Decidable Problems for Counter Systems Day 3 Vector Addition - - PowerPoint PPT Presentation

Decidable Problems for Counter Systems Day 3 Vector Addition Systems

St´ ephane Demri demri@lsv.ens-cachan.fr

LSV, ENS Cachan, CNRS, INRIA

ESSLLI 2010, Copenhagen, August 2010

Plan of the talk

• Previous lectures:
• Classes of counter systems, Presburger arithmetic.
• LTL-like dialects for counter systems.
• VASS and FO2 over data words
• Relationships between VASS, VAS and Petri nets
• (Coverability graphs in a nutshell)
• Covering problem in EXPSPACE

2

Recapitulation about VASS

q0 q1

B B @ −1 1 C C A B B @ 1 C C A B B @ 1 −1 1 1 C C A B B @ −1 1 1 C C A

• VASS is a counter system with transitions of the form

q

• b

− → q′ with b ∈ Zn, which is a shortcut for

• i∈[1,n]

x′

i = xi +

b(i)

• VAS = VASS with a unique control state.

3

VASS and a Logic on Data Words

4

Data words [Bouyer, IPL 02]

• Timed word

[Alur & Dill, TCS 94] a b c a a b 0.3 1 2.3 3.5 3.51

• Runs from counter systems

q0 q2 q3 q2 q3 q2 1 2 3 4

• Integer arrays

t[0] t[1] t[2] t[3] t[4] t[5] . . .

• Extension to data trees (XML documents with values).

5

Specifying classes of data words

• Register automata
• Register automata

[Kaminski & Francez, TCS 94]

• Data automata

[Bouyer & Petit & Th´ erien, IC 03]

• See the survey

[Segoufin, CSL 06]

• Class automata

[ Boja´ nczyk & Lasota, LICS’10]

• First-order languages

[Boja´ nczyk et al., LICS 06]

• Temporal logics
• Real-time logic TPTL

[Alur & Henzinger, JACM 94]

• LTL with registers

[Demri & Lazi´ c & Nowak, TIME 05]

• Many other formalisms
• Rewriting systems with data

[Bouajjani et al., FCT 07]

• Hybrid logics

[Schwentick & Weber, STACS 07]

• . . .

6

First-order logic on data words

• Data word: nonempty finite sequence of pairs from Σ × N.
• Variable valuation v for a model σ: map from VAR′ to the

positions of σ.

• Variables are interpreted as positions.
• Formulae of the logic FOΣ(∼, <, +1) (Σ is a finite alphabet)

ϕ ::= a(x) | x ∼ y | x < y | x = y+1 | ¬ϕ | ϕ∧ϕ | ∃x ϕ

• Last position is labelled by the letter a ∈ Σ:

∃x (¬∃y x < y) ∧ a(x)

7

Data words as first-order structures

• Alphabet Σ = {a1, . . . , aN} and infinite domain N.
• Data word σ = (ai1, d1) · · · (aiK , dK) is equivalent to

({1, . . . , K}, <, ∼, +1, P1, . . . , PN)

• For j, j′ ∈ {1, . . . , K}, j ∼ j′ iff dj = dj′.
• For l ∈ {1, . . . , N}, Pl

def

= {j ∈ {1, . . . , K} : aij = al}.

• First-order logic can be naturally interpreted over such

structures.

8

Semantics

σ | =v a(x)

def

⇔ Σ(x) = a σ | =v x ∼ y

def

⇔ N(x) = N(y) σ | =v x < y

def

⇔ v(x) < v(y) σ | =v x = y + 1

def

⇔ v(x) = v(y) + 1 σ | =v ∃ x ϕ

def

⇔ there is position i s.t. σ | =v[x→i] ϕ.

• Satisfiability for FO(∼, <, +1) restricted to three individual

variables is undecidable [Boja´ nczyk et al., LICS 06].

9

Main decidability result

• Theorem: Satisfiability problem for FO2(∼, <, +1) is

decidable. [Boja´ nczyk et al., LICS 06].

