Automata over infjnite alphabets: Automata over infjnite alphabets: Investigations in Fresh-Register Automata Investigations in Fresh-Register Automata Nikos Tzevelekos, Queen Mary University of London Andrzej Murawski, University of Warwick Radu Grigore & Steven Ramsay, University of Oxford Logical Foundations of Data Science, UCL, Nov 2015 Supported by a Royal Academy of Engineering Research Fellowship
infjnite alphabets & program behaviour public void foo() { // Create new list List x = new ArrayList(); x.add(1); x.add(2); Iterator i = x.iterator(); Iterator j = x.iterator(); i.next(); i.remove(); j.next(); }
infjnite alphabets & program behaviour public void foo() { Programs with usage of // Create new list resources/names can go List x = new ArrayList(); beyond fjnite alphabets (cf. modelling/analysis of programs) x.add(1); x.add(2); Iterator i = x.iterator(); – but in a parametric way Iterator j = x.iterator(); i.next(); i.remove(); j.next(); }
What this talk is about This talk is about an automata model over infjnite alphabets akin to fjnite-state automata: fjnite-state + registers + freshness oracles We give an overview of their expressiveness & talk about ● emptiness, closures ● bisimilarity ● extensions (pushdown, classes/histories)
Automata for infjnite alphabets Let Σ = { a 1 , a 2 , …, a n , …} be an infjnite alphabet of names can only be compared for equality
Automata for infjnite alphabets Let Σ = { a 1 , a 2 , …, a n , …} be an infjnite alphabet of names ● examine languages over Σ * can only be compared for equality ● or, languages over ( F Ç Σ ) * a fjnite set ● or, languages over ( F × Σ ) * of constants – usually called data words (XML) ● look for notions of regularity, CFGs, etc. ● devise efgective algorithms for reachability, membership, etc.
many (fjnitely many) automata models History-Dependent Automata ● π-calculus models, “named sets”, symmetries, bisimulation [Montanari & Pistore '98, Pistore '99; Montanari & Pistore '00, Ferrari, Montanari & Pistore '02] Register Automata (aka FMA) ● FSAs with registers, regularity, data words & XML, extensions [Kaminski & Francez '94, Neven, Schwentick & Vianu '04] [Sakamoto & Ikeda '00, Demri & Lazić '09; Libkin, Tan & Vrgoc '15; Jurdzinski & Lazić '11, Figueira '12] [Cheng & Kaminski '98, Segoufjn '06] [Bojańczyk, Muscholl, Schwentick, Segoufjn & David '06 , Bjorklund & Schwentick '10] Nominal Automata ● Finite fjnite orbit, used on nominal sets & other group actions → [Bojańczyk, Klin & Lasota '11, '14]
[Kaminski & Francez '94] Register Automata (RA) Let Σ = { a 1 , a 2 , …, a n , …} be an infjnite alphabet of names λ q q' Label λ of the form: ● reg ( i ), i {1,..., R } ● dif ( i ), i {1,..., R } fjnitely many (say R ) registers registers store names
reg ( i ) q q' Transitions: reg (2) q q' a g b
reg ( i ) q q' Transitions: g reg (2) q q' a g b a g b
dif ( i ) q q' Transitions: dif (2) q q' a g b
dif ( i ) q q' Transitions: c dif (2) q q' a g b a c b difgerent from current registers
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 a a
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 b a b
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 c a b c
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 a a b c a
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 d a b c a d
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 e a b c a d e
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 b a b c a d e b
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 b a b c a d e b a g c a b
Example ...a n Σ* | n 0, i n. a i L 1 = { a 1 a 2 ≠ a i+ 1 } (all strings where each name is distinct from its predecessor) dif (1) q 0 e a b c a d e b a g c a b a n d w e l o v e c a k e
Quiz dif (1), reg( 1) dif (1), reg( 1) dif (1), reg( 1), reg (2) dif (2) reg (2)
Quiz dif (1), reg( 1) dif (1), reg( 1) dif (1), reg( 1), reg (2) dif (2) reg (2) ...a n Σ* | n 0, i ≠ j. a i a j } L 2 = { a 1 a 2 (all strings where some name appears twice) ...a n Σ* | n 0, i ≠ j. a i L fr = { a 1 a 2 ≠ a j } (all strings of pairwise distinct names) – what about the complement of L fr ? And that of L fr L fr ?
