Counter Systems & Temporal Logics Lecture 2 Classes with - PowerPoint PPT Presentation

Counter Systems & Temporal Logics Lecture 2 Classes with semilinear reachability sets St´ ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Universidad de Buenos Aires, 2010

Plan of the talk • Previous lecture: counter systems, Presburger arithmetic. • Today’s lecture: • Counter systems with difference bounds constraints. • Reversal-bounded counter automata. • Affine counter systems with finite monoids. 2

Gains with semilinear reachability sets 3

Classes of counter systems with semilinear reachability sets • REL ( ϕ ) = { � x ∈ N n : ( q 0 , � x 0 ) ∗ → ( q ,� x ) } . − • ϕ allows to answer questions about the set of configurations reachable from ( q 0 , � x 0 ) . • Sometimes, we also need effective semilinearity of reachability relations, for instance for answering more general questions of the form x 0 ) ∗ x ) ∗ x ,� y ( q 0 , � → ( q ,� → ( q ′ ,� y ) and � x ,� y | ∃ � − − = ψ ? • Examples of classes with semilinear reachability sets: 1 VASS with dimension ≤ 2. [Hopcroft & Pansiot, TCS 79] 2 Communication-free Petri nets. [Esparza, FI 97] 3 Flat relational counter systems. [Comon & Jurski, CAV’98] 4 Flat affine counter systems with finite monoids. [Boigelot, PhD 98; Finkel & Leroux, FST&TCS’02] See also recent [Bozga & Iosif & Koneˇ cn´ y, CAV’10] 5 4

Decidable decision problems x ∈ N n : ( q 0 , � x 0 ) ∗ • REL ( ϕ q ) = { � → ( q ,� x ) } . − x ∈ N n : ( q 0 , � x 0 ) ∗ → ( q ,� x ) } is infinite iff the formula below • { � − is satisfiable: ¬ ∃ y ∀ x 1 , . . . , x n ϕ q ( x 1 , . . . , x n ) ⇒ ( x 1 ≤ y ∧ · · · ∧ x n ≤ y ) . • ( q 0 , � x 0 ) ∗ → ( q ,� a ) iff the formula below is satisfiable: − a ( 1 ) ∧ · · · ∧ x n = � a ( n ) , ϕ q ( x 1 , . . . , x n ) ∧ x 1 = � k times � �� � where any constant k > 0 is encoded by 1 + · · · + 1. 5

Presburger arithmetic is decidable • Quantifier elimination method, see e.g. [Cooper, ML 72]. • Automata-based approach: reduce logical problems into automata-based decision problems. [B¨ uchi, ZML 60] • REL ( ϕ ) is encoded by a regular language. • Number five can be encoded by 101 or by 101000. (least significant bit first) � � 5 • can be encoded by 8 � � � � � � � � � � 1 0 1 0 0 0 0 0 1 0 6

Automata-based approach for PrA • Encoding map f : N n → P (( { 0 , 1 } n ) ∗ ) . Each word in ( { 0 , 1 } n ) ∗ corresponds to at least one n -tuple. ⇔ L ( A ) = f ( REL ( ϕ )) . def • ϕ ≈ A • Theorem: Given ϕ , one can effectively build a FSA A ϕ s.t. ϕ ≈ A ϕ . See e.g. [Boudet & Comon, CAAP’96] • A ϕ is built by structural induction using product, complementation and projection for FSA. • Automaton for x 1 = x 2 + x 3 : 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 1 0 0 A , A , A , A , 0 1 0 1 0 1 @ @ @ A @ @ @ A 0 0 1 1 1 0 0 1 0 1 @ A 1 q 1 q 2 0 1 1 0 @ A 0 7

Recursive construction • Formulae ϕ and ψ with free variables x 1 , . . . , x n . Conjunction If ϕ ≈ A and ψ ≈ B , then ϕ ∧ ψ ≈ A ⊗ B . Negation If ϕ ≈ A , then ¬ ϕ ≈ A where · peforms complementation, which may cause an exponential blow-up. Quantification If ϕ ≈ A , then ∃ x n ϕ ≈ A ′ where A ′ is built over the alphabet { 0 , 1 } n − 1 by forgetting the n th component. • If ϕ and ψ do not share the same set of free variables, we perform a simple operation that consists in adding dummy bits. • Construction with non-elementary complexity in the worst-case (hence non-optimal). 8

Tools for deciding Presburger arithmetic • Automata-theoretic techniques for the first-order theory of ( Z , + , < ) with LIRA. [Becker et al., CAV’07] • Automata-based decision procedure for weak monadic second-order logic WS1S with MONA. [Biehl et al., FTRTFT’96] • Automata library that provides the implementation of standard constructions on automata as well as constructions for linear inequations with LASH. [Boigelot & Jodogne & Wolper, IJCAR’01] • TAPAS: suite of libraries dedicated to first-order logics of linear arithmetic. [Leroux & Point, TACAS’09] • SMT solvers including integer linear arithmetic (CVC3, Z3 etc.). [Barrett & Tinelli, CAV’07; de Moura & Bjorner, TACAS’08] 9

Systems with Difference Bounds Constraints 10

Update functions • Counter system S = ( Q , n , δ ) such that for every q → q ′ ∈ δ , ϕ is a conjunction of atomic formulae of the ϕ − form 1 either x ∼ y + c or x ∼ c , 2 x , y ∈ { x 1 , . . . , x n , x ′ 1 , . . . , x ′ n } , 3 c ∈ Z , 4 ∼∈ {≥ , ≤ , = , >, < } . • Example ( n = 2): ϕ = ( x 1 + 1 < x ′ 1 ) ∧ ( x 2 − 3 = x ′ 2 ) . 11

