one transition between two

control states.

71

Reachability is semilinear !

• Let S be an admissible counter system and q, q′ ∈ Q. One

can effectively compute ϕ such that for every v, we have v | = ϕ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(x′

1), . . . , v(x′ n))).

[Finkel & Leroux, FSTTCS’02; Leroux, PhD 03]

• First, build FSA A that overapproximates the language of

transitions between q and q′ (ignore counter values).

72

Proof

• The language of transitions between q and q′ can be

approximated by the union below (Σ = δ): t1t3(t4t2t3)∗t5t∗

6 ∪ t7t8(t10t9)∗t11t∗ 6

q q′ t1 t7 t3 t8 t4 t5 t10 t11 t9 t2 t6

• By flatness, L(A) is a finite union of languages of the form

u1(v1)∗u2(v2)∗ · · · (vk)∗uk+1 with ui ∈ Σ∗ and vi ∈ Σ+.

73

Proof – Glueing pieces

• We know that there is a Presburger formula that encodes

the effect of applying a finite number of times the loop vi.

• We also know that there is a Presburger formula that

encodes the effect of applying once the segment ui.

• One can effectively compute the effect of applying a

sequence of transitions in the language L. (use existential quantification for intermediate positions)

• Since L(A) is a finite union of bounded languages and

Presburger arithmetic has obviously disjunction, there is ϕ( x, x′) such that for v, we have v | = ϕ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(x′

1), . . . , v(x′ n)))

74

About flatness

• Flat CS are not widely spread in real-life applications.
• A relaxed version of flatness: reachability can be captured

by a flat unfolding of the system.

• (S, (q,

x)) is flattable whenever there is a partial unfolding

• f (S, (q,

x)) that is flat and has the same reachability set as (S, (q, x)).

• Σ = δ; let L be a finite union of languages of the form

u1(v1)∗u2(v2)∗ · · · (vk)∗uk+1, such that two consecutive transitions share the intermediate control state.

• (S, (q,

x)) is initially flattable iff there is some L of the above form such that {(q′, x′) : (q, x) ∗ − → (q′, x′)} = {(q′, x′) : (q, x) u − → (q′, x′), u ∈ L}

75

Is (S, (q1, 0)) initially flattable?

q1 q2 q3 q4 q6 q5 x1 = x2 = 0 id x1 > 0 x2 ≤ x1 id id x1 = x2, x′

1 = x′ 2 = 0

x1 + + x1 + + x2 < x1, x2 + + x′

2 ≤ x1, x2 + +

76

On being uniformly flattable

• S is uniformly flattable

def

⇔ there is a finite union of bounded languages L such that

∗

− →= {((q, x), (q′, x′)) : (q, x) u − → (q′, x′), u ∈ L}

• Flattable counter systems are everywhere.

[Leroux & Sutre, ATVA’05]

• Uniformly reversal-bounded CA are uniformly flattable.
• Reversal-bounded initialized CA are initially flattable.
• Initialized gainy CA are initially flattable.
• Semilinearity for reversal-bounded CA is regained:
• L can be effectively computed.
• Initialized CA + L leads to an admissible counter system.
• Reachability relation for admissible CS is semilinear.

77

Conclusion

• Today’s lecture:
• Reversal-bounded counter automata.
• Flat relational counter systems.
• Tomorrow’s lecture: vector addition systems with states.

78