Part II: Symbolic reachability for prefix rewriting Case study: - - PowerPoint PPT Presentation

Part II: Symbolic reachability for prefix rewriting

Case study: Drawing skylines

static Random r = new Random(); static void m() { if (r.nextBoolean()) { s(); right(); if (r.nextBoolean()) m();

}

else { up(); m(); down(); }

}

static void s() { if (r.nextBoolean()) return; up(); m(); down();

}

public static void main() { s(); }

1

Model

static void s() { var st:stack of {s0, . . . , s5, . . .} s0: if (r.nextBoolean()) s0 → s1 s0 → s2 s1: return; s1 → ǫ s2: up(); s2 → up0 s3 s3: m(); s3 → m0 s4 s4: down(); s4 → down0 s5 s5: s5 → ǫ

}

2

Symbolic reachability in prefix rewriting

Recall: program state ( g, ℓ, n, (ℓ1, n1) . . . (ℓk, nk) ) modelled as a word g ℓ, n ℓ1, n1 . . . ℓk, nk. Denote by G the alphabet of valuations of globals. Denote by L the alphabet of pairs ℓ, n. The set of possible programs states is given by G L∗

3

A subset of GL∗ words is regular if it can be recognized by a finite automaton. Typically, the sets I and D of initial and dangerous program states are regular

• sets. (Even very simple ones, like g l L∗.)

Challenge: show that if S ⊆ GL∗ is (effectively) regular, then so are pre∗(S) and post∗(S). This gives a procedure to check if I ∩ pre∗(D) = ∅ or post∗(I) ∩ D = ∅.

4

Symbolic search

Forward symbolic search Initialize S := I Iterate S := S ∪ post(S) until fixpoint. Backward search: replace I by D, replace post by pre. Questions:

• Are S ∪ post(S) and S ∪ pre(S) regular for regular S ?
• Does the search terminate ?

We answer these questions for backward search, the forward case is similar.

5

If S regular, then S ∪ pre(S) regular

We represent a regular set S ⊆ G L∗ by an NFA.

• G as set of initial states, L as alphabet.
• gw recognized if g

w

− − → q for some final state q. Example: G = {g0, g1} and L = {l0, l1} Automaton coding the set g0 l∗

1 l0 + l1 l1 :

g0 g1 l0 l0 l1 l1

6

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1

7

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1

8

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1

9

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0

10

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0

11

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1

12

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1

13

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1

14

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1

15

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1 l0 l1

16

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ l0 l0 l1 l0 l1 l0 l1

17

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1

18

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1

19

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0

20

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0

21

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1

22

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1

23

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 l1

24

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 l1

25

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l0 l0 l0 l0 l0 l1 l1 l1 l1

26

R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l0 l0 l0 l0 l0 l1 l1 l1 l1

27

Termination fails

G = {g0, g1}, L = {l0, l1} R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 } S0 = D = g0 l0 l∗

1 l0 + g1 l1

S1 = S0 ∪ pre(S0) = g0 (l0 + l2

0) l∗ 1 l0 +

g1 l1 (ǫ + l0) l∗

1 (ǫ + l0)

· · · Si = Si−1 ∪ pre(Si−1) = g0 (l0 + . . . + li+1 ) l∗

1 l0 +

g1 l1 (ǫ + l0 + . . . + li

0) l∗ 1(ǫ + l0)

· · ·

28

Termination fails

G = {g0, g1}, L = {l0, l1} R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 } S0 = D = g0 l0 l∗

1 l0 + g1 l1

S1 = S0 ∪ pre(S0) = g0 (l0 + l2

0) l∗ 1 l0 +

g1 l1 (ǫ + l0) l∗

1 (ǫ + l0)

· · · Si = Si−1 ∪ pre(Si−1) = g0 (l0 + . . . + li+1 ) l∗

1 l0 +

g1 l1 (ǫ + l0 + . . . + li

0) l∗ 1(ǫ + l0)

· · ·

29

Termination fails

G = {g0, g1}, L = {l0, l1} R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 } S0 = D = g0 l0 l∗

1 l0 + g1 l1

S1 = S0 ∪ pre(S0) = g0 (l0 + l2

0) l∗ 1 l0 +

g1 l1 (ǫ + l0) l∗

1 (ǫ + l0)

· · · Si = Si−1 ∪ pre(Si−1) = g0 (l0 + . . . + li+1 ) l∗

1 l0 +

g1 l1 (ǫ + l0 + . . . + li

0) l∗ 1(ǫ + l0)

· · ·

30

Termination fails

G = {g0, g1}, L = {l0, l1} R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 } S0 = D = g0 l0 l∗

1 l0 + g1 l1

S1 = S0 ∪ pre(S0) = g0 (l0 + l2

0) l∗ 1 l0 +

g1 l1 (ǫ + l0) l∗

1 (ǫ + l0)

· · · Si = Si−1 ∪ pre(Si−1) = g0 (l0 + . . . + li+1 ) l∗

1 l0 +

g1 l1 (ǫ + l0 + . . . + li

0) l∗ 1(ǫ + l0)

· · ·

31

However, the fixpoint pre∗(D) = g0 l+

0 l∗ 1 l0 +

g1 l1 l∗

0 l∗ 1 (ǫ + l0)

is regular.