Phone controller is back ! x 1 + + x 2 < x 1 ,x 2 + + x 1 + + x 1 = x 2 = 0 x 1 > 0 q 1 q 2 q 3 q 4 x 2 ≤ x 1 x 1 = x 2 , x ′ 1 = x ′ 2 = 0 q 6 q 5 x ′ 2 ≤ x 1 ,x 2 + + 12

Closure by composition [Comon & Jurski, CAV 98] x ′ 1 = x 1 + 1 → q ′ followed by q ′ x ′ 1 > x 1 • q → q ′′ is equivalent to − − − − − − − x ′ 1 ≥ x 1 + 2 q → q ′′ − − − − x ′ 1 = x ′ → q ′ followed by q ′ x ′ 1 > x 1 ∧ x ′ 2 = x 1 2 > x 2 • q → q ′′ is equivalent to − − − − − − − − − − − − x ′ 1 > x 1 ∧ x ′ 2 > x 1 q → q ′′ − − − − − − − • Generalization can be done as stated below. • Lemma: Given t 1 = q ϕ 1 → q ′ and t 2 = q ′ ϕ 2 → q ′′ , there is ϕ − − x ′′ in N n , we have x , � x ′ and � such that for all � t 1 t 2 x ) t ( q ,� x ) → ( q ′ , � x ′ ) → ( q ′′ , � x ′′ ) iff ( q ,� → ( q ′′ , � x ′′ ) with − − − ϕ t = q → q ′′ . − 13

Closure by iteration in PrA x ′ 1 = x 1 + 1 • With unique transition t = q → q , we have − − − − ( q , K ) ∗ → ( q , K ′ ) iff K ′ ≥ K . − x ′ 1 ≥ x 1 + 1 • Finite iteration of t is q → q . − − − − x ′ 1 = x 1 + 2 → q , we have ( q , K ) ∗ • With transition t = q → ( q , K ′ ) iff − − − − − there is k ∈ N such that K ′ = K + 2 k . • ( q , K ) ∗ → ( q , K ′ ) iff v K , K ′ | = ∃ y x ′ − 1 = x 1 + 2 × y. ϕ • Theorem: Let q → q be a self-loop with the conjunction of − difference bounds constraints ϕ . One can effectively compute a Presburger formula ϕ ′ with free variables x 1 , . . . , x n , x ′ 1 , . . . , x ′ n s.t. x ′ in N n , ( q ,� x ) ∗ x , � → ( q , � x ′ ) iff v � = ϕ ′ . for all � − x ′ | x ,� 14

Flatness A relational counter system is flat if every control state belongs to at most one simple cycle. Moreover, there is at most one transition between two control states. 15

Reachability relation is Presburger-definable [Comon & Jurski, CAV 98] • Theorem Let S be a flat relational counter system and q , q ′ ∈ Q . One can effectively compute a Presburger formula ϕ s.t. for every v , we have = ϕ iff ( q , ( v ( x 1 ) , . . . , v ( x n ))) ∗ → ( q ′ , ( v ( x ′ 1 ) , . . . , v ( x ′ v | − n ))) . • The reachability problem for flat relational counter systems is decidable. • Consider instance S , ( q ,� y ) and ( q ′ , � y ′ ) . • Compute the Presburger formula ϕ as above. • Check satisfiability of the formula below: i = n � y ( i ) ∧ x ′ y ′ ( i ))) ∧ ϕ i = � ( x i = � ( i = 1 assuming free variables in ϕ are x 1 , . . . , x n , x ′ 1 , . . . , x ′ n . 16

Proof sketch for the theorem • For each cycle q 1 ϕ 1 → q 2 ϕ 2 ϕ N → q N ( q 1 = q N ) compute the − − → . . . − equivalent transition ( q 1 , ϕ, q 1 ) . • For q , q ′ , enumerate the run schemata between q and q ′ q q ′ • Compute the formula for reachability relation by composition. 17

x ∈ N 2 : ( q 1 ,� → ( q i ,� ∗ x ) , i ∈ [ 1 , 6 ] } semilinear? Is { � 0 ) − x 1 + + x 2 < x 1 ,x 2 + + x 1 + + x 1 = x 2 = 0 x 1 > 0 q 1 q 2 q 3 q 4 x 2 ≤ x 1 x 1 = x 2 , x ′ 1 = x ′ 2 = 0 q 6 q 5 x ′ 2 ≤ x 1 ,x 2 + + 18

Extension to octagon constraints • Octagon constraint has one of the forms below: ± x i ± x j ≤ c 2x i ≤ d − 2x i ≤ e with c , d , e ∈ Z . • Theorem Let S be a flat counter system with octagon constraints and q , q ′ ∈ Q . One can effectively compute a Presburger formula ϕ s.t. for every v , we have = ϕ iff ( q , ( v ( x 1 ) , . . . , v ( x n ))) ∗ → ( q ′ , ( v ( x ′ 1 ) , . . . , v ( x ′ v | − n ))) . [Bozga & Gˆ ırlea & Iosif, TACAS’09] [Bozga & Iosif & Koneˇ cn´ y, CAV’10] 19

Reversal-Bounded Counter Automata 20

Reversals • 6 phases, 3 biphases, and 5 reversals. • Initialized CA ( S , ( q ,� x )) is r -reversal-bounded def ⇔ every run from ( q ,� x ) has strictly less than r + 1 reversals. [Ibarra, JACM 78] ⇔ there is r such that def • S is uniformly reversal-bounded every initialized CA defined from S is r -reversal-bounded. 21