• Proof in two steps:
• Satisfiability is first reduced to nonemptiness for data

automata (not defined in this course).

• Nonemptiness for data automata is then reduced to the

reachability problem for VASS.

• Theorem: There is a polynomial-space reduction from the

reachability problem for VASS to finitary satisfiability for FO2(∼, <, +1).

10

Simplifying the instance

• Transitions can be restricted to increments or decrements
• f a single counter.
• Translation
• 2

−3

• can be encoded by 2 increments of the

first counter followed by 3 decrements of the second counter.

• Initial and final configurations have all the counters equal

to zero.

• (q0,
• 2

1

• ) and (qf,
• 1

1

• ) are reduced to (q′

0,

• ) and

(q′

f,

• ) by adding the transitions

q′

inc(1)

− − → q1

inc(1)

− − → q2

inc(2)

− − → q0 qf

dec(1)

− − → q1

f dec(2)

− − → q′

f

• All these reductions require only polynomial space.

11

Fixing a few more things (proof)

• Instance: S = (Q, n, δ), (qi,

0), (qf, 0).

• Σ = Q ⊎ {inc(i), dec(i) : i ∈ [1, n]}.

(below a ∈ {inc(i), dec(i) : i ∈ [1, n]})

• The run (q0,

x0)

a0

− → (q1, x1)

a1

− → · · ·

aK−1

− − → (qK, xK ) encoded by a data word with projection q0a0q1a1 · · · aK−1qK.

• Run

q0 q1 q2 q3 q4 q5 q6

• 1
• 2
• 2

1

• 1

1

• 1
• corresponds to data word

q0 inc(1) q1 inc(1) q2 inc(2) q3 dec(1) q4 dec(1) q5 dec(2) q6 ⋆ k1 ⋆ k2 ⋆ k3 ⋆ k1 ⋆ k2 ⋆ k3 ⋆

12

Enforcing the projection on finite Σ

• ϕproj: conjunction of the formulae below.
• The first letter is qi:

∃x (¬∃y y < x) ∧ qi(x)

• The last letter is qf:

∃x (¬∃y x < y) ∧ qf(x)

• Sequence of locations/actions respects the control graph:

∀ x (

• q∈Q

q(x)) ⇒ ((¬∃y x < y)∨

• q

a

− →q′∈δ (q(x) ∧ (∃y y = x + 1 ∧ a(y))∧ (∃y y = x + 1 ∧ (∃x x = y + 1 ∧ q′(x)))))

• Observe the nice (and standard) recycling of variables.

13

Constraints on data values

• To encode counter values, each increment or decrement is

attached to a datum.

• A desirable data word:

q0 inc(1) q1 inc(1) q2 inc(2) q3 dec(1) q4 dec(1) q5 dec(2) q6 ⋆ k1 ⋆ k2 ⋆ k3 ⋆ k1 ⋆ k2 ⋆ k3 ⋆

• ϕ: conjunction of ϕproj and formulae below.
• For i, j ∈ [1, n], there are no two positions labelled by inc(i)

and inc(j) having the same datum: ∀x y (x < y ∧ inc(i)(x) ∧ inc(j)(y)) ⇒ ¬(x ∼ y). (recall that inc(i) and dec(i) are letters in Σ)

• Idem for dec(i) and dec(j):

∀x y (x < y ∧ dec(i)(x) ∧ dec(j)(y)) ⇒ ¬(x ∼ y).

14

Constraints on data values (II)

• For i ∈ [1, n], for every position labelled by dec(i), there is a

past position labelled by inc(i) with the same data value: ∀x dec(i)(x) ⇒ (∃ y y < x ∧ x ∼ y ∧ inc(i)(y))

• In the final configuration, any counter value is zero. So, for

i ∈ [1, n], for every position labelled by inc(i), there is a future position labelled by dec(i) with same data value: ∀x inc(i)(x) ⇒ (∃ y x < y ∧ x ∼ y ∧ dec(i)(y))

• One can show (qf,

0) is reachable from (qi, 0) iff ϕ is satisfiable.