How can we compute it?

32

Accelerations

By definition, pre(D) =

i≥0 Si

where S0 = D and Si+1 = Si ∪ pre(Si) for every i ≥ 0 If convergence fails, try to compute an acceleration : a sequence T0 ⊆ T1 ⊆ T2 . . . such that (a) ∀i ≥ 0: Si ⊆ Ti (b) ∀i ≥ 0: Ti ⊆

j≥0 Sj = pre(D)

Property (a) ensures capture of (at least) the whole set pre(D) Property (b) ensures that only elements of pre(D) are captured The acceleration guarantees termination if (c) ∃i ≥ 0: Ti+1 = Ti

33

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

true/y := 0 y = 1 / id x < 1 / id x < 1 / id y < 1 / y := 0 x > 1 / id +? true/x, y := x+?, y+? true/x, y := x+?, y+? true/x, y := x+?, y+? true/y := 0 y = 1 / id x < 1 / id x < 1 / id y < 1 / y := 0 true/x, y := x+?, y+? true/x, y := x+?, y+? true/x, y := x+?, y+? true/x, y :=

34

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1 g0 g1 l0 l0 l1 l1

35

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 g0 g1 l0 l0 l1 l1

36

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 g0 g1 l0 l0 l1 l1

37

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 g0 g1 l0 l0 l1 l1

38

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 g0 g1 l0 l0 l1 l1 l0

39

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 g0 g1 l0 l0 l1 l1 l0

40

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0

41

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

42

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

43

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

44

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′ g′

1

l0 l0 l1 l1 l0 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

45

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

46

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

47

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 g0 g1 l0 l0 l1 l1 l0 l1

48

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 g0 g1 l0 l0 l1 l1 l0 l1

49

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

50

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 g0 g1 l0 l0 l1 l1 l0 l1

51

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 l1 g0 g1 l0 l0 l1 l1 l0 l1

52

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 l1 g0 g1 l0 l0 l1 l1 l0 l1 l1

53

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 g′′ g′′

1

g′ l0 l0 l1 l0 l1 l0 l1 l0 l1 l1 g0 g1 l0 l0 l1 l1 l0 l1 l1

54

An acceleration for prefix rewriting

Idea: reuse the same states R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1 l0 l1 l1

55

But does it work . . . ?

All predecessors are computed, and termination guaranteed But: we might be adding non-predecessors R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

true/y := 0 y = 1 / id x < 1 / id x < 1 / id y < 1 / y := 0 x > 1 / id true/x, y := x+?, y+? true/x, y := x+?, y+? true/x, y := x+?, y+? true/x, y := x+?, y+?

Fortunately: correct if initial states have no incoming arcs.

56

But does it work . . . ?

All predecessors are computed, and termination guaranteed But: we might be adding non-predecessors R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1

Fortunately: correct if initial states have no incoming arcs.

57

But does it work . . . ?

All predecessors are computed, and termination guaranteed But: we might be adding non-predecessors R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1

Fortunately: correct if initial states have no incoming arcs.

58

But does it work . . . ?

All predecessors are computed, and termination guaranteed But: we might be adding non-predecessors R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1 l0

Fortunately: correct if initial states have no incoming arcs.

59

But does it work . . . ?

All predecessors are computed, and termination guaranteed But: we might be adding non-predecessors R = { g0 l0 → g0 , g1 l1 → g0 , g1 l1 → g1 l1 l0 }

g0 g1 l0 l0 l1 l1 l0

Fortunately: correct if initial states have no incoming arcs.

60

Forward search and complexity

Symbolic forward search with regular sets can be accelerated in a similar way Recall input: Alphabet Σ = G ∪ L, set R of rules, NFA A = (Q, L, →0, G, F) recognizing subset of G L∗. Complexity of backward search: O(|Q|2 · |R|) time, O(|Q| · |R| + | →0 |) space. Complexity of forward search: O(|G| · |R| · (|Q \ G| + |R|) + |G| · | →0 |) time and space.

61

Reachable configurations of the plotter program

q q, m0 q, s0 q, u0 q, d0 q, r0 up0 down0 right0

• m0. . .m7
• s0. . .s5

, main1 main0 s5 m4 m0,m1 main0 s4 s1 s1 m1 r5

62

Repeated reachability for prefix rewriting

Let I = g0 l0 and D = g L∗. D can be repeatedly reached from I iff g0 l0 − →∗ g′ l w and g′ l − →∗ g v − →∗ g′ l u for some g′, l, w, v, u. Repeated reachability can be reduced to computing several pre∗.

63