Decidability and complexity issues for subclasses of counter systems - - PowerPoint PPT Presentation

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata with finite monoid property and flatness

St´ ephane Demri demri@lsv.ens-cachan.fr

LSV, ENS Cachan, CNRS, INRIA

Course 2.9 – MPRI – 2010/2011 “Verification of parametrized and dynamic systems”

Plan of the lecture

• Previous lectures: VASS, reversal-bounded CA.
• Today’s lecture:
• Other reachability problems for reversal-bounded CA.
• Affine counter systems with flatness and finite monoid
• property. Reachability sets are effectively semilinear.
• Exercises.

2

Repeated reach. pb. for reversal-bounded CA

3

Reminder (see previous lecture)

Theorem: Let (S, (q0, x)) be r-reversal-bounded for some r ≥ 0. For each control state qf, the set R = { y ∈ Nn : ∃ run (q0, x) ∗ − → (qf, y)} is effectively semilinear. . . . but this result is not sufficient to answer questions about existence of infinite runs satisfying specific properties !

4

Decidability

• Control state repeated reachability problem restricted to

reversal-bounded initialized counter automata is decidable. [Dang & Ibarra & San Pietro, FSTTCS’01]

• ∃-PRESBURGER INFINITELY OFTEN PROBLEM

Input: Initialized CA (S, (q, x)) of dimension n that is r-reversal-bounded and a temporal formula of the form ψ = GFϕ(x1, . . . , xn) where ϕ is a Presburger formula on counters. Question: Is there an infinite run from (q, x) satisfying ψ?

• ∃-Presburger infinitely often problem is decidable.

[Dang & San Pietro & Kemmerer, TCS 03]

5

Proof for the decidability of control state repeated reachability problem

• r-reversal-bounded initialized CA (S, (q0,

x0)) and qf ∈ Q.

• Property (⋆): there is an infinite run from (q0,

x0) such that qf is repeated infinitely often.

• We reduce (⋆) to a reachability question for a new

reversal-bounded counter automaton S′.

• Property (⋆⋆): there exists a finite run

(q0, x0)

t1

− → (q1, x1) · · ·

tl′

− → (ql′, xl′) · · ·

tl

− → (ql, xl) such that

1 ql = ql′ = qf , 2

• xl′

xl,

3 if X ⊆ [1, n] is the set of counters tested to zero between

(ql, xl) and (ql′, xl′), then xl′(X) = xl(X) = 0.

6

Equivalence

• (⋆) is equivalent to (⋆⋆).
• (⋆⋆) shall provide a characterization with a finite witness

run that can be encoded as a reachability question.

• (⋆⋆) implies (⋆):
• ρ = (q0,

x0)

t1

− → (q1, x1) · · ·

tl′

− → (ql′, xl′) · · ·

tl

− → (ql, xl).

• Infinite ρ′ is defined with t1 · · · tl′(tl′+1 · · · tl)ω.
• qf is repeated infinitely often.
• Zero-tests are also successful (why?).

7

(⋆) implies (⋆⋆)

• ρ = (q0,

x0)

t1

− → (q1, x1)

t2

− → (q2, x2) · · · with qf repeated infinitely often.

• X: set of counters that are successfully tested to zero in ρ

infinitely often.

• By reversal-boundedness, there is I ≥ 0 s.t. for k ≥ I, we

have xk(X) = 0.

• There exists I ≤ k1 < k2 < k3 < . . . s.t. for 1 ≤ j < j′, we

have qkj = qf and between (qkj, xkj ) and (qkj′ , xkj′ ), exactly the counters in X are tested to zero.

• By Dickson’s Lemma, there exists J < J′ such that
• xkJ

xkJ′.

8

Reduction to a reachability question

S′ = (Q′, q0, 3 × n, δ′) s.t. (⋆ ⋆) iff (q0, x0) ∗ − → (qnew, 0) in S′. S SX0 SX2n−1 qnew

zero-test(X0); copy xi → xi+n zero-test(X2n−1); copy xi → xi+n zero-test(X0); check xi+n ≤ xi zero-test(X2n−1); check xi+n ≤ xi

dec(i) “SX = S\ zero-tests for X” X

def

= [1, n] \ X

9

Construction of S′

• Let S′ = (Q′, q0, 3 × n, δ′) s.t. (⋆ ⋆) iff

(q0, x0) ∗ − → (qnew, 0) in S′.