15

Petri nets and VASS

16

A few definitions on Petri nets

Petri net N = (S, T, W, mI)

• finite set of places S,
• finite set of transitions T,
• weight function W : (S × T) ∪ (T × S) → N,
• initial marking mI : S → N.

(marking m : S → N, specifying the nb. of tokens by place) pA pB pC p1 S = {pA, pB, pC, p1} W(pA, t1) = 1 W(t1, pA) = 0

17

Reachable markings

• Transition t ∈ T is m-enabled, whenever for all places

p ∈ S, m(p) ≥ W(p, t).

• An m-enabled transition t may fire and produce the

marking m′, written m

t

− → m′, with for all places p ∈ S, m′(p) = m(p) − W(p, t) + W(t, p)

• Marking m′ is reachable from m whenever there is a

sequence of the form m0

t0

− → m1

t1

− → · · ·

tk−1

− → mk with m0 = m and mk = m′ (also written m

t0···tk−1

− − − − → m′).

18

Problems on Petri nets

• Reachability problem for Petri nets:

Input: a Petri net (S, T, W, mI) and a marking m. Question: is m reachable from mI?

• Covering problem for Petri nets:

Input: a Petri net (S, T, W, mI) and a marking m. Question: is there a marking m′ reachable from mI such that for all p ∈ S, we have m′(p) ≥ m(p)?

• Boundedness problem for Petri nets:

Input: a Petri net (S, T, W, mI). Question: is the set of markings reachable from mI infinite?

19

Questions

• Is (0, 0, 1, 1000) reachable from (1, 0, 0, 0) (with implicit
• rdering of the places pA, pB, pC, p1) ?
• Is (1, 0, 1, 2) reachable from (1, 0, 0, 0)?
• Is the Petri net with initial marking (1, 0, 0, 0) bounded?
• Is there some marking m reachable from (1, 0, 0, 0) such

that (1, 0, 0, 1000) m? pA pB pC p1

20

From VASS to Petri nets

pA pB pC p1 A B C

+1 −1

21

Systematic construction of Petri nets

• VASS V = (Q, n, δ) + configuration (qI,

xI).

• The corresponding Petri net NV:
• For q ∈ Q, we introduce a place pq.
• For i ∈ [1, n], we introduce a place pi.
• For q
• b

− → q′ ∈ δ, we consider a transition t that consumes a token in pq, produces a token in pq′ and produces [resp. consumes] b(i) tokens in the place pi when b(i) ≥ 0 [resp. when b(i) < 0].

• Initial marking mI contains one token in the place pqI and

for i ∈ [1, n], mI(pi) = xI(i).

22

Reductions

• For all (q,

x), we have the equivalence

• (q,

x) is reachable from (qI, xI),

• m is reachable from mI where for q′ ∈ Q \ {q}, m(pq′) = 0,

m(pq) = 1 and for i ∈ [1, n], m(pi) = x(i).

• Boundedness, covering and reachability problems for

VASS can be reduced to the analogous problems for Petri nets.

23

From Petri nets to VASS

pA pB pC p1 t1 1 t2 t3 t4

B B @ 1 1 1 C C A B B @ −1 1 C C A B B @ −1 1 C C A B B @ 1 1 C C A B B @ 1 1 C C A B B @ −1 −1 1 C C A B B @ 1 1 C C A B B @ −1 1 C C A

24

Systematic construction of VASS

• Petri net (S, T, W, mI) with (arbitrary) bijection

f : {1, . . . , card(S)} → S.

• The corresponding VASS V = (Q, n, δ):
• Q = {1} ⊎ T,
• n = card(S),
• for t ∈ T, we consider two transitions in δ:

1

• b−

− → t t

• b+

− → 1 such that for i ∈ [1, n],

• b−(i) = −W(f(i), t)
• b+(i) = W(t, f(i))
• Initial configuration (qI,

xI) with qI = 1 and for i ∈ [1, n],

• xI(i) = mI(f(i)).