RA properties ● Capture regularity when Σ restricted to fjnite ● Closed under Ç , È , · , * . ● not closed under complement & not determinisable [Kaminski & Francez '94] ● Universality / equivalence undecidable [Neven, Schwentick & Vianu '04] ● Decidable emptiness: ● complexity depends on register “mode” (NL → NP → PSPACE) [Sakamoto & Ikeda '00; Demri & Lazić '09] ● Can only truly distinguish between R+ 1 names
Example revisited here is a safety property φ : public void foo() { // Create new list if an iterator modifjes its collection x then other iterators of x become invalid List x = new ArrayList(); e.g. the code on the left is bad. x.add(1); x.add(2); We can express such “chaining” Iterator i = x.iterator(); properties using RAs Iterator j = x.iterator(); ● and dynamically verify them i.next(); i.remove(); j.next(); } [Grigore, Distefano, Petersen & T. '13]
Example revisited here is a safety property φ : public void foo() { // Create new list if an iterator modifjes its collection x then other iterators of x become invalid List x = new ArrayList(); e.g. the code on the left is bad. x.add(1); x.add(2); We can express such “chaining” Iterator i = x.iterator(); properties using RAs Iterator j = x.iterator(); ● and dynamically verify them i.next(); i.remove(); j.next(); } [Grigore, Distefano, Petersen & T. '13] but we cannot capture new !
[T. '11] Fresh-Register Automata (FRA) Let Σ = { a 1 , a 2 , …, a n , …} be an infjnite alphabet of names λ q q' Label λ of the form: ● reg ( i ), i {1,..., R } ● dif ( i ), i {1,..., R } fjnitely many (say R ) registers ● fresh ( i ), i {1,..., R } registers store names global freshness oracle
fresh ( i ) q q' Transitions: b 1 , …, b k fresh (2) q q' a g b
fresh ( i ) q q' Transitions: c b 1 , …, b k fresh (2) q q' a g b a c b globally fresh
Examples ...a n Σ* | n 0, i ≠ j. a i L fr = { a 1 a 2 ≠ a j } (all strings of pairwise distinct names) fresh (1) q 0 fresh (1) dif (1) q 0 q 1 ...a 2 n Σ* | n 0, i 2 n. a i L 3 = { a 1 a 2 ≠ a i+ 1 i n, j 2 i. a j ≠ a 2 i }
FRA properties ● Not closed under complement & not determinisable ● Closed under Ç , È , but not under · , * ● Universality / equivalence undecidable (from RAs) ● Decidable emptiness (same as RAs): ● complexity depends on register “mode” (NL NP PSPACE) → → ● Bisimilarity: decidable [T.11], complexity open
FRAs for program equivalence The modelling power of FRAs can be used to model resourceful programs via game semantics Program → game model → FRA efgectively: two programs their FRAs are language are equivalent equivalent / bisimilar what we get: ● decision procedures for ML fragments [Murawski & T. '11, '12] ● same for Interface Middleweight Java [Murawski, Ramsay & T. '15] http://bitbucket.org/sjr/coneqct/wiki/Home
More applications and variants History-Dependent Automata ● freshness via “black holes” (histories) ● verifjcation of LTL + allocation [Pistore '99, Distefano, Rensink & Katoen '02, '04] Session automata and learning ● freshness, but no difg fg ● canonical forms, decide equivalence [Bollig, Habermehl, Leucker & Monmege '14] Kleene algebras for languages with binders ● NKA: KA with ν-binder match with automata → [Gabbay & Ciancia '11; Kozen, Mamouras, Petrisan & Silva '15]
Recommend
More recommend