• Essentially, runs for S′ are also runs for S.
• One can effectively build ϕ s.t.

REL(ϕ) = { x : (q0, x0) ∗ − → (qnew, x) in S′}

• S′ is made of 2n + 1 copies of S plus some extra control

states such as qnew.

• It includes an initial distinguished copy of S.
• For X ⊆ [1, n], the control states of the X-copy (SX) are

among Q × {X} × P(X).

• Third component records the counters that have been

tested to zero since the run has entered in the X-copy.

10

Entering into the X-copy

• For X ⊆ [1, n], we consider a sequence of transitions from

qf to (qf, X, ∅) whose effect is to perform a zero-test on counters in X and to copy the value of each counter i ∈ X into the counter n + i.

• copy xi → xi+n:

1 Decrement the counter i until zero and for each decrement,

the counters n + i and 2n + i are incremented.

2 When counter i is equal to zero, decrement the counter

2n + i until zero while incrementing the counter i at each step.

3 The number of reversals is at most augmented by 2.

11

Transitions in the X-copy

• (q, X, Y)

ϕ

− → (q′, X, Y ′) is a transition whenever there is a transition q

ϕ′

− → q′ in S for which

• ϕ performs the same instruction as ϕ′,
• for i ∈ X, ϕ′ is a not a zero-test on i,
• if ϕ = zero(j), then Y ′ = Y ∪ {j} otherwise Y ′ = Y.
• When all the counters in X have been tested to zero at

least once and qf is reached, we may jump to qnew.

12

Final step

• Consider a sequence of transitions from (qf, X, X) to qnew

performing the following tasks:

1 for i ∈ X, perform a zero-test on counter i, 2 for i ∈ X, test whether the counter value for i is greater or

equal to the counter value for n + i,

3 empty all the counters.

• check xi+n ≤ xi: decrement i and n + i simultaneously

and nondeterministically test whether the counter n + i has value zero.

• (S′, (q0,

x0)) is (r + 3)-reversal-bounded.

13

Undecidable Model-Checking Problems

14

Universal problem for one-counter automaton

• One-counter automaton with alphabet: FSA + 1 counter.
• The universal problem for 1-reversal-bounded one-counter

automata with alphabet is undecidable [Ibarra, MST 79].

• One-counter automata with alphabet defines context-free

languages.

15

A simple undecidable temporal fragment

• The ∃-PRESBURGER-ALWAYS PROBLEM:

Input: Initialized CA (S, (q, x)) that is r-reversal-bounded and a formula ψ = Gϕ(x1, . . . , xn) where ϕ is a Presburger formula on counters. Question: Is there an infinite run from (q, x) satisfying ψ?

• The ∃-Presburger-always problem for reversal-bounded

counter automata is undecidable. [Dang & San Pietro & Kemmerer, TCS 03]

• By reduction from halting problem for Minsky machines:
• ne counter is encoded by two increasing counters,

counting the number of increments and decrements, respectively.

16

Reduction from the halting problem

• Proof analogous to the undecidability of the reachability

problem for reversal-bounded CA augmented with guards xi = xi′ and xi = xi′. [Ibarra et al., TCS 02]

• Given a Minsky machine S with halting state qh, we build a

0-reversal-bounded counter automaton S′ such that

• counter i in S′ records the increments of counter i in S,
• counter i + 2 in S′ records the decrements of counter i in S.
• zero-test on counter i in S is simulated by formula xi = xi+2.
• W.l.o.g., we can assume that
• S = (Q, 2, δ) is a deterministic CA,
• Halting control states in Qh ⊆ Q (no outgoing transitions),
• Q1, Q2 ⊆ Q contains exactly the control states that are

reached after zero-tests on counter 1 and counter 2, respectively.

17

Building S′ by erasing zero-tests

• 0-reversal-bounded CA S′ = (Q, 5, δ′):
• q

inc(i)

− − → q′ ∈ δ implies q

inc(i)

− − → q′ ∈ δ′.

• q

dec(i)

− − → q′ ∈ δ implies q

inc(i+2)

− − − − → q′ ∈ δ′.

• q

zero(i)

− − → q′ ∈ δ implies q

inc(5)

− − → q′ ∈ δ′.