25

Reductions (bis)

• For all markings m, we have the equivalence:
• m is reachable from mI,
• there is a run from (qI,

xI) to (q, x) where

• q = 1,
• for i ∈ [1, n],

x(i) = m(f(i)).

• Boundedness, covering and reachability problems for Petri

nets can be reduced to the analogous problems for VASS. Petri nets and VASS are equivalent models for many decision problems.

26

From VASS to VAS (other direction is obvious)

A B C

+1 −1

(x1, A, B, C) (1, −1, 1, 0) (0, 1, −1, 0) (−1, 0, −1, 1) (0, 0, 1, −1) (A, 4) ≈ (4, 1, 0, 0) and (C, 2) ≈ (2, 0, 0, 1) Reduction is correct from VASS without self-loops

27

Reduction

• W.l.o.g., V has no transition of the form q
• b

− → q. Otherwise, replace q

• b

− → q by q

• −

→ qnew and qnew

• b

− → q.

• Boundedness, covering and reachability problems for

VASS are equivalent to the analogous problems for VASS without self-loops.

• The VAS T built from the VASS V = (Q, n, δ) has

dimension n + card(Q). Control states are encoded in the card(Q) last components.

• Control state qk is encoded by the unit tuple ek on the

card(Q) last components.

28

Reduction (II)

• Each transition q
• b

− → q′ ∈ δ provides t′ ∈ T :

• (t′)[1,n] =

b; for q′′ ∈ Q \ {q, q′}, t′(h(q′′)) = 0,

• t′(h(q)) = −1 and t′(h(q′)) = 1.

where h : Q → [n + 1, n + card(Q)] is an arbitrary bijection.

• Boundedness, covering and reachability problems for

VASS can be reduced to the analogous problems for VAS.

• Alternative reduction from VASS of dimension n to VAS of

dimension n + 3 (instead of n + card(Q)). [Hopcroft & Pansiot, TCS 79]

29

Conclusion

Petri nets, VASS and VAS are equivalent models for many decision problems.

30

Solving the covering problem for VAS

31

About the covering problem for VAS

• COVERING PROBLEM:

Input: a VAS T and two configurations x, x′ ∈ Nn, Question: is there some configuration x′′ reachable from

• x such that

x′ x′′?

• The control state reachability problem for VASS can be

reduced to the covering problem for VAS: require that one component has at least value 1. (reaching the control state A in VASS is equivalent to cover (0, 1, 0, 0) in corresponding VAS)

• The covering problem for VAS is EXPSPACE-complete:
• Decidability with nonprimitive recursive complexity.

[Karp & Miller, TCS 69]

• EXPSPACE lower bound from [Lipton, TR 76].
• EXPSPACE upper bound from [Rackoff, TCS 78].

32

Part I: Coverability Graph

33

Coverability graphs in a nutshell

• Finite graph whose set of nodes is a finite subset of

(N ∪ {∞})n that can be effectively computed.

• It approximates the set of reachable configurations.
• Simple properties on it allow to solve various problems:

boundedness, covering, termination, etc.

• . . . but in the worst-case, its size can be nonprimitive

recursive.

• First, we need to define relations and operations on

(N ∪ {∞})n.

34

A digression on a variant of Ackermann function

• A0(m) = 2m + 1, An+1(0) = 1.
• An+1(m + 1) = An(An+1(m)).
• A(n) = An(2).
• The function A(n) majorizes the primitive recursive

functions.

• The size of the coverability graph can be in O(A(n)).

(n: size of T and x0)

35

How to calculate with ∞?

• For k, k′ ∈ N ∪ {∞},

k ≤ k′

def

⇔ either k, k′ ∈ N and k ≤ k′ or k′ = ∞.