• No halting control state is reached from (q,

0) in S iff there is an infinite run from (q, 0) in S′ satisfying G(

simulation of zero−tests

• i∈{1,2}
• q∈Qi

(q ⇒ xi = xi+2))∧G(

no negative counter values

• i∈{1,2}

xi ≥ xi+2 )∧G(

no halting state reached

• q∈Qh

¬q )

• Control states can be eliminated by adding increasing

counters whose differences encode control states.

18

Affine counter systems with finite monoid property

19

Overview

• Introduction to the class of admissible counter systems.
• Reachability relation is effectively semilinear.
• First part of next lecture: decidability of Presburger LTL

model-checking over the class of admissible counter systems.

20

Counter systems (bis)

q0 q1 q2 ϕ( x, x′) ϕ′( x, x′) x′

1 = x′ 2 = x′ 3 = 0

x′

1 = x1 + 1

x′

2 = x2 + 1

x′

3 = x3 + 1

• Counter system S = (Q, n, δ) of dimension n ≥ 1:
• Q is a nonempty finite set of control states.
• δ: finite set of transitions of the form t = (q, ϕ, q′) where

q, q′ ∈ Q and ϕ is a Presburger formula with free variables x1, . . . , xn, x′

1, . . . , x′ n.

• Configuration (q,

a) ∈ Q × Nn.

• (q,

a) t − → (q′, a′)

def

⇔ v[ x ← a, x′ ← a′] | = ϕ.

• Runs as nonempty (possibly infinite) sequences

ρ = (q0, a0) − → (q1, a1) · · · (qk, ak) · · ·

21

Subclasses of counter systems (bis)

• Standard counter automaton (Q, n, δ): transitions are of

the form either q

inc(i)

− − → q′ or q

dec(i)

− − → q′ or q

zero(i)

− − − → q′.

• Succinct counter automaton (Q, n, δ): transitions of the

form either q

add( b)

− − − → q′ with b ∈ Zn or q

zero( b′)

− − − → q′ with

• b′ ∈ {0, 1}n (simultaneous zero-tests).
• Affine counter systems are counter systems, generalizing

the class of succinct counter automata.

• Hence, most reachability/verification problems are

undecidable but we shall impose some further restrictions.

22

Affine functions

• Binary relation of dimension n: relation R ⊆ N2n.
• R is Presburger definable

def

⇔ there is a Presburger formula ϕ(x1, . . . , xn, x′

1, . . . , x′ n) such that R = REL(ϕ).

(REL(ϕ(x1, . . . , xk))

def

= {(v(x1), . . . , v(xk)) ∈ Nk : v | = ϕ}.)

• Partial function f : Nn → Nn is affine

def

⇔ there exist a matrix A ∈ Zn×n and b ∈ Zn such that for every a ∈ dom(f), f( a) = A a + b

• f is Presburger definable

def

⇔ the graph of f is a Presburger definable relation.

23

Affine counter systems

• Affine counter system S = (Q, n, δ): for every transition

q

ϕ

− → q′ ∈ δ, REL(ϕ) is affine.

• Herein, ϕ is encoded by a triple (A,

b, ψ) such that

1 A ∈ Zn×n, 2

b ∈ Zn,

3 ψ has free variables x1, . . . , xn, 4 REL(ϕ) = {(

x, x′) ∈ N2n : x′ = A x + b and x ∈ REL(ψ)}.

• Guard ψ and deterministic update function (A,

b).

• Succinct counter automata are affine counter systems in

which the matrices are equal to identity.

24

One step relation is semilinear (easy)

• Assuming t = q

(A, b,ψ)

− − − → q′, there is a Presburger formula χ( x, x′) such that for every v, we have v | = χ iff (q, (v(x1), . . . , v(xn)))

t

− → (q′, (v(x′

1), . . . , v(x′ n))).

ψ( x) ∧

• i∈[1,n]

(x′

i =

• j

A(i, j)xj + b(i))

25

Composing two affine updates

q0 q1 q2

„ x′

1

x′

2

« = „ 1 1 « „ x1 x2 « + „ 3 −3 « „ x′

1

x′

2

« = „ 2 2 « „ x1 x2 « + „ −1 2 « „ x′

1

x′

2

« = „ 2 2 « „ x1 x2 « + „ 5 −4 «

26

Composing two affine updates

• Let (A1,

b1, ψ1) and (A2, b2, ψ2) be two affine updates. There is (A, b, ψ) such that REL((A, b, ψ)) = {( x, x′) ∈ N2n : ∃ y ∈ Nn ( x, y) ∈ REL((A1, b1, ψ1)) and ( y, x′) ∈ REL((A2, b2, ψ2))}

• Partial fi : Nn → Nn such that

{( x, x′) ∈ N2n : x ∈ REL(ψi), x′ = Ai x + bi}

• REL((A,

b, ψ)) is equal to

{( x, x′) ∈ N2n : ∃ y ∈ Nn f1( x) = y, x ∈ dom(f1), f2( y) = x′, y ∈ dom(f2)}

27

Proof

• ∃

y ∈ Nn f1( x) = y, x ∈ dom(f1), f2( y) = x′, y ∈ dom(f2) is equivalent to the conditions:

1

• x′ = A2A1

x + A2 b1 + b2,

2

x ∈ REL(ψ1),

3 A1

x + b1 ∈ REL(ψ2).

• A = A2A1.

b = A2 b1 + b2.

• ψ = ∃

y ψ1( x) ∧ ( y = A1 x + b1) ∧ ψ2( y) with

x = (x1, . . . , xn) and y = (y1, . . . , yn).

y = A1 x + b1 is a shortcut for a conjunction made of n conjuncts.

• Indeed, each conjunct is of the form yi =

j A(i, j)xj +

b1(i).

28

Loop effect

q (A, b, ψ)

• How to represent symbolically

X = {( x, x′) ∈ N2n : (q, x) ∗ − → (q, x′)}?

• Is X definable in Presburger arithmetic?
• Reflexive and transitive closure R∗ ⊆ N2n of R ⊆ N2n:

( y, y′) ∈ R∗

def

⇔ there are x1, . . . xk ∈ Nn such that

x1 = y,

xk = y′,

• for i ∈ [1, k − 1], we have (

xi, xi+1) ∈ R.

29

Loop effect (II)

• If R is Presburger definable, this does not imply that R∗ is

Presburger definable too.

• R = {(α, 2α) ∈ N2 : α ∈ N}.
• R∗ = {(α, 2βα) ∈ N2 : α, β ∈ N}.
• If R∗ is Presburger definable, then so is {2β ∈ N : β ∈ N}.
• Indeed, if REL(ϕ(x, y)) = R∗, then

{2β ∈ N : β ∈ N} = REL(ϕ(x, y) ∧ x = 1).

• Consequently, R∗ is not Presburger definable.

(see next slide).

• If S = {(α, α + 1) ∈ N2 : α ∈ N} then

S∗ = {(α, β) ∈ N2 : α < β, α, β ∈ N} is Presburger definable.

30

X = {2β : β ∈ N} is not semilinear

• Suppose that X is semilinear.
• Since X is infinite, there are b ∈ N and p1, . . . , pm > 0

(m ≥ 1) such that Y = {b +

i=m

• i=1

nipi : n1, . . . , nm ∈ N} ⊆ X

• Let 2α ∈ Y such that p1 < 2α.
• By definition of Y, we have 2α + p1 ∈ Y.
• However, 2α < 2α + p1 < 2α+1, which leads to a

contradiction.

31

Presburger counting iteration

• The counting iteration of R ⊆ N2n is RCI ⊆ Nn × N × Nn

such that for all a, i and b, ( a, i, b) ∈ RCI

def

⇔ ( a, b) ∈ Ri

• R has a Presburger counting iteration

def

⇔ its counting iteration is Presburger definable.

• Assuming that R has a Presburger counting iteration:

1 there is χ(

x, z, y) such that REL(χ) = RCI,

2 REL(∃ z χ) = R∗.

• S = {(α, α + 1) ∈ N2 : α ∈ N} has a Presburger counter

iteration but not {(α, 2α) ∈ N2 : α ∈ N}.

• Exercise: compute χ for SCI.

32

Finite monoid property

• Let’s see a sufficient condition for having the Presburger

counting iteration.

• For A ∈ Zn×n, A∗ denotes the monoid generated from A

with A∗ = {Ai : i ∈ N}.