• k < k′ whenever k ≤ k′ and k = k′.
• (N ∪ {∞}, <) is isomorphic to the ordinal ω + 1.
• ≤ and < are extended component-wise to (N ∪ {∞})n.
• 2

3 1

• <
• 2

4 1

• → acc(
• 2

3 1

• ,
• 2

4 1

• )

def

=

• 2

∞ 1

• .
• For

x < x′, let us define acc( x, x′) ∈ (N ∪ {∞})n:

• acc(

x, x′)(i)

def

= x′(i) when x(i) = x′(i),

• acc(

x, x′)(i)

def

= ∞ when x(i) < x′(i). “The ith component can be as large as we wish.”

36

How to calculate with ∞? (II)

• Given

x ∈ (N ∪ {∞})n and t ∈ Zn, let us define

• x + t ∈ (Z ∪ {∞})n:
• (

x + t)(i)

def

= x(i) + t(i) if x(i) ∈ N,

• (

x + t)(i)

def

= ∞ otherwise.

(i ∈ [1, n])

• 2

∞ 1

• +
• −3

−6 2

• =
• −1

∞ 3

• .
• The construction of the coverability graph CG(T ,

x0) uses these operations on N ∪ {∞}.

37

Example

A B C (t1) +1

0 (t2)

(t3) −1

0 (t4)

0, 1, 0, 0 ≈ (A, 0) 1, 0, 1, 0 ≈ (B, 1) 0, 0, 0, 1 ∞, 1, 0, 0 0, 0, 1, 0 ∞, 0, 1, 0 ∞, 0, 0, 1 t1 t3 t2 t4 t1 t2 t2 t3 t4

38

Properties of CG(T , x0)

• Given T and

x0, coverability graph CG(T , x0) is a structure (V, E) with V ⊆ (N ∪ {∞})n and E ⊆ V × T × V. (a) CG(T , x0) is a finite structure with “root” x0. (b) Every configuration reachable from x0 can be covered in CG(T , x0), i.e.

• for

y reachable from x0, there is y′ in CG(T , x0) such that

• y

y′.

(c) For every y in CG(T , x0) and bound B ∈ N, there is a configuration y′ reachable from x0 s.t.

y(i) = ∞ implies y′(i) ≥ B,

y(i) = ∞ implies y′(i) = y(i).

(i ∈ [1, n])

39

A quick presentation of the construction

E := ∅; V := ∅; ToBeTreated := { x0}; while ToBeTreated = ∅ do

• Select an element

x from ToBeTreated;

• ToBeTreated := ToBeTreated \ {

x};

• for t ∈ T such that

x + t ∈ (N ∪ {∞})n do

x′ := x + t;

• if there is

y ∈ V s.t. y

∗

− → x in (V, E) and y < x′ then

• Let

y0 be the extended configuration the closest to x in (V, E) such that y0 < x′;

x′ := acc( y0, x′);

• if

x′ ∈ V then

• V := V ∪ {

x′};

• ToBeTreated := ToBeTreated ∪ {

x′};

• E := E ∪ {

x

t

− → x′};

40

Characterizations with coverability graph

• There is

x′′ reachable from x0 s.t. x′ x′′ iff there is y in CG(T , x0) s.t. x′ y.

• The set of configurations reachable from

x0 is infinite iff ∞ appears in CG(T , x0).

• Every run from

x0 terminates iff there is no cycle in CG(T , x0).

41

Covering

There is x′′ reachable from x0 s.t. x′ x′′ iff there is y in CG(T , x0) s.t. x′ y.

• Suppose that

x′′ reachable from x0 and x′ x′′.

• By (b), there is

y in CG(T , x0) s.t. x′′ y.

• Since is transitive on (N ∪ {∞})n,

x′ y.

• Suppose that there is

y in CG(T , x0) such that x′ y.

• B: maximal value occurring in

x′.

• By (c), there is

y′ reachable from x0 such that for i ∈ [1, n], if y(i) = ∞ then y′(i) ≥ B otherwise y′(i) = y(i).