• In the monoid, the identity element is A0 = I.
• With A =

1 1 1

• , we have

A2 = 1 1 1 1 1 1

• =

1 2 1

• A3 =

1 3 1

• . . .

Am = 1 m 1

• 33

Finite monoid property and semilinearity

• Given A ∈ Zn×n, checking whether the monoid generated

by A is finite, is decidable [Mandel & Simon, TCS 77].

• Let R = {(

x, x′) ∈ N2n : x′ = A x + b and x ∈ REL(ψ)}.

• Theorem: If A∗ is finite, then R has a Presburger counting

iteration. [Boigelot, PhD 98; Finkel & Leroux, FSTTCS’02]

• In CA, A is the identity and therefore A∗ is finite.

34

Proof – Preliminaries

• Let R ⊆ N2n be defined by (A,

b, ψ).

• g: affine update function obtained by ignoring the guard ψ.

g( a) = A a + b ( g : Zn → Zn )

• Since A∗ is finite, there are α, β ∈ N such that Aα+β = Aα.
• α and β can be effectively computed from A.

[Mandel & Simon, TCS 77]

• Simple equalities (k ≥ 1):
• gk(

a) = Ak a + Ak−1 b + · · · + b (easy induction on k).

• gk(

0) = Ak−1 b + · · · + b.

35

Proof – Vectors of terms

• Terms in Presburger Arithmetic:

t ::= 0 | 1 | x | t + t

• Given an n-tuple

t of terms, gk( t) denotes the n-tuple Ak t + Ak−1 b + · · · + b

• ψ(

t) is a shortcut for the Presburger formula ∃x1, . . . , xn ψ(x1, . . . , xn) ∧ (

• i∈[1,n]

xi = t(i))

• t =
• 2

−2 −3 7 x y

• +
• 1

−2

• =
• 2x − 2y + 1

−3x + 7y − 2

• ψ(

t)

def

= ∃x1, . . . , xn ψ(x1, . . . , xn)∧x1+2y = 2x+1∧x2+3x+2 = 7y

36

Proof – Quantifying over number of compositions

• For

x, x′ ∈ Nn, ( x, x′) ∈ R∗ iff there is i ≥ 0 such that

1

• x′ = gi(

x),

2 for 0 ≤ j < i, gj(

x) | = ψ, i.e. gj( x) ∈ REL(ψ).

• Presburger formula defining R∗ may look like

∃ i ( x′ = gi( x)) ∧

• j<i

ψ(gj( x)).

• But,

1 gi(

x) is a shortcut for Ai x + Ai−1 b + · · · + b,

2 generalized conjunction has exactly i conjuncts.

• (

x′ = gi( x)) ∧

j<i ψ(gj(

x)) defines a family of formulae rather than a single formula.

37

Proof – Transforming an exponent into a factor

• Use Aα+β = Aα to replace i applications of g by

expressions in which i appears as a variable.

• For q ≥ 1, we shall show gα+qβ(

a) = gα( a) + qAαgβ( 0).

• q as an exponent is transformed into a factor.
• Aαgβ(

0) is constant tuple in Zn.

• For i = α + r + qβ with r < β,

gi( a) = gr(gα( a) + qAαgβ( 0)).

38

(Proof – gα+qβ( a) = gα( a) + qAαgβ( 0))

• Preliminary identities:

gα+β( a) = Aα+β a + Aα+β−1 b + · · · + b. = Aα+β a + Aα(Aβ−1 b + · · ·+ b) + (Aα−1 b + · · ·+ b) = Aα a + Aαgβ( 0) + (Aα−1 b + · · · + b) = gα( a) + Aαgβ( 0).

• Case q = 1 is above.
• gα+(q+1)β(

a) = gα(gβ( a)) + qAαgβ( 0) (by IH).

• gα+(q+1)β(

a) = gα( a) + Aαgβ( 0) + qAαgβ( 0).

• gα+(q+1)β(

a) = gα( a) + (q + 1)Aαgβ( 0).

39

Proof – Towards the final formula

• For fixed i ≥ 0, let R[i] be such that

REL(R[i]) = {( y, y′) ∈ N2n : yRi y′} (free variables in x1, . . . , xn, x′

1, . . . , x′ n)

• R[0] is equal to

j∈[1,n] xj = x′ j.