• Hence,

x′ y′.

42

(Boundedness)

The set of configurations reachable from x0 is infinite iff ∞ appears in CG(T , x0).

• Suppose the set of configurations reachable from

x0 is infinite.

• Ad absurdum, assume that ∞ does not occur in CG(T ,

x0).

• By (b), there is

y in CG(T , x0) s.t. for an infinite amount of configurations x reachable from x0, we have x y.

• There are at most (1 + max(

y))n distinct configurations smaller than y ∈ Nn, contradiction.

• Suppose ∞ occurs in CG(T ,

x0).

• By (c) the set of configurations reachable from

x0 is infinite.

• For instance, consider bounds B greater and greater when

applying (c).

43

Part II: Exponential-space decision procedure

44

Small covering property

• VAS T with configurations

x, x′. Equivalence between

• there is a run from

x leading to y such that x′ y,

• there is a run from

x leading to y′ such that x′ y′ and its length is at most double-exponential in the size of the instance T , x and x′ (numbers in binary).

• A run of double-exponential length requires

double-exponential space to be fully encoded.

• In the worst-case, there is a triple-exponential amount of

such runs.

• Solution: guess nondeterministically the small run and

invoke Savitch’s theorem.

45

Example of small covering

A B C [t1]

„ 1 « „ « [t2]

[t3]

„ 1 −1 « „ « [t4]

How to cover (A, (1, K)) from (A, (0, 0))?

Long covering: (A, (0, 0))

(t1t2)2K t1

− − − − → (B, (0, 2K + 1))

t3t4t2

− − → (A, (1, 2K )) (A, (1, K)) Short covering: (A, (0, 0))

(t1t2)K t1

− − − − → (B, (0, K + 1))

t3t4t2

− − → (A, (1, K)) (A, (1, K))

(t1t2)K t1t3t4t2 subword of (t1t2)2K t1t3t4t2

46

How to be clever enough to guarantee a “short” covering?

47

Nondeterministic algorithm

• Algorithm for T ,

x, x′ and L:

1 i := 0;

xc := x (current configuration);

2 While

x′ xc and i < L do

1

Guess a transition t ∈ T ; (nondeterministic step !)

2

If xc + t ∈ Nn then abort;

3

i := i + 1; xc := xc + t.

3 If

x′ xc then accept else abort (i = L).

• If the maximal absolute value in T ,

x, x′ is 2N and L = 22N3 , then the maximal absolute value appearing in the algorithm is 2N + 2N × 22N3 (can be encoded with exponential space in N).

• Determinism can be regained with recursive calls to a

function F(T , x, x′, L) since the number of transitions is finite.

48

When small covering property implies EXPSPACE

Design a decision procedure that nondeterministically guesses the small run and only requires exponential space:

• A counter with an exponential amount of bits can count

until a double-exponential value.

• Only two configurations need to be store thanks to

nondeterminism.

• 22N3

× 2N is still of double-exponential magnitude.

• Comparing or adding two natural numbers requires

logarithmic space only.

• [Savitch, JCSS 70]: a nondeterministic procedure for a

given problem using space f(N) ≥ log(N) can be turned into a deterministic procedure using f(N) × f(N) space.

• Exponential functions are closed under multiplication.

49

Further readings

• The proof for EXPSPACE upper bound for boundedness is

a bit more complex [Rackoff, TCS 78].

• The proof for EXPSPACE-hardness of covering,

boundedness and reachability problems is nicely explained in [Esparza, 98] (based on [Lipton, TR 76]).

• The book [Reutenauer, 1990] presents the proof for

decidability of reachability problem.

• Nice hints about the proof can be found in [Haddad, 01].

50

Definitions about sizes

• For

x ∈ Zn,

• maxneg(

x)

def

= max({max(0, − x(i)) : i ∈ [1, n]}): maximal absolute negative value.

• For example, maxneg(
• −1

−2 −8 7

• ) = max(0, −(−8)) = 8.
• max(

x)

def

= max({ x(i) : i ∈ [1, n]}): maximal value.

• For instance, max(
• −1

−2 −8 7

• ) = 7.
• scale(T )

def

= max({|t(i)| : t ∈ T , i ∈ [1, n]}): maximal absolute value.

• For instance, scale(
• −1

−2 −8 7

• ) = | − 8| = 8.

51

Definitions about sizes (II) (or reasonably succinct encodings)

• 2 + ⌈log2(1 + K)⌉ is a sufficient number of bits to encode

integers in [−K, K] for K > 0.

• Size |T |

def

= n × card(T ) × (2 + ⌈log2(1 + scale(T ))⌉).

• Given N = |T | + |{

x}| + |{ x′}|, we have maxneg(T ), card(T ), max( x′) ≤ 2N.

52

Paths and pseudo-runs

• Path π: finite sequence of transitions (below in blue).

B B @ 1 1 C C A

B B B @

−1 1 1

1 C C C A

− − − − − − → B B @ 1 1 1 C C A

B B B @

1 −1

1 C C C A

− − − − − − → B B @ 1 1 1 C C A

B B B @

−1 1 1

1 C C C A

− − − − − − → B B @ 1 2 1 C C A

B B B @

1 −1

1 C C C A

− − − − − − → B B @ 1 2 1 C C A

• π′ is a subpath of π = t1 . . . tk

def

⇔ there are 1 ≤ j1 < j2 · · · < jk′ ≤ k s.t. π′ = tj1 . . . tjk′.

• Pseudo-configuration

x ∈ Zn.

• Given π = t1 . . . tk and

x ∈ Zn, pseudo-run (π, x) = x0 · · · xk s.t. x0 = x and for i ∈ [1, k], xi = xi−1 + ti.

• The length of (π,

x) [resp. π] is k + 1 [resp. k].

• A pseudo-run

x0 · · · xk is a covering of x′ when x′ xk.

53

Defining length of shortest coverings

• Assume that (π,

x) is a run covering x′, m(T , x, x′, π)

def

= the length of the shortest subpath π′ of π s.t. (π′, x) is a run covering x′.

• MB(n) (B, n ≥ 1): be the supremum of the set below
• m(T ,

y, y′, π) : (π, y) is a run covering y′ T is a VAS of dimension n and maxneg(T ) + max( y′) ≤ B

• We shall establish these inequalities for n, B ≥ 1:

MB(n) ≤

• B

if n = 1,

• B · MB(n − 1)

n + MB(n − 1) if n ≥ 2.

54

Towards the rough bound 22N3

• For n ≥ 1 and B ≥ 2, MB(n) ≤ B3n! (MB(1) ≤ B):

MB(n) ≤

• B·MB(n−1)

n+MB(n−1) ≤

• B·MB(n−1)

n+1 ≤ . . . . . . ≤

• B1+(3(n−1))!n+1 ≤ B(3n)!
• Existence of a covering of

x′ from x in T is equivalent to the existence of a covering of length at most α = (maxneg(T ) + max( x′) + 2)(3n)!

• With N = |T | + |{

x}| + |{ x′}|, α ≤ (2N + 2N + 2)2N log2(N) ≤ (2N+2)2N2 ≤ 22N3 .

• The covering problem for VAS, VASS and Petri nets can be

solved in exponential space.

55

Back to inequalities (main proof)

• We show for n, B ≥ 1:

MB(n) ≤

• B

if n = 1,

• B · MB(n − 1)

n + MB(n − 1) if n ≥ 2.

• Base case n = 1.
• T of dim. 1,

x, x′ ∈ N and maxneg(T ) + max( x′) ≤ B.

x′ x implies empty path produces a run covering x′.

• Otherwise, no need to use negative values from T and

m(T , x, x′, π) is bounded by max( x′).

• MB(1) ≤ B since max(

x′) ≤ B.