• R[i + 1] is equal to ∃

y ψ( y) ∧ R[i]( x, y) ∧ ( x′ = A y + b).

• Again

x′ = A y + b is understood as a conjunction of n conjuncts.

• To show that R has a Presburger counting iteration, we

define χ( x, z, x′) such that RCI = REL(χ( x, z, x′)).

40

A case analysis

• For

y, y′ ∈ Nn, ( y, y′) ∈ Ri for some i iff for some i

• (

y, y′) ∈ Ri,

• for 0 ≤ i′ < i, gi′(

y) ∈ REL(ψ) (guards satisfaction)

• either i < α or i = α + r + qβ with r ∈ [0, β − 1], q ∈ N and
• y′ = gα(

y) + qAαgβ( 0).

• χ(

x, z, x′) shall be equal to: ((z = 0 ∧ R[0]) ∨ · · · ∨ (z = α − 1 ∧ R[α − 1]))∨ (z ≥ α ∧ ∃q (χq,0 ∨ · · · ∨ χq,β−1)

• ne formula per remainder r

)

41

Proof – Defining the last chunks

• χq,r is equal to (z = α + r + β × q)∧

(∃ y′ ( y′ = Aα x + qAα(Aβ−1 b + · · · + b))

• y′=gz−r(

x)

∧( x′ = gr( y′))

• x′=gz(

x)

)∧χguard(z, x)

• This encodes gi(

a) = gr(gα( a) + qAαgβ( 0)) and the point below.

• χguard(z,

x) checks that the guard is satisfied for all the intermediate configurations.

42

χguard(z, x)

def

= (

• i∈[1,α]

∃ y R[i]( x, y)) ∧ ∀ z′ α ≤ z′ < z ⇒

• r ′∈[1,β−1]

∃ q′ (z′ = α+r′+q′β∧(∃ y′ ( y′ = Aα x + q′Aα(Aβ−1 b + · · · + b))

• y′=gz′−r′(

x)

∧

guard satisfaction

• ψ(gr ′(

y′)

=gz′( x)

) )))

43

Admissible counter systems

• A loop in an affine counter system has the finite monoid

property

def

⇔ A∗ is finite for its corresponding affine update (A, b, ψ).

• Admissible counter system S:

1 S is an affine counter system, 2 there is at most one transition between two control states, 3 its control graph is flat, 4 each loop has the finite monoid property.

• Consequently, the effect of each loop can be defined in

Presburger Arithmetic.

44

Flatness

A CS is flat if every control state belongs to at most one simple

• cycle. Moreover, there is at most one transition between two

control states.

45

Reachability is semilinear !

• Let S be an admissible counter system and q, q′ ∈ Q. One

can effectively compute ϕ such that for every v, we have v | = ϕ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(x′

1), . . . , v(x′ n))).

[Finkel & Leroux, FSTTCS’02; Leroux, PhD 03]

• First, build FSA A that overapproximates the language of

transitions between q and q′ (ignore counter values).

46

Proof

• The language of transitions between q and q′ can be

approximated by the union below (Σ = δ): t1t3(t4t2t3)∗t5t∗

6 ∪ t7t8(t10t9)∗t11t∗ 6

q q′ t1 t7 t3 t8 t4 t5 t10 t11 t9 t2 t6

• By flatness, L(A) is a finite union of languages of the form

u1(v1)∗u2(v2)∗ · · · (vk)∗uk+1 with ui ∈ Σ∗ and vi ∈ Σ+.

47

Encoding the effect of a path schema

u1(v1)∗u2(v2)∗ · · · (vk)∗uk+1

• By closure under composition, for i ∈ [1, k + 1], there is a

Presburger formula ψi

seg(

x, x′) that encodes the effect of segments of transitions ui.

• By previous theorem, for i ∈ [1, k], there is a Presburger

formula ψi

loop(

x, z, x′) that encodes the effect of the loop vi.

• Presburger formula encoding the effect of the above

sequence is the following (free variables in x, x′): ∃ z1, . . . , zk, y′

1,

y2, y′

2, . . . ,

• yk+1

ψ1

seg(

x, y′

1)∧ψ1 loop(

y′

1, z1,

y2)∧ψ2

seg(

y2, z1, y′

2)∧ψ2 loop(

y′

2, z2,

y3)∧· · · · · · ∧ ψk

loop(

y′

k, zk,

• yk+1) ∧ ψk+1

seg (

yk+1, x′)

48

Proof – Glueing pieces

• We know that there is a Presburger formula that encodes

the effect of applying a finite number of times the loop vi.

• We also know that there is a Presburger formula that

encodes the effect of applying once the segment ui.

• One can effectively compute the effect of applying a

sequence of transitions in the language L. (use existential quantification for intermediate positions)

• Since L(A) is a finite union of bounded languages and

Presburger arithmetic has obviously disjunction, there is ϕ( x, x′) such that for v, we have v | = ϕ iff (q, (v(x1), . . . , v(xn))) ∗ − → (q′, (v(x′

1), . . . , v(x′ n)))

49

About flatness

• Flat CS are not widely spread in real-life applications.
• A relaxed version of flatness: reachability can be captured

by a flat unfolding of the system.

• (S, (q,

x)) is flattable whenever there is a partial unfolding

• f (S, (q,

x)) that is flat and has the same reachability set as (S, (q, x)).

• Σ = δ; let L be a finite union of languages of the form

u1(v1)∗u2(v2)∗ · · · (vk)∗uk+1, such that two consecutive transitions share the intermediate control state.

• (S, (q,

x)) is initially flattable

def

⇔ there is some L of the above form such that {(q′, x′) : (q, x) ∗ − → (q′, x′)} = {(q′, x′) : (q, x) u − → (q′, x′), u ∈ L}

50

Is (S, (q1, 0)) initially flattable?

q1 q2 q3 q4 q6 q5 x1 = x2 = 0 id x1 > 0 x2 ≤ x1 id id x1 = x2, x′

1 = x′ 2 = 0

x1 + + x1 + + x2 < x1, x2 + + x′

2 ≤ x1, x2 + +

51

On being uniformly flattable

• S is uniformly flattable

def

⇔ there is a finite union of bounded languages L such that

∗

− →= {((q, x), (q′, x′)) : (q, x) u − → (q′, x′), u ∈ L}

• Flattable counter systems are everywhere.

[Leroux & Sutre, ATVA’05]

• Uniformly reversal-bounded CA are uniformly flattable.
• Reversal-bounded initialized CA are initially flattable.
• Semilinearity for reversal-bounded CA is regained:
• L can be effectively computed.
• Initialized CA + L leads to an admissible counter system.
• Reachability relation for admissible CS is semilinear.

52

Conclusion

• Today’s lecture:
• Reachability problems for reversal-bounded CA.
• Affine counter systems with finite monoid property and

flatness.

• Next lecture: Linear-time temporal logics on this class +

exercises.

53

• Exo. 1

q2 q1

( „ 1 1 « , „ 3 −3 « , x1 < x2) ( „ 1 1 « , „ −1 2 « , ⊤)

• 1. Compute ϕ(x1, x2, x′

1, x′ 2) such that for every v, we have

v | = ϕ iff (q1, v(x1), v(x2)) ∗ − → (q1, v(x′

1), v(x′ 2)).

• 2. Same question when ⊤ is replaced by ¬(x1 ≡15 x2).

54

• Exo. 2

q2 q1

( „ 1 1 « , „ 3 11 « , ⊤) ( „ 1 1 « , „ −1 24 « , ⊤)

• 1. Compute ϕ(x1, x2, z, x′

1, x′ 2) such that for every v, we have

v | = ϕ iff on the unique run starting at (q1, v(x1), v(x2)), the v(z)th configuration has counter values (v(x′

1), v(x′ 2)).

• 2. Given a Presburger formula ψ(y1, y2) viewed as a

constraint on counter values, compute ϕ′(x1, x2) such that for every v, we have v | = ϕ′ iff on the unique run starting at (q1, v(x1), v(x2)), the number of configurations with counter values satisfying ψ(y1, y2) is infinite.

55

• Exo. 3
• Complete the undecidability proof for the

∃-PRESBURGER-ALWAYS PROBLEM.

• Update the definition of S′ by adding 4 counters such that

the atomic formula qj above can be replaced by the Presburger formula (x7 − x6 = j ∧ x9 − x8 = j).

• When succinct counter automata are considered, explain

why 2 new counters suffice.

56