56

Induction step

• Suppose the property holds true for n − 1 ≥ 1.
• It is sufficient to show:

m(T , x, x′, π) ≤

• B · MB(n − 1)

n + MB(n − 1) whenever maxneg(T ) + max( x′) ≤ B and T of dimension n.

• After MB(n − 1) steps, a component greater than

MB(n − 1)maxneg(T ) + max( x′), has value at least max( x′).

• B′ = MB(n − 1)maxneg(T ) + max(

x′) ≤ BMB(n − 1).

• Pseudo-run

x0 · · · xk is r-bounded (r > 0)

def

⇔ for i ∈ [0, k], we have xi ∈ [0, r − 1]n.

57

Two cases are distinguished

• (π,

x): run covering x′ for the VAS T .

• π = t1 · · · tk and (π,

x) = x0 · · · xk.

• We distinguish the case when (π,

x) is B′-bounded or not.

• If (π,

x) is B′-bounded, then subpaths between identical configurations can be removed (pigeonhole principle).

• Otherwise, the path is divided in two:
• the first part is B′-bounded and can be shortened,
• shortening the second part can be done by using induction

hypothesis. 58

Case 1: (π, x) is B′-bounded

• If

xi = xj with 0 ≤ i < j ≤ k then

• (π′,

x) is also a run covering of x′,

• π′ = t1 · · · titj+1 · · · tk,
• π′ is a strict subpath of π.
• This situation occurs as soon as k ≥ (B′)n.
• This transformation can be repeated until k < (B′)n.

(pigeonhole principle)

• Conclusion: there is a subpath π′ s.t. (π′,

x) is also a run covering x′ of length bounded by (B′)n ≤ (BMB(n − 1))n.

59

Case 2: (π, x) is not B′-bounded

• Unique decomposition π = π1π2 s.t.
• π1 and π2 of respective length k1 and k2,
• all values in

x0 · · · xk1−1 are < B′.

• (π1,

x) is not B′-bounded (“faulty” last configuration).

• There is π′

1, subpath of π1, such that

• π′

1 is a subpath of π1,

• its length is bounded by (BMB(n − 1))n + 1,

(again pigeonhole principle!)

• (π1,

x) and (π′

1,

x) have the same final configuration y.

• (π′

1π2,

x) and (π2, y) are both runs covering x′.

60

Case 2: (π, x) is not B′-bounded (III)

• Let i ∈ [1, n] s.t.

y(i) ≥ B′.

• T −, π−

2 ,

y−, x′−: restrictions of T , π2, y, x′ to the components in [1, n] \ {i}. (dimension is reduced by 1)

• (π−

2 ,

y−) is a run covering x′− in T −.

• maxneg(T −) + max(

x′−) ≤ B.

• By induction hypothesis, there is π′

2, subpath of π− 2 s.t.

• (π′

2,

y−) is a run covering x′−,

• its length is bounded by MB(n − 1).
• π′′

2: path obtained from π′ 2 by adding the ith missing

component.

61

Case 2: (π, x) is not B′-bounded (II)

• (π′′

2,

y) is a pseudo-run with final pseudo-configuration z such that for j ∈ ([1, n] \ {i}), z(j) ≥ x′(j).

• Since

y(i) ≥ B′ and after MB(n − 1) steps, the ith component is greater or equal to max( x′).

• Conclusion: (π′′

2,

y) is a run covering x′.

• Length of π′

1π′′ 2 is at most (B × MB(n − 1))n + MB(n − 1).

• π′

1π′′ 2 is a subpath of π.

62

Conclusion

• Today’s lecture:
• Relationships between VAS, VASS, Petri nets (and FO2
• ver data words).
• (Coverability graphs for VASS).
• Covering problem for VAS in EXPSPACE by induction on the

dimension (Rackoff’s proof).

• Control state reachability for VASS in EXPSPACE.
• Tomorrow’s lecture:
• Definitions on reversal-bounded counter automata.
• Proof for semilinearity.
• Variants.
• Repeated reachability and related logical problems.

63